By funnywolf
Internal red team assessment and threat simulation workflows for a remote Viper MCP server.
Use this agent when the user wants a formal pentest or red-team style report, a structured assessment summary, an evidence-backed handoff, or a longer narrative that synthesizes multiple Viper results. Typical requests ask for a report, handoff note, findings summary, evidence summary, or assessment write-up. Do not use it for raw recon, session action, or module readiness checks.
Use this agent when the user wants deeper analysis of the current Viper-visible environment, including host/session/route correlation, attack-surface interpretation, prioritization, and next-step recommendations based on confirmed state. Typical requests ask what matters most, what the best next path is, what exposure is visible, or what should be validated next. Do not use it for direct session action, MSF module workflow, or formal report writing.
Use this agent when the user wants a multi-step Viper task that spans hosts, sessions, routes, pivots, or evidence collection and needs coordinated sequencing. Typical requests ask what the current footholds can reach, how to pivot next, or how to complete an objective that crosses multiple Viper objects. Do not use it for deep analysis, formal reporting, or narrowly scoped MSF module review.
Use this skill when the user asks for an environment-wide Viper picture across multiple hosts, sessions, routes, pivot paths, or port forwards; asks what can reach what; or wants current foothold coverage before the next move. Do not use it for single-session inspection, deep analysis, formal reporting, or MSF module planning.
Use this skill when the user asks to find a Metasploit module, inspect module details, validate module or payload fit, check handlers, or decide whether an MSF module path is ready to execute in the current Viper environment. Typical requests mention a module, service, exploit path, payload fit, handler readiness, or execution readiness. Do not use it for general recon, session triage, or formal reporting.
Use this skill when the user asks to inspect or act on one specific existing Viper session, run a meterpreter or shell command in that session, verify whether that session is usable for the immediate next step, or review loot and evidence tied to that session. Typical requests mention a session ID or a concrete command. Do not use it for environment-wide recon, deep analysis, or MSF module workflow.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
This repository is a Claude Code marketplace source for Viper-related plugins. It currently publishes one installable plugin, viper-redteam, built around the current public Viper MCP tool surface.
.claude-plugin/marketplace.json defines this repository as a marketplace source.plugins/viper-redteam/ contains the installable Claude Code plugin.plugins/viper-redteam/.claude-plugin/plugin.json defines the plugin metadata.plugins/viper-redteam/.mcp.json defines the remote SSE MCP connection template.plugins/viper-redteam/skills/ contains workflow skills.plugins/viper-redteam/agents/ contains higher-level task agents.docs/ contains supplementary notes.viper-redteamviper-redteam is a Claude Code plugin for internal red team assessment and threat simulation against a remote Viper MCP server.
It adds:
The plugin is intentionally limited to the tools currently exposed by the Viper MCP server.
Current public tools:
get_host_infoget_session_infolist_handlerlist_sessionlist_hostlist_routequery_route_by_ipaddressquery_port_forward_configsession_meterpreter_command_runsession_shell_command_runread_loot_filemsf_module_executemsf_module_searchmsf_module_infomsf_module_target_compatible_payloadsThe plugin does not package functions that exist elsewhere in the Viper codebase but are not currently registered in the active MCP tool surface.
Run Worker/mcpserver.py on the Viper host. On startup it prints an SSE URL in this form:
http://your_server_ip:8000/<uuid>/sse
You can use either HTTP or HTTPS for the endpoint. If your environment supports it, HTTPS is recommended.
VIPER_MCP_SSE_URL on the Claude Code clientSet the environment variable on the machine where Claude Code runs.
PowerShell:
$env:VIPER_MCP_SSE_URL = "https://viper.example.com/abcd1234efgh5678/sse"
Bash:
export VIPER_MCP_SSE_URL="https://viper.example.com/abcd1234efgh5678/sse"
The UUID segment must match the value printed by mcpserver.py.
Use one of these approaches:
plugins/viper-redteam directly as a local Claude Code plugin directory.viper-redteam from the marketplace index.Inside Claude Code:
/mcp.viper server appears.The plugin follows the current Viper MCP boundary:
Worker/mcpserver.py is the transport and registration layer.The plugin separates responsibilities across skills and agents.
internal-recon builds a current view of hosts, sessions, routes, pivots, and reachable coverage.session-operations operates within existing sessions and handles command execution and evidence collection.threat-simulation supports module search, option review, payload compatibility checks, handler checks, and execution planning.reporting turns Viper MCP output into concise operational summaries, evidence snapshots, and next-step reporting.redteam-operator handles end-to-end internal red team tasks that span discovery, session inspection, and controlled operational sequencing.threat-simulation-planner handles Metasploit-oriented module validation, payload review, handler readiness, and staged execution planning.If the server does not appear in /mcp:
VIPER_MCP_SSE_URL is set in the shell that launched Claude Code.mcpserver.py.If the server appears but tool calls fail:
.claude-plugin/marketplace.jsonplugins/viper-redteam/plugins/viper-redteam/.claude-plugin/plugin.jsonplugins/viper-redteam/.mcp.jsonnpx claudepluginhub funnywolf/viper-plugins --plugin viper-redteamAgentic SOC Platform integration for Claude Code
FunnyWolfPlugin that provides the zh-review skill for revising Chinese documentation.
Agentic SOC Platform plugin for Claude Code
FunnyWolfComplete offensive security operator workspace: 27 specialist agents, 6 engagement commands, 5 reference skill libraries, scope-gated hooks, and evidence logging for professional penetration testing and red-team operations.
mukul975Offensive security toolkit for Claude Code — Neo4j intel graph, strategic compaction, multi-agent orchestration, and post-engagement debriefs
d0gesec872 on-demand security skills for CTF, pentest, bug bounty, DFIR, detection engineering, cloud, identity, and red/blue team work. Skills are plain Markdown and activate by task without permanently consuming context. Bundles vendored skills under mixed licenses (MIT, Apache-2.0, CC-BY-SA-4.0) — see per-source attribution in .claude/skills/SKILLS.md.
26zlClaude plugins for RunZero - asset discovery, network scanning, service inventory, OS fingerprinting, wireless detection, and vulnerability reporting for MSPs
wyre-technology71-skill bug-hunting & external red-team bundle for Claude Code — 48 hunt-* web/vuln-class + framework skills, enterprise platform attack chains (M365/Entra, Okta, SharePoint, vCenter, SSL-VPN, APK), recon/OSINT, reporting & validation gates, and Burp MCP integration. Skills auto-load by topic; 15 slash commands included.
elementalsoulsAssist with security incident response
jeremylongshore