Analysis updated 2026-05-18
Run an authorized reconnaissance chain against a target you have permission to test.
Scan for common vulnerabilities like SQL injection and cross site scripting with AI assisted triage.
Reduce false positives by letting the AI filter and prioritize scanner output.
Generate an executive and technical report from a completed security assessment.
| mmlqm/claudesec | infersports/infersports-skill | jurisupport/jurisupport-plugins | |
|---|---|---|---|
| Stars | 40 | 40 | 41 |
| Language | Shell | Shell | Shell |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 4/5 | 2/5 | 3/5 |
| Audience | developer | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires Linux, WSL2, or Docker and relies on external security tools like nmap-style scanners being installed via the setup script, intended only for authorized testing.
ClaudeSec is a shell based security testing framework built for professional red teams, bug bounty hunters, and security researchers doing authorized penetration testing. It uses Claude to read the raw output of well known security scanning tools, decide what matters, and turn scattered findings into a clear report, rather than replacing the tools themselves. The framework follows a defined process. It starts with a reconnaissance stage that runs a chain of established tools in sequence, first finding subdomains, then checking which ones are live, fingerprinting what software they run, discovering hidden directories, and pulling apart their JavaScript for clues. From there, a vulnerability assessment stage runs targeted scanning tools such as SQLMap for database injection, XSStrike for cross site scripting, jwt_tool for token weaknesses, and nuclei for known vulnerability patterns. Findings then go through a manual verification stage, where the AI's suggestions guide a human to confirm real issues rather than acting alone. A key part of the design is reducing false positives and noise. The AI stage groups and prioritizes findings using a modified version of the standard CVSS 3.1 severity scoring system, filters out results it judges unlikely to be real, and looks for ways that several small, low severity issues might combine into one serious attack path. The end result is a report meant for two audiences: an executive summary for stakeholders and a detailed technical version for other security practitioners. The project says it follows recognized industry methodologies including PTES, the OWASP Testing Guide, and NIST's security testing guidance. It runs on Linux, Windows Subsystem for Linux, and Docker, is installed by cloning the repository and running an install script, and is released under the MIT license. The full README is longer than what was shown.
An AI assisted framework that runs standard security scanning tools, filters out false positives, and generates reports for authorized penetration testing.
Mainly Shell. The stack also includes Shell, Claude AI, Nuclei.
MIT license: free to use, modify, and distribute, including for commercial purposes, as long as the copyright notice is kept.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.