This project provides an open-source suite of Claude Code skills and agents designed for AI-powered penetration testing, bug bounty hunting, and security research. It aims to automate complex security workflows, offering comprehensive coverage of OWASP Top 10 and LLM Top 10 vulnerabilities, and generating professional reports, benefiting security engineers and researchers seeking efficient, AI-assisted security assessments.

How It Works

The suite employs a unique "skills-only" architecture, where all canonical skill and tool definitions reside at the repository root. Project environments, such as projects/pentest, utilize symlinks to selectively include these definitions, ensuring a single source of truth and isolated, self-contained working directories. Core functionality is driven by a multi-agent system, orchestrated by a coordinator skill that dynamically spawns executor and validator agents based on role definitions, enabling structured execution, evidence gathering, and blind validation of findings.

Quick Start & Requirements

• Primary Install: Clone the repository and navigate to a project directory (e.g., projects/pentest). Launch Claude Code from within the project folder using claude.
• Prerequisites:
  • Claude Code CLI
  • Node.js and npm (for Playwright: npm install -g @playwright/mcp && npx playwright install chromium)
  • Python 3 (for utility scripts like env-reader.py)
  • Optional: Kali Linux tools (nmap, gobuster, ffuf, sqlmap, etc.) for network testing.
• Recommended Setup: A Docker script (scripts/kali-claude-setup.sh) provides a pre-configured Kali Linux container with Claude Code, Playwright, and security tools.
• Links: Quick Start, Skills, Architecture, Website

Highlighted Details

• Achieved 100% (104/104) on a CTF benchmark suite using skills-only files, improving from an 89.4% baseline through iterative skill development.
• Comprehensive coverage includes 26 skills targeting OWASP Top 10 (2021), OWASP LLM Top 10 (2025), and mapped MITRE ATT&CK TTPs.
• Integrates Playwright for browser automation and offers professional reporting with CVSS 3.1, CWE, MITRE ATT&CK, and Transilience-branded PDF outputs.
• Includes over 160 reference files with inline PayloadsAllTheThings techniques and an NVD/CVE enrichment tool for risk scoring.

Maintenance & Community

Developed by Transilience AI, the project encourages community contributions via GitHub Discussions for questions and ideas, and GitHub Issues for bug reports and feature requests. Links to the website, LinkedIn, and email are provided for further engagement.

Licensing & Compatibility

The project is released under the permissive MIT License, allowing for commercial and personal use without significant restrictions.

Limitations & Caveats

These tools are strictly intended for authorized security testing on systems with explicit permission. Unauthorized use is prohibited and illegal. Users are solely responsible for ensuring compliance with all applicable laws and regulations. Setup requires specific tooling like Claude Code CLI and Playwright, with Docker recommended for ease of environment management.