{"name":"s3cr1z-dreadnode-capabilities","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"s3cr1z-ai-red-teaming-capabilities-ai-red-teaming","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Probe the security and safety of AI applications, agents, and foundation models. Orchestrates adversarial attack workflows to discover vulnerabilities in LLMs, agentic systems, MCP servers, multi-agent architectures, RAG pipelines, IDE/code agents, and custom AI endpoints before they are exploited. Covers jailbreaking, prompt injection, data exfiltration, tool manipulation, reasoning attacks, guardrail bypass, and more — mapped to OWASP LLM Top 10, OWASP ASI01-ASI10, MITRE ATLAS, and NIST AI RMF compliance frameworks. 61 attack algorithms, 547 transforms, 141 scorers, 260 bundled harm goals across 25 sub-categories in safety, security, and agentic tiers.","version":"1.2.0","strict":true,"keywords":["ai-red-teaming","airt","llm-security","adversarial","safety","owasp","owasp-asi","mitre-atlas","compliance","jailbreak","prompt-injection","mcp-security","multi-agent","agentic"],"category":"productivity"},{"name":"s3cr1z-bloodhound-capabilities-bloodhound","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"BloodHound CE integration for Active Directory attack path analysis. Graph-based queries against Neo4j for domain enumeration, tier zero identification, Kerberos attack surfaces, delegation abuse, PKI/ADCS vulnerabilities, and Azure/Entra attack paths.","version":"1.0.0","strict":true,"keywords":["bloodhound","active-directory","attack-paths","graph-analysis"],"category":"utilities"},{"name":"s3cr1z-bloodhound-enterprise-capabilities-bloodhound-enterprise","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"BloodHound Enterprise integration via the v2 REST API. HMAC-signed requests (long-lived integration) or JWT bearer (interactive); full coverage of attack-path findings, asset groups + tier-zero curation, AD/Azure/OpenGraph entity walks, raw + saved Cypher, data ingestion (SharpHound/AzureHound uploads), posture trending, and audit logs. Complementary to the existing bloodhound capability — that one talks Bolt to a local CE Neo4j; this one talks REST to a hosted BHE deployment.","version":"0.1.0","strict":true,"keywords":["bloodhound","bloodhound-enterprise","active-directory","attack-paths","tier-zero","identity-graph","posture","specterops"],"category":"deployment"},{"name":"s3cr1z-dotnet-reversing-capabilities-dotnet-reversing","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":".NET reverse engineering for decompiling and analyzing assemblies (.dll, .exe). Provides binary scanning, namespace exploration, type decompilation, reference search, and call flow tracing via ILSpy.","version":"1.0.0","strict":true,"keywords":["dotnet","reversing","decompilation","ilspy"],"category":"deployment"},{"name":"s3cr1z-ghostwriter-readonly-capabilities-ghostwriter-readonly","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Read-only GhostWriter integration. Query clients, projects, findings, objectives, targets, scope, deconflictions, evidence, observations, reports, infrastructure (servers and domains), activity logs, white cards, and notes without modifying any GhostWriter state.","version":"1.0.0","strict":true,"keywords":["ghostwriter","reporting","read-only","findings","pentest"],"category":"testing"},{"name":"s3cr1z-ios-forensics-capabilities-ios-forensics","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"iOS forensics and mercenary-spyware triage via MVT (Mobile Verification Toolkit). Provides curated modules over iTunes/Finder backups and full-filesystem extractions for device posture, communications, location/activity, configuration profiles, and spyware detection (Pegasus, Predator, QuaDream, RCS) driven by STIX IoCs, plus an escape hatch for the full MVT module catalog and raw SQLite/plist/Manifest.db helpers. Includes playbooks for image triage, spyware hunts, communications analysis, activity reconstruction, and configuration/persistence review.","version":"0.1.0","strict":true,"keywords":["forensics","dfir","ios","mobile-forensics","mvt","spyware","pegasus","predator","incident-response"],"category":"development"},{"name":"s3cr1z-memory-forensics-capabilities-memory-forensics","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Memory forensics and DFIR triage via Volatility3. Curated tools for process enumeration, network artifacts, code injection, credential extraction, registry analysis, and YARA over memory images, plus playbooks for triage, injection / credential / persistence hunts, and YARA-based IoC sweeping.","version":"0.1.0","strict":true,"keywords":["forensics","dfir","memory-forensics","volatility","incident-response","malware-analysis"],"category":"productivity"},{"name":"s3cr1z-mythic-c2-capabilities-mythic-c2","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Mythic C2 integration. Read-only observation (callbacks, tasks, credentials, files, artifacts, keylogs, screenshots, processes, tokens, BloodHound discovery, operation summaries) plus optional Apollo post-exploitation (execution, token manipulation, registry, lateral movement, SharpHound). An annotator worker watches completed tasks and writes AI findings onto Mythic's own surfaces — task comments, severity/category tags, and the operation