Claude Vibe - Professional Web Application Penetration Testing Plugin
A comprehensive Claude plugin for professional-grade web application penetration testing, fully aligned with the Penetration Testing Execution Standard (PTES) and OWASP Web Security Testing Guide (WSTG).
🚀 Quick Start
Installation
- Install the plugin from Claude Marketplace
- Start a new conversation
- Invoke the main command:
/ptes-start
This will guide you through pre-engagement activities and create a standardized project structure.
Basic Workflow
1. /ptes-start → Define scope and objectives
2. /intelligence-gathering → Map attack surface
3. /threat-modeling → Analyze attack vectors
4. /vulnerability-scan → Execute OWASP WSTG tests
5. /burp-import → Import Burp Suite data
6. /execute-exploitation → Develop PoCs
7. /generate-report → Create professional report
🎯 What This Plugin Does
✅ PTES Alignment (7 Phases)
- Phase 1: Pre-Engagement & Scoping
- Phase 2: Intelligence Gathering & Reconnaissance
- Phase 3: Threat Modeling & Analysis
- Phase 4: Vulnerability Assessment
- Phase 5: Exploitation & PoC Development
- Phase 6: Post-Exploitation & Impact Assessment
- Phase 7: Professional Reporting
✅ OWASP WSTG Coverage
- 12 testing categories
- 100+ individual test cases
- Systematic vulnerability discovery
- CWE mapping and CVSS v3.1 scoring
✅ Burp Suite Integration
- Connect via MCP protocol
- Import HTTP history
- Analyze requests/responses
- Extract authentication tokens
- Correlate scanner findings
✅ Professional Reporting
- Executive summaries
- Multi-format output (DOCX, PDF, HTML, JSON)
- Risk quantification
- Remediation roadmaps
- Attack narratives
📚 Documentation
🔧 Key Commands
Pre-Engagement Phase
/ptes-start Start new penetration testing project
/define-scope Define target and scope
/establish-roe Document rules of engagement
/create-project-structure Initialize directory structure
Intelligence Gathering Phase
/intelligence-gathering Execute reconnaissance
/scan-infrastructure Perform port/service scanning
/enumerate-endpoints Discover all endpoints
/identify-technology Detect technology stack
/analyze-static-content Extract static information
Vulnerability Analysis Phase
/vulnerability-scan Execute OWASP WSTG tests
/cvss-calculator Calculate CVSS v3.1 scores
/cwe-mapper Map findings to CWE IDs
/burp-import Import Burp Suite findings
Exploitation Phase
/execute-exploitation Develop proof of concepts
/payload-engineer Create custom payloads
/test-exploitability Validate vulnerability impact
/chain-vulnerabilities Develop attack chains
Post-Exploitation Phase
/post-exploitation Assess persistence opportunities
/lateral-movement-test Test lateral movement
/data-access-validation Verify sensitive data access
Reporting Phase
/generate-report Create full pentesting report
/export-findings Export findings data
/create-executive-summary Create summary for stakeholders
📊 Standards & Compliance
| Standard | Status | Details |
|---|
| PTES | ✅ Full Alignment | All 7 phases implemented |
| OWASP WSTG | ✅ Full Coverage | 100+ test cases |
| CVSS v3.1 | ✅ Supported | Accurate scoring |
| CWE | ✅ Mapped | All findings mapped |
| NIST SP 800-115 | ✅ Aligned | Technical testing |
| ISO 27001 | ✅ Compatible | Risk-based approach |
🔐 Security & Compliance
- ✅ Scope Enforcement: Explicit target validation
- ✅ ROE Compliance: Rules of engagement verification
- ✅ Data Privacy: Secure credential handling
- ✅ Audit Trails: Complete testing documentation
- ✅ Legal Alignment: PTES compliance guarantee
📁 Project Structure
Generated projects follow this structure:
