Conduct structured offensive-security engagements directly from Claude Code — execute 37 kill-chain skills (recon, escalation, C2, evasion, exploitation) with automated scope enforcement, OPSEC discipline, evidence validation, and cross-engagement pattern-learning memory.
Execute Phase 7 - Actions on Objectives and Goal Achievement
Execute Phase 6 - Command and Control Infrastructure Setup
Crash → root cause → reachability → empirical exploitability verdict (native bugs)
Find the canonical fix commit(s) for a CVE across sources, then diff for root cause
Execute Phase 3 - Delivery and Payload Deployment
AI/ML research agent — model architecture analysis, training optimization, mechanistic interpretability, safety alignment, inference optimization
Vulnerability research agent — identifies CVEs, finds exploit PoCs, maps attack chains, and develops custom exploitation strategies
Blind adversarial checker — given ONLY a finding artifact and its evidence (never the author's reasoning), tries to refute it and emits a structured rebuttal that drives the bounded generator↔checker rebuttal loop. Distinct from finding-validator.
Adversarial exploitability judge — issues a PASS / KILL / DOWNGRADE / CHAIN-REQUIRED verdict on each finding, distinct from the artifact-completeness check. Tries to REFUTE every finding before accepting it.
Deep network analysis agent — packet inspection, protocol dissection, traffic anomaly detection, IDS/IPS rule creation, firewall auditing
Use when attacking a Windows Active Directory domain — Kerberos roasting/delegation, coercion + NTLM/Kerberos relay (CVE-2025-33073), ADCS ESC1-16 (EKUwu), ticket forgery & DCSync, dMSA BadSuccessor (CVE-2025-53779), BloodHound attack-path enumeration, domain dominance
---
Use when red-teaming an agentic AI / LLM application — indirect & zero-click prompt injection, MCP tool poisoning, persistent memory poisoning, excessive-agency tool abuse, multi-turn jailbreaks, PyRIT/Garak/Promptfoo harnesses
Use when attacking an AI/ML system or model — prompt injection & jailbreaks (Crescendo, Skeleton Key, Best-of-N), RAG/vector poisoning, agentic/MCP exploitation (CVE-2025-54136), ML supply-chain RCE (pickle CVE-2025-32434), model extraction / membership inference / adversarial suffixes (GCG)
Use when building a client-side browser exploit — V8/JSC JIT type confusion to renderer R/W, V8 heap-sandbox escape, renderer-to-browser sandbox escape (Mojo IPC, GPU/Dawn/ANGLE), Electron/webview IPC abuse, 1-click RCE chains
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
A spec-driven offensive security framework for Claude Code — structured engagement workflows based on the Cyber Kill Chain, 31 kill-chain skills (multi-file progressive-disclosure) plus a discipline layer (a SessionStart dispatcher + 6 process/discipline skills), 8 collaborative agents, and a shared 47-file vulnerability reference library. Inspired by GitHub's spec-kit, obra/superpowers, and gadievron/raptor (crash→exploitability + OSS-repo forensics).
# Method 0: Install as a Claude Code plugin (recommended — auto-loads the skill dispatcher)
/plugin marketplace add hypnguyen1209/offensive-claude
/plugin install offensive-claude@offensive-claude-marketplace
Installing as a plugin registers a SessionStart hook that injects the
using-offensive-claude dispatcher into every conversation, so the skill-invocation discipline
(scope → finding → OPSEC) is active from the first message.
# Method 1: One-liner install (recommended)
curl -sL https://raw.githubusercontent.com/hypnguyen1209/offensive-claude/main/install.sh | bash
# Method 2: Clone + install script
git clone https://github.com/hypnguyen1209/offensive-claude.git ~/offensive-claude
cd ~/offensive-claude && bash install.sh
# Method 3: Manual copy
git clone https://github.com/hypnguyen1209/offensive-claude.git ~/offensive-claude
cp -r ~/offensive-claude/skills ~/.claude/skills
cp -r ~/offensive-claude/agents ~/.claude/agents
cp -r ~/offensive-claude/templates ~/.claude/templates
cp -r ~/offensive-claude/workflows ~/.claude/workflows
cp -r ~/offensive-claude/commands ~/.claude/commands
cp -r ~/offensive-claude/presets ~/.claude/presets
cp ~/offensive-claude/CLAUDE.md ~/.claude/CLAUDE.md
Skills and agents activate automatically — no additional configuration needed.