event log.","version":"2.1.0","strict":true,"keywords":["c2","mythic","post-exploitation","implant","read-only","reporting"],"category":"utilities"},{"name":"s3cr1z-mythic-c2-readonly-capabilities-mythic-c2-readonly","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Read-only Mythic C2 integration. Query callbacks, task history (command input/output), credentials, downloaded files, artifacts, keylogs, screenshots, processes, file browser data, and tokens without executing any commands or modifying Mythic state.","version":"1.0.0","strict":true,"keywords":["c2","mythic","read-only","reporting"],"category":"data"},{"name":"s3cr1z-network-ops-capabilities-network-ops","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Network operations and Active Directory exploitation. Autonomous red teaming with Nmap scanning, Netexec enumeration, Impacket Kerberos attacks, Certipy AD CS abuse, BloodyAD privilege escalation, Krbrelayx relay attacks, and password cracking.","version":"1.0.1","strict":true,"keywords":["network-ops","red-team","active-directory","penetration-testing"],"category":"testing"},{"name":"s3cr1z-secure-software-capabilities-secure-software","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Package supply-chain analysis via ReversingLabs Spectra Assure (secure.software). Search the Community catalogue by purl or hash, import community packages into your Portal for analysis, export reports (CycloneDX, SPDX, SARIF, rl-json, rl-cve), download the underlying artifacts, and enrich with OSV vulnerability lookups, OpenSSF Scorecard health, archive extraction, strings/entropy, and YARA scanning. Chain secure.software findings with reversing tools (e.g. dotnet-reversing) to investigate suspicious packages.","version":"1.0.0","strict":true,"keywords":["supply-chain","sbom","malware","reversing","vulnerability-analysis","secure-software","reversinglabs","spectra-assure","osv","scorecard"],"category":"productivity"},{"name":"s3cr1z-sliver-c2-capabilities-sliver-c2","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Sliver C2 framework integration. Provides server management (session and beacon listing, listener creation, implant generation) and implant post-exploitation (command execution, file operations, token manipulation, registry operations, process injection).","version":"1.0.0","strict":true,"keywords":["c2","sliver","post-exploitation","implant"],"category":"utilities"},{"name":"s3cr1z-source-code-analysis-worker-template-capabilities-source-code-analysis-worker-template","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Reference template for a worker-coordinated multi-agent capability. A single ``source-analysis.requested`` event drives a five-stage pipeline against a GitHub repo: clone, attack-surface mapping, parallel specialist review, a reconciling final reviewer that records structured findings via a typed capability tool, and one validator session per high or critical finding. Intended to be forked as a starting point for similar pipelines.","version":"0.1.0","strict":true,"keywords":["source-analysis","security","multi-agent","github","worker","template","reference"],"category":"deployment"},{"name":"s3cr1z-spectra-assure-capabilities-spectra-assure","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Software supply chain security via ReversingLabs Spectra Assure. Scans open source dependencies for malware, tampering, vulnerabilities, secret leakage, and policy violations before they enter your project. Goes beyond traditional SCA with binary differential analysis that catches compromised package releases — the class of attacks that hit Ultralytics (PyPI, Dec 2024), ctx/phpass, and xz-utils (CVE-2024-3094). Wraps the Spectra Assure Community MCP server.","version":"0.1.0","strict":true,"keywords":["reversinglabs","spectra-assure","supply-chain-security","sca","sbom","malware-detection","package-tampering","binary-analysis","nist-ssdf","eo-14028","secure-by-design"],"category":"deployment"},{"name":"s3cr1z-web-security-capabilities-web-security","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Web application penetration testing with 30+ attack technique playbooks covering request smuggling, cache poisoning, SSRF, SSTI, DOM vulnerabilities, authentication bypasses, parser differentials, and client-side attacks. Includes HTTP client tooling, Caido proxy integration via MCP, credential management, DNS rebinding, phone verification, and vulnerability verification.","version":"1.0.3","strict":true,"keywords":["web-security","penetration-testing","request-smuggling","cache-poisoning","dns-rebinding","dom-security","phone-verification"],"category":"testing"},{"name":"s3cr1z-windows-reversing-capabilities-windows-reversing","source":{"source":"github","repo":"s3cr1z/capabilities"},"description":"Windows native PE reversing (.exe/.dll, x86/x64) on macOS and Linux. Static triage (pefile, entropy, imports/exports, MITRE capa tags, obfuscated strings via FLOSS), Ghidra headless decompilation with cached projects, and Qiling-based PE emulation with one-shot anti-debug bypass hooks for crackmes, CTF challenges, and packed binaries — no Windows host required.","version":"0.1.0","strict":true,"keywords":["windows","reversing","pe","malware-analysis","ghidra","qiling","anti-debug","ctf"],"category":"utilities"}]}