Offensive security skills library for AI-assisted penetration testing and security assessment
npx claudepluginhub narlyseorg/superhackersSecurity skills library for AI-assisted pentesting, security assessment, and secure code review
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations
Curated collection of 129 specialized Claude Code subagents organized into 10 focused categories
Superhackers is a complete offensive security workflow for your coding agents, originally forked from obra/superpowers and fully rewritten for penetration testing, security assessment, and secure code review by narlyseorg. Built on a set of composable "skills" and initial instructions that make sure your agent uses them.
It starts from the moment you fire up your coding agent. As soon as it sees that you're starting a security engagement, it doesn't just jump into trying to run exploits. Instead, it steps back and performs systematic reconnaissance to understand the target surface.
Once it's mapped out the target, it shows you the enumeration results in chunks short enough to actually read and digest. It looks for low-hanging fruit while planning deeper assessment.
After you've signed off on the assessment plan, your agent puts together an implementation plan for specific security tests. It emphasizes evidence-based verification, responsible disclosure, and systematic methodology. It avoids "spray and pray" tactics in favor of targeted, impact-driven testing.
Next up, once you say "go", it launches a subagent-driven-testing process, having agents work through each security task—from recon to vulnerability verification and exploit development—inspecting and reviewing their findings, and continuing forward. It's not uncommon for Claude to be able to work autonomously for a couple hours at a time through a complex pentest without deviating from the scope you defined.
There's a bunch more to it, but that's the core of the system. And because the skills trigger automatically, you don't need to do anything special. Your coding agent just has superhackers.
flowchart LR
A["security-assessment<br/><i>Planning</i>"] --> B["recon-and-enumeration<br/><i>Discover</i>"] --> C["target-specific pentesting<br/><i>webapp · api · infra · android</i>"]
style A fill:#1a1a2e,stroke:#e94560,color:#fff
style B fill:#1a1a2e,stroke:#0f3460,color:#fff
style C fill:#1a1a2e,stroke:#533483,color:#fff
flowchart RL
D["vulnerability-verification<br/><i>Confirm</i>"] --> E["exploit-development<br/><i>Prove Impact</i>"] --> F["writing-security-reports<br/><i>Document</i>"]
style D fill:#1a1a2e,stroke:#e94560,color:#fff
style E fill:#1a1a2e,stroke:#950740,color:#fff
style F fill:#1a1a2e,stroke:#0f3460,color:#fff
Skills reference these tools (must be installed separately):
| Category | Tools |
|---|---|
| Scanning | rustscan, nmap, nuclei, nikto, httpx |
| Fuzzing | ffuf, sqlmap |
| Interception | BurpSuite, mitmproxy |
| Exploitation | Metasploit (msfconsole, msfvenom) |
| Mobile | Frida, adb, apktool, jadx |
| Network | bettercap, smuggler |
| Cracking | john, hashcat |
See TOOLCHAIN.md for the complete tool registry, fallback chains, and platform compatibility matrix.
Two steps to be fully operational:
Configure your AI assistant to use superhackers. See platform-specific guides:
| Platform | Method |
|---|---|
| Claude Code | /plugin marketplace add narlyseorg/superhackers then /plugin install superhackers |
| Cursor | /plugin-add https://github.com/narlyseorg/superhackers |
| Codex | .codex/INSTALL.md |
| OpenCode | .opencode/INSTALL.md |
For AI Agents: If you are an AI coding agent installing superhackers, use the appropriate method for your platform:
/plugin marketplace add narlyseorg/superhackers then /plugin install superhackers/plugin-add https://github.com/narlyseorg/superhackershttps://raw.githubusercontent.com/narlyseorg/superhackers/main/.codex/INSTALL.mdhttps://raw.githubusercontent.com/narlyseorg/superhackers/main/.opencode/INSTALL.mdSkills need security tools (nmap, nuclei, sqlmap, etc.) to execute.
Run the automated setup script or follow the manual installation instructions for your platform:
Automated Setup:
| Platform | Script | Command |
|---|---|---|
| macOS/Linux (Bash) | setup.sh | bash setup.sh |
| Windows (PowerShell) | setup.ps1 | powershell -ExecutionPolicy Bypass -File setup.ps1 |
Manual Installation: See SETUP.md for detailed platform-specific instructions.
The AI will automatically detect which tools are available and provide appropriate alternatives.