Claude Skill
H-mmer/pentest-agents
pentest-agents是为Claude Code、Codex、Gemini、Cursor、Windsurf、Copilot和OpenClaw设计的漏洞赏金代理框架,包含48个代理、26条指令、19个CLI工具、2个MCP服务器、自主狩猎循环及漏洞利用链构建器。
概览
仓库信息
安装这个 Skill
git clone https://github.com/H-mmer/pentest-agents-suiteRegistry 信息
项目简介
一个为Claude Code、Codex、Gemini、Cursor、Windsurf、Copilot和OpenClaw设计的漏洞赏金代理框架,包含48个代理、26条指令、19个CLI工具、2个MCP服务器、自主狩猎循环及漏洞利用链构建器,用于渗透测试。
Bug bounty agent framework for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw — 48 agents, 26 commands, 19 CLI tools, 2 MCP servers, autonomous hunt loops, exploit chain builder.
要点
- 48个专用代理,覆盖多种渗透测试任务
- 26条指令,实现工作流自动化
- 19个CLI工具,支持直接系统交互
- 2个MCP服务器,增强代理能力
- 自主狩猎循环,持续发现漏洞
- 漏洞利用链构建器,用于链式利用
使用场景
- 在HackerOne和Bugcrowd等平台上自动化漏洞赏金狩猎
- 多代理协作进行渗透测试
- 漏洞利用链的开发与测试
- 通过自主循环进行持续安全评估
- 与Claude Code、Codex、Gemini等AI编码工具集成
README 摘要
<p align="center"> <img src="docs/assets/logo.svg" alt="Pentest Agent Suite" width="440"/> </p> <h1 align="center">Pentest Agent Suite for Claude Code</h1> <p align="center"> <em>Autonomous bug-bounty framework for Claude Code and 6 other AI coding tools — 50 agents, 26 commands, 19 CLI tools, 11 skills, 2 MCP servers.</em> </p> <p align="center"> <img src="https://img.shields.io/badge/python-3.10%2B-blue?logo=python&logoColor=white" alt="Python 3.10+"/> <img src="https://img.shields.io/badge/Claude-Code-d97757" alt="Claude Code"/> <img src="https://img.shields.io/badge/MCP-servers%20%C3%97%202-2ea043" alt="MCP servers"/> <img src="https://img.shields.io/badge/agents-50-8957e5" alt="50 agents"/> <img src="https://img.shields.io/badge/payloads-2500%20lines-f85149" alt="Payloads"/> <img src="https://img.shields.io/badge/IDEs-7-1f6feb" alt="7 IDE targets"/> </p> --- **~760 files · ~118k lines · 50 agents · 26 commands · 19 CLI tools · 11 skills · 2 MCP servers (16 bug-bounty platforms + BYO writeup search) · 2,500 payload lines** A complete bug bounty framework. Battle-tested hunting methodology with concrete payloads, 7-Question Gate validation, autonomous hunt loops, A→B exploit chain building, persistent brain with endpoint tracking, optional semantic writeup search (bring your own index), automatic cost tracking via CC hooks, live platform integration, and a cross-IDE installer that emits the native format for Claude Code, Codex, Gemini, Cursor, Windsurf, VS Code Copilot, and OpenClaw. ## Quick Start ```bash # MCP servers are launched via `uv run --with mcp` — no global pip install required. export HACKERONE_USERNAME=you HACKERONE_TOKEN=your_token uv run python3 tools/scaffold.py hackerone tesla cd ~/bounties/hackerone-tesla && claude /model opu