Engagements follow the Cyber Kill Chain as a structured 9-phase pipeline with quality gates:
Phase 0 Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7 Phase 8
SCOPE → RECON → WEAPONIZE → DELIVERY → EXPLOIT → INSTALLATION → C2 → ACTIONS ON → REPORT
OBJECTIVES
/engage.init web-app --client ACME
/engage.scope # Define targets, ROE, authorization
/engage.recon # Subdomain enum, port scan, tech fingerprint
/engage.weaponize # Select exploits, design payloads
/engage.exploit # Execute exploits, document findings
/engage.report # Generate technical report + executive summary
| Command | Phase | Action |
|---|---|---|
/engage.init <preset> | — | Initialize engagement with workflow preset |
/engage.scope | 0 | Define targets, ROE, authorization |
/engage.recon | 1 | Passive/active reconnaissance |
/engage.weaponize | 2 | Payload development, exploit design |
/engage.deliver | 3 | Delivery vector execution |
/engage.exploit | 4 | Exploitation, finding documentation |
/engage.install | 5 | Persistence establishment |
/engage.c2 | 6 | C2 infrastructure setup |
/engage.actions | 7 | Objectives execution, lateral movement |
/engage.report | 8 | Report generation |
/engage.status | — | Show pipeline status and progress |
/engage.gate | — | Validate current phase gate |
/engage.crash | 4 | Crash → root cause (rr) → reachability (gcov/trace) → empirical exploitability verdict |
/engage.cvediff | 2,4 | Find a CVE's canonical fix commit(s) across sources, then scope-gated diff for root cause |
/engage.scorecard | — | Calibrate model verdict trust (Wilson-bounded miss-rate) to short-circuit re-validation |
/engage.threatmodel | 1 | Materialize / lint / drift-check the engagement threat model |
/engage.memory | — | Recall prior patterns / record confirmed findings (cross-engagement learning) |
/engage.pickup | — | Resume an engagement from the engine trace (skip completed steps) |
| Preset | Phases | Use Case |
|---|---|---|
web-app | 0,1,2,3,4,8 | OWASP-focused web application assessment |
network | 0,1,2,4,5,6,7,8 | Internal network penetration test |
red-team | ALL (0-8) | Full adversary simulation |
cloud | 0,1,4,8 | AWS/Azure/GCP security audit |
mobile | 0,1,2,4,8 | Android/iOS application pentest |
ad-domain | 0,1,2,4,5,7,8 | Active Directory domain assessment |
bug-bounty | 0,1,4,8 | Bug bounty vulnerability hunting |
npx claudepluginhub hypnguyen1209/offensive-claude --plugin offensive-claudeClaude Code skills and agents for authorized security testing, bug bounty hunting, and pentesting workflows
Full penetration testing framework - 100+ attack categories covering OWASP, injection, authentication, cloud, and more
50 specialist subagents for authorized penetration testing and red team engagements — recon, web/API, Active Directory, cloud, mobile, wireless, exploitation, post-exploitation, detection, forensics, and reporting.
71-skill bug-hunting & external red-team bundle for Claude Code — 48 hunt-* web/vuln-class + framework skills, enterprise platform attack chains (M365/Entra, Okta, SharePoint, vCenter, SSL-VPN, APK), recon/OSINT, reporting & validation gates, and Burp MCP integration. Skills auto-load by topic; 15 slash commands included.
Complete offensive security operator workspace: 27 specialist agents, 6 engagement commands, 5 reference skill libraries, scope-gated hooks, and evidence logging for professional penetration testing and red-team operations.
872 on-demand security skills for CTF, pentest, bug bounty, DFIR, detection engineering, cloud, identity, and red/blue team work. Skills are plain Markdown and activate by task without permanently consuming context. Bundles vendored skills under mixed licenses (MIT, Apache-2.0, CC-BY-SA-4.0) — see per-source attribution in .claude/skills/SKILLS.md.