Analysis updated 2026-05-18
Back up penetration testing reports with real-world vulnerability case data.
Reference historical payment or authentication exploit statistics during a security review.
Use the Lite install for quick access to top case summaries and methodology.
| nathan-gage/wooyun-legacy-english | 0verflowme/alarm-clock | 0xhassaan/nn-from-scratch | |
|---|---|---|---|
| Stars | 0 | — | 0 |
| Language | — | CSS | Python |
| Last pushed | — | 2022-10-03 | — |
| Maintenance | — | Dormant | — |
| Setup difficulty | easy | easy | moderate |
| Complexity | 2/5 | 2/5 | 4/5 |
| Audience | developer | vibe coder | developer |
Figures from each repo's GitHub metadata at analysis time.
Licensed CC BY-NC-SA 4.0, non-commercial use only.
WooYun Legacy is a Claude Code plugin that enriches AI-generated security testing reports with real-world vulnerability case data, rather than only offering generic advice. It is built on 22,132 business logic vulnerability cases collected by the WooYun platform between 2010 and 2016, covering payment systems, authorization, authentication, and general business logic flaws found in real applications. When you ask Claude to help with security testing, the plugin activates and transforms generic advice into data-backed recommendations citing actual incidents and severity statistics from that historical dataset. For example, instead of a general warning about payment bypass, Claude might reference that WooYun recorded 1,056 such cases with 68.7% rated high severity, and describe a real-world exploit similar to the one being discussed. The plugin explicitly does not teach new testing techniques on its own. Instead, it adds supporting data to make Claude's existing security testing capabilities more persuasive and concrete when reporting findings to stakeholders. There are two installation modes to choose from. A Lite install, around 432 KB, includes methodology files, technical manuals, and condensed case indexes covering the top 15 cases per category plus overall statistics. A Full install, around 71 MB, adds all 22,132 cases in full, along with industry pentest examples for telecom and banking, plus evaluation benchmarks. For most users the Lite install is described as covering all the core capabilities. The plugin activates automatically whenever Claude detects security-related intent in a conversation, whether that is an explicit request for penetration testing or a more implicit one, such as asking to test an endpoint or check a feature for issues. This repository is an English translation of the original WooYun Legacy project, prepared with the help of GPT-5.5. It is licensed under CC BY-NC-SA 4.0, and is intended for authorized security testing, code review, and internal risk assessment only, not for unauthorized use against systems you do not own or have permission to test.
A Claude Code plugin that backs AI security testing advice with 22,000+ real vulnerability cases from WooYun.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.