/$$$$$$ /$$ /$$
/$$__ $$ |__/ | $$
| $$ \__//$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$$$$$ /$$$$$$ /$$ /$$
| $$$$ /$$_____/ /$$__ $$ /$$_____/| $$ /$$__ $$|_ $$_/ | $$ | $$
| $$_/ | $$$$$$ | $$ \ $$| $$ | $$| $$$$$$$$ | $$ | $$ | $$
| $$ \____ $$| $$ | $$| $$ | $$| $$_____/ | $$ /$$| $$ | $$
| $$ /$$$$$$$/| $$$$$$/| $$$$$$$| $$| $$$$$$$ | $$$$/| $$$$$$$
|__/ |_______/ \______/ \_______/|__/ \_______/ \___/ \____ $$
/$$ | $$
| $$$$$$/
\______/
Offensive security plugins for Claude Code
A growing suite of Claude Code plugins for offensive security. Each plugin is a self-contained toolkit targeting a specific domain of penetration testing — web apps, reverse engineering, opsec, leak hunting, and beyond. One repo, multiple weapons, all conversational.
Caution
Authorized testing only. Always obtain written authorization before testing any target. Unauthorized access to computer systems is illegal. The authors assume no liability for misuse.
| Plugin | Domain | Description |
|---|---|---|
| elliot | Web & Application Security | Full offensive lifecycle — recon, scan, exploit, weaponize, report. 24 commands, 9 skills, 2 agents |
| romero | Reverse Engineering | Windows binary analysis, decompilation, malware classification. 10 commands, 5 skills, 1 agent |
| trenton | Operational Security | Machine hardening, VPS security, anti-forensics, footprint elimination. 12 commands, 5 skills, 2 agents |
| tyrell | Leak Database Hunting | Exposed database discovery, data acquisition, cross-plugin pipeline to elliot. 16 commands, 5 skills, 2 agents |
| fsociety | Engagement Setup | Interactive workspace wizard — targets, goals, scope, plugin selection, OPSEC profiles |
| dom | Mobile & IoT | Planned — Android/iOS testing, API interception, firmware analysis |
Each plugin ships with AI agents designed for autonomous multi-step operations:
| Agent | Plugin | Role |
|---|---|---|
| darlene | elliot | Campaign orchestrator — plans and runs multi-phase attack campaigns |
| scout | elliot | Reconnaissance — maps attack surface before exploitation |
| cipher | romero | Reverse engineering orchestrator — drives binary analysis workflows |
| ghost | trenton | Opsec orchestrator — multi-phase machine hardening |
| cleaner | trenton | Anti-forensics specialist — trace removal and footprint elimination |
| joanna | tyrell | Leak hunter — multi-source exposed database discovery |
| scott | tyrell | Acquisition specialist — probe, dump, convert, and pipeline data |
- Claude Code with MCP support
- Hexstrike MCP server on Kali Linux (or compatible)
- Node.js 18+
Add the fsociety marketplace, then install the plugins you need:
claude plugin marketplace add ogrodev/fsociety
claude plugin install elliot@fsocietyNo cloning, no build step, no dependencies.
Tip
You can install multiple plugins at once. Each plugin is independent — install only what you need.
Initialize an engagement workspace with the setup wizard:
/setup my-operationThe wizard walks you through targets, goals, scope, and plugin selection. It generates a tailored workspace:
| File | Purpose |
|---|---|
engagement.json |
Central config — targets, plugins, opsec level, scope |
CLAUDE.md |
Tailored guidance with only your active plugin commands |
scope.md |
Formal scope definition |
targets.jsonl |
Structured target list (append-only, SHA256-deduped) |
Choose a profile that matches your engagement's anonymity requirements:
| Profile | Speed | Anonymity | Use Case |
|---|---|---|---|
surface |
Maximum | None | Lab / CTF environments |
standard |
Moderate | Basic | Authorized external tests |
paranoid |
Slow | Full (Tor/VPN) | Red team engagements |
fsociety is not a Node.js application — there's no build step, no package.json, no test suite. It's a Claude Code plugin marketplace: a collection of markdown-driven plugins that extend Claude Code with offensive security capabilities.
