Auto-discovered marketplace from sabania/pentest-cli
npx claudepluginhub sabania/pentest-cliProfessional security testing framework for deployed web apps. 10+ skills, 8 AI agents covering OWASP WSTG, PTES, and modern attack vectors. Passive + active testing with consent flow.
Complete command reference for pentest-cli. Gives AI agents the knowledge to use all 40+ CLI commands with correct syntax, flags, and JSON output.
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Production-ready workflow orchestration with 80 focused plugins, 185 specialized agents, and 153 skills - optimized for granular installation and minimal token usage
Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations
Share bugs, ideas, or general feedback.
Professional security testing CLI for deployed web applications. No Python required - download a single binary and run.
40+ commands covering OWASP WSTG, PTES, and modern attack vectors. Integrates with Kali Linux tools (nmap, sqlmap, hydra, nikto, nuclei).
Linux/macOS:
curl -fsSL https://raw.githubusercontent.com/sabania/pentest-cli/main/install.sh | bash
Windows (PowerShell):
irm https://raw.githubusercontent.com/sabania/pentest-cli/main/install.ps1 | iex
Or download directly from Releases.
Linux/macOS:
rm ~/.local/bin/pentest
Windows (PowerShell):
Remove-Item "$env:USERPROFILE\.local\bin\pentest.exe"
This repo also ships a Claude Code plugin with 12 skills and 8 AI agents that use the CLI as their backend. The plugin turns Claude Code into a full security testing platform.
Install the plugin:
/plugin marketplace add sabania/pentest-cli
Then run:
/setup # Install CLI + verify environment
/pentest-full https://your-app.com # Complete security audit
See the full plugin documentation: Plugin README
| Skill | Type | Description |
|---|---|---|
/setup | Utility | Install pentest-cli and verify environment |
/cli-reference | Utility | Show all 40+ CLI commands |
/pentest-recon <url> | Passive | Subdomains, DNS, ports, OSINT, tech stack |
/pentest-scan <url> | Passive | Headers, SSL/TLS, CORS, WAF |
/pentest-discover <url> | Passive | JS bundles, APIs, secrets, BaaS backends |
/pentest-auth <url> | Passive | JWT, OAuth, session management |
/pentest-cloud <url> | Passive | S3/Azure/GCS misconfig, email security |
/business-logic <url> | Passive | IDOR, privilege escalation, payment bypass |
/pentest-inject <url> | Active | SQLi, XSS, SSTI, SSRF, XXE, LFI |
/pentest-advanced <url> | Active | Request smuggling, race conditions, cache poisoning |
/pentest-full <url> | Full | All scans combined + PDF report |
/pentest-report | Utility | Generate PDF report from findings |
8 specialized AI agents work as your security testing team:
| Agent | Model | Role |
|---|---|---|
recon-agent | sonnet | Attack surface mapping |
scanner-agent | sonnet | Configuration & hardening |
discovery-agent | sonnet | Secrets, APIs, BaaS probing |
injection-agent | sonnet | Injection vulnerability testing |
auth-agent | sonnet | Authentication & session security |
advanced-agent | opus | Request smuggling, race conditions |
logic-agent | opus | Business logic & authorization flaws |
report-agent | haiku | Report generation |
# Passive scans (safe, no payloads sent)
pentest scan headers https://example.com
pentest scan ssl example.com
pentest scan cors https://example.com
pentest recon subdomains example.com
pentest discover bundle https://example.com
pentest cloud email example.com
# Active scans (sends payloads - requires --active flag)
pentest --active --yes inject sqli https://example.com
pentest --active --yes discover fuzz https://example.com
# Full pentest
pentest full https://example.com
# JSON output (for CI/CD or Claude Code agents)
pentest --json scan headers https://example.com
# Generate PDF report
pentest report ./findings/
pentest recon)| Command | Description |
|---|---|
recon subdomains | Subdomain enumeration (crt.sh, dnsrecon, DNS brute) |
recon ports | Port scanning (nmap integration) |
recon dns | DNS records, zone transfer, SPF/DMARC, DNSSEC |
recon whois | WHOIS lookup |
recon crawl | Web crawling & URL discovery |
recon osint | Google dorks, Wayback Machine, email harvesting |
pentest scan)| Command | Description |
|---|---|
scan headers | HTTP security headers (CSP, HSTS, X-Frame-Options, SRI) |
scan ssl | SSL/TLS protocols, ciphers, certificate analysis |
scan cors | CORS misconfiguration (origin reflection, null, wildcards) |
scan nikto | Nikto web server scanner |
scan nuclei | Nuclei vulnerability scanner (9000+ templates) |
pentest discover)| Command | Description |
|---|---|
discover bundle | JS bundle reverse engineering (source maps, API keys, secrets) |
discover api | API endpoint discovery, GraphQL, error disclosure |
discover graphql | GraphQL introspection & attack testing |
discover fuzz | Content discovery / directory fuzzing |
discover tech | Deep technology fingerprinting (whatweb) |