Conduct authorized penetration testing via ffuf web fuzzing to discover directories and subdomains, fuzz parameters, execute authenticated raw requests, auto-calibrate scans, apply rate limiting, and analyze JSON outputs for strategy building and result review.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub trailofbits/skills-curated --plugin ffuf-web-fuzzingBuilds multi-language source code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, and entry point enumeration. Generates Mermaid diagrams (call graphs, class hierarchies, dependency maps, heatmaps). Compares code graph snapshots for structural diff and evolution analysis. Runs graph-informed mutation testing triage (genotoxic). Generates mutation-driven test vectors (vector-forge). Extracts crypto protocol message flows and converts Mermaid diagrams to ProVerif models. Projects SARIF and weAudit findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.
trailofbitsConfigures mewt or muton mutation testing campaigns — scopes targets, tunes timeouts, and optimizes long-running runs. Use when the user mentions mewt, muton, mutation testing, or wants to configure or optimize a mutation testing campaign.
trailofbitsAnnotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.
trailofbitsAudits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference)
trailofbitsAutomatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards. Requires plugin-dev plugin.
trailofbitsWeb vulnerability testing methodology distilled from 88,636 real-world cases from the WooYun vulnerability database (2010-2016)
trailofbitsFull penetration testing framework - 100+ attack categories covering OWASP, injection, authentication, cloud, and more
Stickman230Fuzz testing for APIs with malformed inputs, edge cases, and security vulnerability detection
jeremylongshoreThe AI pentest co-pilot that actually finds bugs. Phase-chained, evidence-gated offensive security skills for bug bounty and authorized pentesting.
kalpmodiClaude Code skills and agents for authorized security testing, bug bounty hunting, and pentesting workflows
transilienceai71-skill bug-hunting & external red-team bundle for Claude Code — 48 hunt-* web/vuln-class + framework skills, enterprise platform attack chains (M365/Entra, Okta, SharePoint, vCenter, SSL-VPN, APK), recon/OSINT, reporting & validation gates, and Burp MCP integration. Skills auto-load by topic; 15 slash commands included.
elementalsouls