Search everything...

Stats

Actions

Available In

pentest-framework

Name: pentest-framework
Author: sabania

By sabania

Conduct AI-orchestrated pentests on deployed web apps via CLI: run passive recon, discovery of APIs/secrets/cloud backends, scans for injections/auth/business logic/cloud misconfigs/WAFs, optional active exploits with consent, and generate PDF reports with severity-ranked findings and remediations.

npx claudepluginhub sabania/pentest-cli --plugin pentest-framework

Popularity

Stars

Top 25%

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Agents8

Advanced Attack Agent

/advanced-agent

Advanced attack specialist. Tests request smuggling, race conditions, cache poisoning, subdomain takeover.

Authentication Agent

/auth-agent

Authentication and session tester. Analyzes JWT tokens, OAuth flows, session management, credential attacks.

Discovery Agent

/discovery-agent

Discovery specialist. Reverse engineers JS bundles, finds API endpoints, probes BaaS backends.

Injection Agent

/injection-agent

Injection tester. Tests SQLi, XSS, SSTI, SSRF, XXE, and other injection vectors.

Business Logic Agent

/logic-agent

Business logic analyst. Tests IDOR, privilege escalation, payment bypass, workflow manipulation, and authorization flaws.

Skills12

business-logic

/business-logic

Business logic and authorization testing. IDOR, privilege escalation, workflow bypass, payment manipulation.

cli-reference

/cli-reference

Show all available pentest-cli commands and how to use them.

pentest-advanced

/pentest-advanced

Advanced attack testing. Request smuggling, race conditions, cache poisoning, subdomain takeover.

pentest-auth

/pentest-auth

Authentication and session security testing. JWT, OAuth, sessions, brute force.

pentest-cloud

/pentest-cloud

Cloud and infrastructure testing. Storage misconfig, WAF detection, email security.

Stats

Version1.0.0

ReleasedMar 20, 2026

LanguagePython

Stars5

MaintenanceGood

LicenseMIT

Last CommitMar 20, 2026

AddedMar 24, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

sabania-pentest-cli5

Safety Signals

Caution

Uses power tools

Uses Bash, Write, or Edit tools

README

pentest-cli

Professional security testing CLI for deployed web applications. No Python required - download a single binary and run.

40+ commands covering OWASP WSTG, PTES, and modern attack vectors. Integrates with Kali Linux tools (nmap, sqlmap, hydra, nikto, nuclei).

Quick Install

Linux/macOS:

curl -fsSL https://raw.githubusercontent.com/sabania/pentest-cli/main/install.sh | bash

Windows (PowerShell):

irm https://raw.githubusercontent.com/sabania/pentest-cli/main/install.ps1 | iex

Or download directly from Releases.

Uninstall

Linux/macOS:

rm ~/.local/bin/pentest

Windows (PowerShell):

Remove-Item "$env:USERPROFILE\.local\bin\pentest.exe"

Claude Code Plugin

This repo also ships a Claude Code plugin with 12 skills and 8 AI agents that use the CLI as their backend. The plugin turns Claude Code into a full security testing platform.

Install the plugin:

/plugin marketplace add sabania/pentest-cli

Then run:

/setup                              # Install CLI + verify environment
/pentest-full https://your-app.com  # Complete security audit

See the full plugin documentation: Plugin README

Plugin Skills

Skill	Type	Description
`/setup`	Utility	Install pentest-cli and verify environment
`/cli-reference`	Utility	Show all 40+ CLI commands
`/pentest-recon <url>`	Passive	Subdomains, DNS, ports, OSINT, tech stack
`/pentest-scan <url>`	Passive	Headers, SSL/TLS, CORS, WAF
`/pentest-discover <url>`	Passive	JS bundles, APIs, secrets, BaaS backends
`/pentest-auth <url>`	Passive	JWT, OAuth, session management
`/pentest-cloud <url>`	Passive	S3/Azure/GCS misconfig, email security
`/business-logic <url>`	Passive	IDOR, privilege escalation, payment bypass
`/pentest-inject <url>`	Active	SQLi, XSS, SSTI, SSRF, XXE, LFI
`/pentest-advanced <url>`	Active	Request smuggling, race conditions, cache poisoning
`/pentest-full <url>`	Full	All scans combined + PDF report
`/pentest-report`	Utility	Generate PDF report from findings

