This project provides a comprehensive set of structured "skills" designed to transform the Claude AI assistant into a highly capable external reconnaissance operator for authorized red-teaming and bug-bounty engagements. It equips users with over 90 specialized modules, extensive regex patterns, and detailed methodologies, enabling efficient and in-scope intelligence gathering. The primary benefit is leveraging advanced AI capabilities for complex OSINT tasks, mimicking a senior analyst's expertise.

How It Works

The project consists of two core Claude skills: osint-methodology and offensive-osint. The methodology skill focuses on strategic thinking, guiding users through asset graphing, severity assessment, time budgeting, and deliverable templates. The offensive skill acts as a tactical arsenal, providing specific probes, regexes, payloads, and tool URLs for reconnaissance. These skills are designed as drop-in .md files that integrate seamlessly with the Claude Skills System, allowing Claude to automatically trigger relevant capabilities based on user prompts. This approach ensures Claude operates with expert-level knowledge of techniques, tooling, and escalation paths while adhering to defined engagement scopes.

Quick Start & Requirements

• Primary install: Clone the repository and copy the skills/ directory contents to ~/.claude/skills/.
• Prerequisites: Requires the Claude Skills System. The secret_scan.py script uses only Python standard libraries.
• Documentation: Links to docs/architecture.md, docs/coverage.md, docs/installation.md, docs/usage.md, and examples/ are available within the repository.

Highlighted Details

• Over 90 reconnaissance capabilities across 12 domains, including subdomain enumeration, identity mapping (Entra, M365, Okta), web application attack surface analysis, cloud/container enumeration, and secret hunting.
• Features a catalog of 48 secret-regex patterns (29 base, 19 modern) and over 80 dorks across 9 categories.
• Includes 9 read-only credential validators and 27 attack-path templates.
• Boasts ~5,500 lines of structured tradecraft and achieved a 96.9% pass rate on a 32-prompt self-evaluation.
• Provides detailed methodologies for reporting, including findings rubrics, severity matrices, and bug-bounty submission templates.

Maintenance & Community

The project is authored by ElementalSoul and was built upon the original framework SnailSploit/offensive-checklist. It draws inspiration from Bellingcat and IntelTechniques. Specific community links (Discord, Slack) or detailed contributor information beyond the author are not explicitly provided in the README.

Licensing & Compatibility

The project is released under the MIT license, allowing for free use and distribution, with attribution appreciated. It is designed to be platform-agnostic, integrating with existing ASM or asset-graph platforms, or used standalone.

Limitations & Caveats

These skills are strictly intended for use against assets where explicit authorization has been granted (e.g., red-team rules of engagement, bug-bounty scope, ASM contracts). The project explicitly excludes active exploitation, post-exploitation, and malware development, focusing solely on OSINT-driven reconnaissance. A soft scope-check mechanism is included for third-party targets.