Automated penetration testing for web applications with OWASP Top 10 coverage

MIT License

Free Pricing

Installation

Open Claude Code and run this command:

/plugin install penetration-tester@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

Scanner	Target	What It Checks
`security_scanner.py`	Live URLs	Security headers, SSL/TLS, exposed endpoints, HTTP methods, CORS
`dependency_auditor.py`	Project dirs	npm and pip vulnerabilities, CVEs, outdated packages
`codesecurityscanner.py`	Codebases	Hardcoded secrets, SQL injection, command injection, insecure deserialization

Skills (16)

analyzing-tls-config SKILL.md View full skill →

Analyze a target's TLS configuration — negotiated protocol version, cipher suite, certificate chain, expiry, and downgrade vectors.

ReadBash(python3:*)Bash(openssl:*)

Analyzing TLS Configuration

Overview

This skill audits a target's TLS posture against current best practice

(NIST SP 800-52r2, Mozilla TLS Configuration Guidelines, PCI DSS v4.0 Req

4.2.1.1). It reports specific findings — not "your TLS is weak" but

"your server negotiated TLSv1.0 with RC4-SHA — see remediation".

When the skill produces findings

Specific failure thresholds, in order of severity:

Finding	Severity	Threshold	Affected control
TLSv1.0 or TLSv1.1 negotiated	HIGH	Any handshake completes at v1.0/v1.1	NIST 800-52r2 §3.1, PCI DSS Req 4.2.1.1
Null / EXPORT / anonymous cipher	CRITICAL	Any null / EXPORT / aNULL in negotiated suite	NIST 800-52r2 §3.3.1
RC4 / 3DES cipher	HIGH	Sweet32, RC4 biases	NIST 800-52r2 §3.3.1, PCI DSS Req 4.2.1.1
Cert expires in <7 days	CRITICAL	notAfter - now ≤ 7d	NIST 800-52r2 §4.1
Cert expires in <30 days	HIGH	notAfter - now ≤ 30d	NIST 800-52r2 §4.1
Cert hostname mismatch	HIGH	SAN/CN doesn't match target host	RFC 6125
Self-signed or untrusted CA	MEDIUM	Chain doesn't validate to system CA	Mozilla TLS Guidelines
Weak key (RSA < 2048, ECDSA < 256)	HIGH	Public key bits below threshold	NIST 800-52r2 §3.4
Forward secrecy absent	MEDIUM	No ECDHE / DHE in negotiated suite	NIST 800-52r2 §3.3.1

Prerequisites

Python 3.9+
openssl CLI (used for cipher enumeration the Python ssl module can't introspect directly)
Authorization to test the target (active scan — see references/AUTHORIZATION.md)

Instructions

Step 1 — Confirm Authorization

Active scan. Before invoking the scanner, ask the user verbatim:

> "Do you have authorization to perform TLS testing on this target?

> I need confirmation before proceeding."

If the user says yes, proceed. If unsure, ask them to obtain written

authorization. See references/AUTHORIZATION.md for the attestation

pattern. **Never run the scanner against a target the user does not own

or have written permission to test.**

Step 2 — Run the scanner


python3 ${CLAUDE_PLUGIN_ROOT}/skills/analyzing-tls-config/scripts/analyze_tls.py \
    https://target.example.com \
    --authorized

auditing-cors-policy SKILL.md View full skill →

Audit a target's CORS posture — Access-Control-Allow-Origin handling, reflected-origin bypass, credentials+wildcard mismatch, preflight OPTIONS behavior, Vary header correctness.

ReadBash(python3:*)Bash(curl:*)

Auditing CORS Policy

Overview

CORS misconfiguration is one of the most common middle-severity findings

in web bug bounties. The browser-enforced rules are subtle, the failure

modes are silent (the wrong cors response just works until an attacker

weaponizes it), and the "fix" engineers reach for —

Access-Control-Allow-Origin: * — opens the very class of attacks CORS

was meant to prevent when paired with credentials.

This skill probes each common CORS misconfiguration with synthetic

Origin headers and grades the response.