Every plugin follows the same structure:
plugin-name/
├── plugin.json # Plugin definition (name, version, skills, agents)
├── CLAUDE.md # Plugin-specific guidance for Claude Code
├── commands/*.md # Slash commands with YAML frontmatter
├── skills/*/SKILL.md # Auto-activating skills with reference docs
├── agents/*.md # Agent definitions with YAML frontmatter
├── scripts/*.js # Node.js scripts (zero npm deps, stdlib only)
└── hooks/hooks.json # Lifecycle hooks wiring scripts to events
- Zero dependencies — all scripts use only Node.js built-ins (
fs,path,crypto,child_process) - Markdown-driven — commands, skills, and agents are
.mdfiles with YAML frontmatter - Plugin isolation — no cross-plugin imports or shared scripts
- JSONL for data — append-only JSONL files for findings, techniques, and intel
- SHA256 deduplication — all trackers deduplicate by hashing normalized key fields
fsociety/
├── .claude-plugin/
│ └── marketplace.json # Plugin registry
├── elliot/ # Web & Application security
├── romero/ # Reverse engineering
├── trenton/ # Operational security
├── tyrell/ # Leak database hunting
├── fsociety/ # Engagement setup & orchestration
├── CLAUDE.md
└── LICENSE
Note
See each plugin's own README.md for its complete command reference, data layer, and conventions
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX XX
XX MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMMMMssssssssssssssssssssssssssMMMMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMss''' '''ssMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMyy'' ''yyMMMMMMMMMMMM XX
XX MMMMMMMMyy'' ''yyMMMMMMMM XX
XX MMMMMy'' ''yMMMMM XX
XX MMMy' 'yMMM XX
XX Mh' 'hM XX
XX - - XX
XX XX
XX :: :: XX
XX MMhh. ..hhhhhh.. ..hhhhhh.. .hhMM XX
XX MMMMMh ..hhMMMMMMMMMMhh. .hhMMMMMMMMMMhh.. hMMMMM XX
XX ---MMM .hMMMMdd:::dMMMMMMMhh.. ..hhMMMMMMMd:::ddMMMMh. MMM--- XX
XX MMMMMM MMmm'' 'mmMMMMMMMMyy. .yyMMMMMMMMmm' ''mmMM MMMMMM XX
XX ---mMM '' 'mmMMMMMMMM MMMMMMMMmm' '' MMm--- XX
XX yyyym' . 'mMMMMm' 'mMMMMm' . 'myyyy XX
XX mm'' .y' ..yyyyy.. '''' '''' ..yyyyy.. 'y. ''mm XX
XX MN .sMMMMMMMMMss. . . .ssMMMMMMMMMs. NM XX
XX N` MMMMMMMMMMMMMN M M NMMMMMMMMMMMMM `N XX
XX + .sMNNNNNMMMMMN+ `N N` +NMMMMMNNNNNMs. + XX
XX o+++ ++++Mo M M oM++++ +++o XX
XX oo oo XX
XX oM oo oo Mo XX
XX oMMo M M oMMo XX
XX +MMMM s s MMMM+ XX
XX +MMMMM+ +++NNNN+ +NNNN+++ +MMMMM+ XX
XX +MMMMMMM+ ++NNMMMMMMMMN+ +NMMMMMMMMNN++ +MMMMMMM+ XX
XX MMMMMMMMMNN+++NNMMMMMMMMMMMMMMNNNNMMMMMMMMMMMMMMNN+++NNMMMMMMMMM XX
XX yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy XX
XX m yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy m XX
XX MMm yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy mMM XX
XX MMMm .yyMMMMMMMMMMMMMMMM MMMMMMMMMM MMMMMMMMMMMMMMMMyy. mMMM XX
XX MMMMd ''''hhhhh odddo obbbo hhhh'''' dMMMM XX
XX MMMMMd 'hMMMMMMMMMMddddddMMMMMMMMMMh' dMMMMM XX
XX MMMMMMd 'hMMMMMMMMMMMMMMMMMMMMMMh' dMMMMMM XX
XX MMMMMMM- ''ddMMMMMMMMMMMMMMdd'' -MMMMMMM XX
XX MMMMMMMM '::dddddddd::' MMMMMMMM XX
XX MMMMMMMM- -MMMMMMMM XX
XX MMMMMMMMM MMMMMMMMM XX
XX MMMMMMMMMy yMMMMMMMMM XX
XX MMMMMMMMMMy. .yMMMMMMMMMM XX
XX MMMMMMMMMMMMy. .yMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMy. .yMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMs. .sMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMss. .... .ssMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMMMNo oNNNNo oNMMMMMMMMMMMMMMMMMMMM XX
XX XX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX