Search everything...

Stats

Actions

Available In

cybersec-toolkit

Name: cybersec-toolkit
Author: 26zl

By 26zl

Provides 863 on-demand cybersecurity skills for CTF, pentest, bug bounty, DFIR, detection engineering, cloud security, and red/blue team operations. Skills activate by task without consuming context, covering malware analysis, forensics, threat hunting, vulnerability assessment, and security tooling across cloud, mobile, network, and application security domains.

npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkit

Popularity

Stars

Top 25%

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Skills863

implementing-log-forwarding-with-fluentd

/implementing-log-forwarding-with-fluentd

Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed infrastructure

implementing-log-integrity-with-blockchain

/implementing-log-integrity-with-blockchain

Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is hashed with the previous entry's hash to create a blockchain-like structure where modifying any entry invalidates all subsequent hashes. Implements log ingestion, chain verification, tamper detection with pinpoint identification, and periodic checkpoint anchoring to external timestamping services.

implementing-memory-protection-with-dep-aslr

/implementing-memory-protection-with-dep-aslr

Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.

implementing-microsegmentation-with-guardicore

/implementing-microsegmentation-with-guardicore

Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create granular network policies, visualize east-west traffic flows, and enforce least-privilege communication between workloads across data centers and cloud.

implementing-mimecast-targeted-attack-protection

/implementing-mimecast-targeted-attack-protection

Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.

MCP Servers1

cybersec-tools

Stats

Version1.0.0

LanguagePython

Stars15

Forks2

MaintenanceExcellent

LicenseMIT AND Apache-2.0 AND CC-BY-SA-4.0

Last CommitJun 17, 2026

AddedJun 11, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

cybersec-toolkit15

README

   ______      __              _____
  / ____/_  __/ /_  ___  _____/ ___/___  _____
 / /   / / / / __ \/ _ \/ ___/\__ \/ _ \/ ___/
/ /___/ /_/ / /_/ /  __/ /   ___/ /  __/ /__
\____/\__, /_.___/\___/_/   /____/\___/\___/
     /____/                          by 26zl
              Toolkit

Cybersecurity toolkit with built-in AI integration. An embedded MCP (Model Context Protocol) server lets any MCP-capable AI -- Claude Code, Claude Desktop, Cursor -- query the tool registry, check install status, recommend the right tools for a CTF category or bug-bounty target, and execute them with enforced safety policies (argument sanitization, network allowlists, rate limiting, audit logging). Jump to MCP Server (AI Integration).

Bundled with a modular installer for Linux and Termux (Android) covering 580+ tools, 18 modules, 14 profiles, and 12 install methods.

What makes it different: most toolkits stop at installing tools. Here an AI can also drive them — infer the problem type, pick the right tools from all modules/profiles, and work with you as an interactive companion. When you explicitly authorize it, the same MCP toolchain can enter an autonomous solver loop. Companion by default; autonomous only when you ask.

How it works

Two entry points share one tool registry. An operator runs the bash installer to put tools on disk; an AI agent talks to the MCP server to discover, recommend, and safely execute those same tools. tools_config.json is the single source of truth the modules define and the MCP advisors read, and CI validators keep the Python and bash sides in sync.

How it works: an operator runs the bash installer to put tools on disk; an AI agent drives the MCP server to discover, recommend, and safely execute them. The installer and MCP server never call each other — they meet at the tools_config.json registry and the installed tools on disk, with security.py as the single execution gate and CI validators keeping the Python and bash sides in sync.

Diagram source (Mermaid)

flowchart TB
    user(["Operator"]):::actor
    ai(["AI agent — Claude Code / Cursor / local LLM"]):::actor

    subgraph INSTALL["Installer (bash)"]
        direction TB
        sh["install.sh"]:::core
        prof["14 profiles<br/>profiles/*.conf"]:::data
        mod["18 modules<br/>modules/*.sh<br/>per-module tool arrays"]:::core
        meth["12 install methods<br/>apt → pipx → go → cargo →<br/>binary → gem → docker → git"]:::core
        sh --> prof --> mod --> meth
    end

    subgraph MCP["MCP server (Python / FastMCP)"]
        direction TB
        srv["server.py<br/>15 AI tools"]:::core
        adv["tools_db · profiles<br/>ctf_advisor · bounty_advisor"]:::core
        sec["security.py — policy engine<br/>allowlist · arg sanitize<br/>net policy · rate limit · audit"]:::sec
        rem["remote.py<br/>SSH hosts"]:::core
        srv --> adv
        srv --> sec --> rem
    end

    reg[("tools_config.json<br/>tool registry — 580+")]:::data
    disk["Installed tools<br/>/usr/local/bin + .versions"]:::data
    post["verify · update · remove · backup"]:::core
    skills["872 Claude skills + 4 coordinators<br/>finding-triage · security-comms<br/>authorization-gate · evidence-hygiene"]:::skill
    ci["CI validators<br/>shellcheck · bats · ruff · pytest<br/>validate_tools_config · validate_mcp_sync"]:::ci

    user -->|"sudo ./install.sh"| sh
    ai <-->|"stdio MCP"| srv
    ai -.->|"activate on demand"| skills

    meth -->|"installs"| disk
    sec -->|"run_tool / run_pipeline / run_script"| disk
    disk --- post

View full README on GitHub

cybersec-toolkit

Popularity

What's Inside

Confidence

README

How it works

Similar Plugins

fullstack-dev-skills

everything-claude-code

ecc

dotnet-skills

reverse-engineering

How it works

Popularity

Health & Quality

Similar Plugins

fullstack-dev-skills

everything-claude-code

ecc

dotnet-skills

reverse-engineering