Plugin Agents

8 specialized AI agents work as your security testing team:

Agent	Model	Role
`recon-agent`	sonnet	Attack surface mapping
`scanner-agent`	sonnet	Configuration & hardening
`discovery-agent`	sonnet	Secrets, APIs, BaaS probing
`injection-agent`	sonnet	Injection vulnerability testing
`auth-agent`	sonnet	Authentication & session security
`advanced-agent`	opus	Request smuggling, race conditions
`logic-agent`	opus	Business logic & authorization flaws
`report-agent`	haiku	Report generation

CLI Usage

# Passive scans (safe, no payloads sent)
pentest scan headers https://example.com
pentest scan ssl example.com
pentest scan cors https://example.com
pentest recon subdomains example.com
pentest discover bundle https://example.com
pentest cloud email example.com

# Active scans (sends payloads - requires --active flag)
pentest --active --yes inject sqli https://example.com
pentest --active --yes discover fuzz https://example.com

# Full pentest
pentest full https://example.com

# JSON output (for CI/CD or Claude Code agents)
pentest --json scan headers https://example.com

# Generate PDF report
pentest report ./findings/

CLI Commands

Reconnaissance & OSINT (`pentest recon`)

Command	Description
`recon subdomains`	Subdomain enumeration (crt.sh, dnsrecon, DNS brute)
`recon ports`	Port scanning (nmap integration)
`recon dns`	DNS records, zone transfer, SPF/DMARC, DNSSEC
`recon whois`	WHOIS lookup
`recon crawl`	Web crawling & URL discovery
`recon osint`	Google dorks, Wayback Machine, email harvesting

Vulnerability Scanning (`pentest scan`)

Command	Description
`scan headers`	HTTP security headers (CSP, HSTS, X-Frame-Options, SRI)
`scan ssl`	SSL/TLS protocols, ciphers, certificate analysis
`scan cors`	CORS misconfiguration (origin reflection, null, wildcards)
`scan nikto`	Nikto web server scanner
`scan nuclei`	Nuclei vulnerability scanner (9000+ templates)

Discovery (`pentest discover`)

Command	Description
`discover bundle`	JS bundle reverse engineering (source maps, API keys, secrets)
`discover api`	API endpoint discovery, GraphQL, error disclosure
`discover graphql`	GraphQL introspection & attack testing
`discover fuzz`	Content discovery / directory fuzzing
`discover tech`	Deep technology fingerprinting (whatweb)

View full README on GitHub

pentest-framework

Popularity

What's Inside

Confidence

README

pentest-cli

Quick Install

Uninstall

Claude Code Plugin

Plugin Skills

Plugin Agents

CLI Usage

CLI Commands

Reconnaissance & OSINT (pentest recon)

Vulnerability Scanning (pentest scan)

Discovery (pentest discover)

Similar Plugins

fullstack-dev-skills

octo

godot-skills

pr-review-toolkit

feature-dev

nature-skills

More by sabania

linkedin-commander

linkedin-cli-reference

pentest-cli-reference

swarm

pentest-cli

Quick Install

Uninstall

Claude Code Plugin

Plugin Skills

Plugin Agents

CLI Usage

CLI Commands

Reconnaissance & OSINT (pentest recon)

Vulnerability Scanning (pentest scan)

Discovery (pentest discover)

More by sabania

linkedin-commander

linkedin-cli-reference

pentest-cli-reference

swarm

Popularity

Health & Quality

Similar Plugins

fullstack-dev-skills

octo

godot-skills

pr-review-toolkit

feature-dev

nature-skills

Reconnaissance & OSINT (`pentest recon`)

Vulnerability Scanning (`pentest scan`)

Discovery (`pentest discover`)

Reconnaissance & OSINT (`pentest recon`)

Vulnerability Scanning (`pentest scan`)

Discovery (`pentest discover`)