explaingit

0xghostcat/claude-ai-cyber-security-skills

17ShellAudience · developerComplexity · 3/5Setup · easy

TLDR

30 plug-in skills for Claude Code that walk security researchers through every phase of a bug bounty engagement, from recon and vulnerability testing to writing final reports.

Mindmap

mindmap
  root((claude-ai-cyber-security-skills))
    What it does
      30 Claude Code skills
      Bug bounty automation
      Formatted report output
    Recon Phase
      Subdomain discovery
      Tech fingerprinting
      Endpoint extraction
    Vulnerability Classes
      IDOR and auth bypass
      XSS SQL injection SSRF
      JWT OAuth race conditions
    Setup
      Shell script install
      Docker image
      PowerShell for Windows
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Automate subdomain discovery and live host identification during a bug bounty recon phase.

USE CASE 2

Test a target for 15 vulnerability classes, including SSRF, XSS, and SQL injection, using structured playbooks.

USE CASE 3

Generate properly formatted bug reports ready to submit to HackerOne or Bugcrowd.

USE CASE 4

Analyze Android apps and cloud storage buckets for security misconfigurations.

Tech stack

ShellPowerShellDockerNucleiSemgrep

Getting it running

Difficulty · easy Time to first run · 30min

Requires Claude Code already installed, run the provided shell script on Linux/WSL or PowerShell on Windows, or use the Docker image that bundles the security tools.

License terms are not mentioned in the repository description.

In plain English

Claude CyberSecurity Skills is a collection of 30 plug-in routines for Claude Code, the AI coding assistant from Anthropic, designed to help security researchers who hunt for vulnerabilities through bug bounty platforms like HackerOne and Bugcrowd. Rather than a list of tools or a methodology document, it wires those tools into Claude so that describing a task in plain English kicks off a structured sequence of steps. The 30 skills cover five phases of a typical bug bounty engagement. The pre-hunt phase includes skills for choosing which program to target, parsing its scope rules, and building a threat model. The recon phase handles subdomain discovery, finding live hosts, identifying what technology a target runs, pulling endpoints from JavaScript files, and fuzzing for hidden directories. A large middle section covers 15 specific vulnerability classes: IDOR (unauthorized access to other users' data), authentication bypass, account takeover chains, cross-site scripting, SQL injection, SSRF (making a server fetch internal resources), template injection, file upload bypasses, GraphQL weaknesses, JWT token attacks, OAuth flaws, race conditions, subdomain takeover, cache poisoning, and HTTP request smuggling. Three additional skills target newer areas: AI application security, Android app analysis, and cloud storage misconfigurations. The final two skills produce formatted bug reports for HackerOne and Bugcrowd. In practice, you install the skills into Claude Code's configuration directory, and Claude picks up the right skill based on the phrases you use when describing a task. For example, saying "test SSRF" triggers the SSRF skill, which knows which tools to use and what validation checks to run before recommending you file a report. The repository also includes shared payload lists for common attack types, custom rule sets for two scanning tools (Nuclei and Semgrep), multi-step playbooks for sequences like finding SSRF and escalating it to remote code execution, and report templates for three bug bounty platforms. Installation is available via a shell script for Linux or WSL, a PowerShell script for Windows, or a Docker image that comes with the security tools pre-installed.

Copy-paste prompts

Prompt 1
I'm doing a bug bounty on example.com. Use the SSRF skill to guide me through testing for server-side request forgery, list the tools to run and what a valid finding looks like.
Prompt 2
Help me pick a HackerOne program, parse its scope rules, and build a threat model before I start testing.
Prompt 3
I found a file upload endpoint on my target. Walk me through the file upload bypass skill to check for common weaknesses.
Prompt 4
Run the subdomain takeover skill against example.com and tell me how to validate any findings before reporting.
Prompt 5
Generate a formatted HackerOne bug report for an IDOR vulnerability I found where I can access other users' order data by changing the order ID.
Open on GitHub → Explain another repo

← 0xghostcat on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.