By sec-js
50 specialist subagents for authorized penetration testing and red team engagements — recon, web/API, Active Directory, cloud, mobile, wireless, exploitation, post-exploitation, detection, forensics, and reporting.
> This file is not a standalone agent. It contains the shared scope enforcement
Delegates to this agent when the user wants to perform Active Directory attacks, run BloodHound analysis, use Impacket tools, execute Kerberos attacks, perform AD enumeration with CrackMapExec or NetExec, test AD delegation abuse, or conduct lateral movement through Active Directory environments during authorized penetration testing.
Delegates to this agent when the user wants to map the AI attack surface of an authorized web application before validation — discovering AI/LLM API endpoints (including OpenAI-compatible APIs), enumerating A2A agent cards, fingerprinting the deployed model, identifying MCP exposure, and characterizing RAG and tool-use capability. Recon only; hands off to llm-redteam, api-security, and web-hunter for exploitation.
Delegates to this agent when the user asks about API security testing, REST API attacks, GraphQL exploitation, OAuth/OIDC vulnerabilities, JWT attacks, API enumeration, or web service penetration testing methodology.
Delegates to this agent when the user wants to correlate findings from multiple tools or agents, build multi-step attack chains, identify the optimal exploitation path through a network, prioritize attack vectors across an engagement, or plan lateral movement strategies for authorized penetration testing.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
50 Claude Code subagents for penetration testing.
Quick Start | Cheatsheet | Coverage | Agents | Examples
pentest-ai-agents is a collection of 50 Claude Code subagents that turn Claude into an offensive security research assistant. Each agent carries deep domain knowledge in a specific area: recon, web, Active Directory, cloud, mobile, wireless, social engineering, payload crafting, reverse engineering, exploit chaining, detection engineering, forensics, and more.
Install the agent files. Open Claude Code. Describe your task. Claude routes to the right specialist automatically.
No servers, no Python deps, no setup beyond copying files.
/plugin marketplace add 0xSteph/pentest-ai-agents then /plugin install pentest-ai-agents@pentest-ai-agents. The install.sh curl path still works unchanged.ai-recon (AI attack-surface mapping), code-auditor, crypto-analyzer, password-auditor, database-attacker, network-attacker, traffic-analyzer, compliance-mapper, risk-scorer, plus the post-exploitation set — evasion-specialist, persistence-planner, data-exfiltrator, scada-attacker, iot-pentester, lateral-movement. Every offensive agent pairs its techniques with the detection they exercise.cicd-redteam is Bash-capable but was missing the mandatory scope-enforcement block — now fixed (the new CI check would have caught it).curl | bash no longer crashes under set -u, the one-liner clone URL is corrected, slash commands now install alongside the agents, and --uninstall removes everything cleanly.c2-operator (Sliver/Mythic/Havoc/Cobalt Strike profile tuning, beacon hygiene, redirector design), container-breakout (Docker/K8s escape, runc/cri-o CVEs, kubelet exploitation, RBAC abuse), opsec-anonymizer (operator-side identity hygiene, source IP design, burner infrastructure, fingerprint hygiene), llm-redteam (OWASP LLM Top 10 testing, prompt injection, RAG poisoning, MCP server abuse, agent tool abuse)._scope-guard.md covers DoS, mass scanning, unattended worms, false-flag operations, safety-of-life systems.vulns.tool_used column for filtering findings by the tool that produced them; new indexes on cve and tool_used. Existing engagements migrate forward via db/migrate.sh.flowchart LR
classDef plan fill:#1a2a4a,stroke:#5a7ab8,color:#eaf0ff
classDef recon fill:#1a3a2a,stroke:#5ab87a,color:#eaffea
classDef exploit fill:#3a1a1a,stroke:#b85a5a,color:#ffeaea
classDef post fill:#3a2a1a,stroke:#b8895a,color:#fff0ea
classDef defense fill:#1a3a3a,stroke:#5ab8b8,color:#eaffff
classDef report fill:#2a1a3a,stroke:#895ab8,color:#f0eaff
EP[engagement-planner]:::plan
OA[opsec-anonymizer]:::plan
TM[threat-modeler]:::plan
OS[osint-collector]:::recon
RA[recon-advisor]:::recon
VS[vuln-scanner]:::recon
npx claudepluginhub sec-js/pentest-ai-agentsComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
753 cybersecurity skills covering web security, pentesting, DFIR, threat intelligence, cloud security, malware analysis, and more.
18 AI personas deliberate your hardest decisions — structured multi-round deliberation (blind analysis, anonymized cross-examination, weighted verdict) with genuine model diversity across providers.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Comprehensive PR review agents specializing in comments, tests, error handling, type design, code quality, and code simplification
Comprehensive feature development workflow with specialized agents for codebase exploration, architecture design, and quality review
Harness-native ECC plugin for engineering teams - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems