Transilience AI Community Security Tools
Announcement
Practice Makes Perfect: Teaching an AI to Hack by Learning from Its Mistakes (March 2026)
We built an autonomous pentesting agent that scores 100% (104/104) on a published CTF benchmark suite — using only structured markdown skill files, no fine-tuning. Starting from a bare 89.4% baseline, we ran a simple loop roughly 15 times: run the benchmarks, find a failure, diagnose the missing technique, write it into a skill file, and run again. The same skills transfer cross-model: Claude Sonnet 4.6 reaches 96.2% and Claude Haiku 4.5 reaches 62.5%. This repository contains the full skill set described in the paper.
Read the paper
Overview
Transilience AI Community Tools is a consolidated Claude Code security testing suite — 26 skills and 3 tool integrations that cover the full penetration testing lifecycle from reconnaissance to reporting. Agent roles (coordinator, executor, validator) are defined in skills/coordination/ with reference material in skills/coordination/reference/, and spawned dynamically via Agent(prompt=...).
Why Choose Transilience Community Tools?
- AI-Powered Automation — Claude coordinates intelligent security testing workflows
- Complete OWASP Coverage — 100% OWASP Top 10 + OWASP LLM Top 10
- Professional Reporting — CVSS 3.1, CWE, MITRE ATT&CK, Transilience-branded PDF reports
- Playwright Integration — Browser automation for client-side vulnerability testing
- Payload-Enriched References — 160+ reference files with inline PayloadsAllTheThings techniques
- Open Source — MIT licensed for commercial and personal use
Prerequisites
Local Setup
- Claude Code — Install Claude Code CLI
- Playwright — Required for client-side testing, HackTheBox/HackerOne automation, and browser-based evidence capture. Install via:
npm install -g @playwright/mcp && npx playwright install chromium
- Python 3 — Required for tools (
env-reader.py, nvd-lookup.py, slack-send.py)
- Kali Linux tools (optional) — nmap, gobuster, ffuf, sqlmap, testssl, etc. Only needed for network/infrastructure testing
Docker Setup (Recommended)
A single script spins up a Kali Linux container with Claude Code, Playwright (headed via Xvfb), and all Kali security tools pre-installed:
bash scripts/kali-claude-setup.sh projects/pentest
This builds a Docker image with Kali Rolling + Node.js + Claude Code + Playwright + Chromium, mounts the project workspace, and launches Claude Code with --dangerously-skip-permissions. Use --rebuild to force a fresh image build.
Quick Start
1. Clone and enter the project
git clone https://github.com/transilienceai/communitytools.git
cd communitytools/projects/pentest
2. Open Claude Code and run skills
claude # Launch Claude Code from the projects/pentest directory
Then use slash commands inside the Claude session:
Pentest https://target.com # Full penetration test (skills/coordination/)
/hackthebox # HackTheBox challenge automation
/hackerone # Bug bounty workflow
/techstack-identification # Passive tech stack recon
/reconnaissance target.com # Attack surface mapping
/source-code-scanning ./app # Static code analysis
Skills
All canonical skill and tool definitions live at the repo root (skills/, tools/). Each project under projects/ symlinks only the ones it needs — see Repository Structure for details.
Agent roles (coordinator, executor, validator) are defined in skills/coordination/ with reference material in skills/coordination/reference/, spawned dynamically via Agent(prompt=...).
Skills by Category (26)
Vulnerability Testing (10)
