explaingit

mmlqm/claudesec

Analysis updated 2026-05-18

40ShellAudience · developerComplexity · 4/5LicenseSetup · moderate

TLDR

An AI assisted framework that runs standard security scanning tools, filters out false positives, and generates reports for authorized penetration testing.

Mindmap

mindmap
  root((ClaudeSec))
    What it does
      AI guided recon
      Vulnerability scanning
      False positive filtering
      Report generation
    Tech stack
      Shell scripts
      Claude AI
      Nuclei and SQLMap
    Use cases
      Authorized penetration testing
      Bug bounty recon
      Attack chain analysis
    Audience
      Security researchers
      Red teams
      Bug bounty hunters

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run an authorized reconnaissance chain against a target you have permission to test.

USE CASE 2

Scan for common vulnerabilities like SQL injection and cross site scripting with AI assisted triage.

USE CASE 3

Reduce false positives by letting the AI filter and prioritize scanner output.

USE CASE 4

Generate an executive and technical report from a completed security assessment.

What is it built with?

ShellClaude AINucleiSQLMapDocker

How does it compare?

mmlqm/claudesecinfersports/infersports-skilljurisupport/jurisupport-plugins
Stars404041
LanguageShellShellShell
Setup difficultymoderateeasymoderate
Complexity4/52/53/5
Audiencedeveloperdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Linux, WSL2, or Docker and relies on external security tools like nmap-style scanners being installed via the setup script, intended only for authorized testing.

MIT license: free to use, modify, and distribute, including for commercial purposes, as long as the copyright notice is kept.

In plain English

ClaudeSec is a shell based security testing framework built for professional red teams, bug bounty hunters, and security researchers doing authorized penetration testing. It uses Claude to read the raw output of well known security scanning tools, decide what matters, and turn scattered findings into a clear report, rather than replacing the tools themselves. The framework follows a defined process. It starts with a reconnaissance stage that runs a chain of established tools in sequence, first finding subdomains, then checking which ones are live, fingerprinting what software they run, discovering hidden directories, and pulling apart their JavaScript for clues. From there, a vulnerability assessment stage runs targeted scanning tools such as SQLMap for database injection, XSStrike for cross site scripting, jwt_tool for token weaknesses, and nuclei for known vulnerability patterns. Findings then go through a manual verification stage, where the AI's suggestions guide a human to confirm real issues rather than acting alone. A key part of the design is reducing false positives and noise. The AI stage groups and prioritizes findings using a modified version of the standard CVSS 3.1 severity scoring system, filters out results it judges unlikely to be real, and looks for ways that several small, low severity issues might combine into one serious attack path. The end result is a report meant for two audiences: an executive summary for stakeholders and a detailed technical version for other security practitioners. The project says it follows recognized industry methodologies including PTES, the OWASP Testing Guide, and NIST's security testing guidance. It runs on Linux, Windows Subsystem for Linux, and Docker, is installed by cloning the repository and running an install script, and is released under the MIT license. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Help me install ClaudeSec on Linux or WSL using the provided install script.
Prompt 2
Explain how ClaudeSec's reconnaissance phase chains subfinder, httpx, and ffuf together.
Prompt 3
Walk me through running an authorized scan against my own test target with ClaudeSec.
Prompt 4
Explain how ClaudeSec scores findings using its modified CVSS 3.1 approach.
Prompt 5
Help me understand what a generated ClaudeSec report includes for stakeholders.

Frequently asked questions

What is claudesec?

An AI assisted framework that runs standard security scanning tools, filters out false positives, and generates reports for authorized penetration testing.

What language is claudesec written in?

Mainly Shell. The stack also includes Shell, Claude AI, Nuclei.

What license does claudesec use?

MIT license: free to use, modify, and distribute, including for commercial purposes, as long as the copyright notice is kept.

How hard is claudesec to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is claudesec for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.