Stats
Actions
Available In
Tags
Plugin
threatswarm
Run professional penetration tests and red-team operations with 27 specialist agents covering AD, cloud, web, API, mobile, wireless, and IoT attacks, plus engagement commands for recon, exploitation, post-exploitation, threat hunting, incident response, and report generation with evidence logging and scope enforcement.
What's Inside
Slash Commands6
Attack
/attack
Route an attack vector to the appropriate specialist agent — usage: /project:attack <target> <vector>
Engage
/engage
Start a new engagement for a target — verifies scope, creates evidence directories, and launches recon agent
Hunt
/hunt
Run an ATT&CK-based threat hunt with a specific hypothesis
Ir
/ir
Incident response workflow — triage, evidence collection, timeline, and IOC extraction
Pwned
/pwned
Post-exploitation workflow after getting shell access — privesc, credential harvest, lateral movement
Agents26
active-directory
/active-directory
Active Directory and Windows domain attack specialist. Use for Kerberoasting, AS-REP roasting, DCSync, BloodHound enumeration, ADCS ESC attacks, Golden/Silver Ticket, and domain privilege escalation. Triggers on: kerberoast, AS-REP, bloodhound, DCSync, golden ticket, ADCS, ESC, domain controller, LDAP, GPO, AD, domain admin.
api-attacker
/api-attacker
API security testing specialist for REST, GraphQL, gRPC, and WebSocket APIs. Handles BOLA/IDOR, mass assignment, authentication bypass, rate limit evasion, JWT attacks, GraphQL introspection abuse, API enumeration, and OWASP API Top 10. Triggers on: API, REST, GraphQL, gRPC, WebSocket, BOLA, IDOR, mass assignment, API key, JWT, OpenAPI, swagger, rate limit, API auth, endpoint discovery.
blue-team
/blue-team
Defensive security and hardening specialist. Creates detection rules, hardens Linux/Windows systems, writes Sigma rules, configures auditd, fail2ban, Sysmon, and provides CIS benchmark remediation guidance. Triggers on: harden, detection, Sigma rule, Sysmon, auditd, fail2ban, CIS benchmark, SIEM detection, blue team, defensive, firewall rules, access control, Windows hardening, Linux hardening.
c2-operator
/c2-operator
Command and control infrastructure specialist for authorized red team operations. Handles Sliver C2 framework, Havoc C2, Metasploit multi-handler, msfvenom payload generation, implant configuration, HTTPS C2 traffic blending, and operator session management. Triggers on: C2, command and control, Sliver, Havoc, msfvenom, implant, beacon, Meterpreter, payload generation, listener, handler, staged payload.
cloud-attacker
/cloud-attacker
Cloud penetration testing specialist for AWS, Azure, and GCP. Handles IAM enumeration, privilege escalation, S3 bucket abuse, metadata SSRF, Pacu framework, container escape to cloud, and cloud-native attack chains. Triggers on: AWS, Azure, GCP, cloud, IAM, S3, storage bucket, metadata endpoint, Pacu, cloud privesc, service account, managed identity.
Skills5
mitre-attack
/mitre-attack
MITRE ATT&CK framework reference — tactics, techniques, and tool-to-TTP mappings for pentest documentation and detection rule writing
report-templates
/report-templates
CVSS 3.1 vector examples, executive summary template, full technical finding template, and remediation language bank for pentest reports
wordlists
/wordlists
SecLists path map, hashcat rules, CeWL usage, and custom wordlist generation for all attack categories
ad-attacks
/ad-attacks
Active Directory attack reference — BloodHound Cypher queries, Kerberos attack decision tree, ACE/ACL abuse, ADCS ESC1-8, and AD misconfig checklist
exploit-db
/exploit-db
Exploit-DB and searchsploit reference — EDB→Metasploit module mappings, PoC reliability rubric, CVSS tier quick reference, and searchsploit usage patterns
Stats
Version1.0.0
Released
LanguagePython
Stars32
Forks3
Copy clicks1
MaintenanceGood
LicenseMIT
Last Commit
Added
Available In
Safety Signals
Caution
Executes bash commands
Hook triggers when Bash tool is used
Uses power tools
Uses Bash, Write, or Edit tools
