https://github.com/ogrodev/fsociety
Multi-plugin marketplace for Claude Code offensive security plugins
https://github.com/ogrodev/fsociety
claude-code claude-code-plugin offensive-security pentesting security
Last synced: about 2 months ago
JSON representation
Multi-plugin marketplace for Claude Code offensive security plugins
- Host: GitHub
- URL: https://github.com/ogrodev/fsociety
- Owner: ogrodev
- License: mit
- Created: 2026-02-13T21:21:32.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2026-03-21T17:34:50.000Z (3 months ago)
- Last Synced: 2026-03-21T19:59:51.053Z (3 months ago)
- Topics: claude-code, claude-code-plugin, offensive-security, pentesting, security
- Language: JavaScript
- Size: 1.08 MB
- Stars: 3
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
```
/$$$$$$ /$$ /$$
/$$__ $$ |__/ | $$
| $$ \__//$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$$$$$ /$$$$$$ /$$ /$$
| $$$$ /$$_____/ /$$__ $$ /$$_____/| $$ /$$__ $$|_ $$_/ | $$ | $$
| $$_/ | $$$$$$ | $$ \ $$| $$ | $$| $$$$$$$$ | $$ | $$ | $$
| $$ \____ $$| $$ | $$| $$ | $$| $$_____/ | $$ /$$| $$ | $$
| $$ /$$$$$$$/| $$$$$$/| $$$$$$$| $$| $$$$$$$ | $$$$/| $$$$$$$
|__/ |_______/ \______/ \_______/|__/ \_______/ \___/ \____ $$
/$$ | $$
| $$$$$$/
\______/
```
**Offensive security plugins for Claude Code**
[](https://docs.anthropic.com/en/docs/claude-code)
[](https://www.kali.org/)
[](#plugin-anatomy)
[](LICENSE)
[Plugins](#plugins) • [Getting Started](#getting-started) • [How It Works](#how-it-works) • [Adding a Plugin](#adding-a-plugin)
A growing suite of Claude Code plugins for offensive security. Each plugin is a self-contained toolkit targeting a specific domain of penetration testing — web apps, reverse engineering, opsec, leak hunting, and beyond. One repo, multiple weapons, all conversational.
> [!CAUTION]
> **Authorized testing only.** Always obtain written authorization before testing any target. Unauthorized access to computer systems is illegal. The authors assume no liability for misuse.
## Plugins
| Plugin | Domain | Description |
| --------------------------- | -------------------------- | -------------------------------------------------------------------------------------------------------------- |
| [**elliot**](./elliot/) | Web & Application Security | Full offensive lifecycle — recon, scan, exploit, weaponize, report. 24 commands, 9 skills, 2 agents |
| [**romero**](./romero/) | Reverse Engineering | Windows binary analysis, decompilation, malware classification. 10 commands, 5 skills, 1 agent |
| [**trenton**](./trenton/) | Operational Security | Machine hardening, VPS security, anti-forensics, footprint elimination. 12 commands, 5 skills, 2 agents |
| [**tyrell**](./tyrell/) | Leak Database Hunting | Exposed database discovery, data acquisition, cross-plugin pipeline to elliot. 16 commands, 5 skills, 2 agents |
| [**fsociety**](./fsociety/) | Engagement Setup | Interactive workspace wizard — targets, goals, scope, plugin selection, OPSEC profiles |
| **dom** | Mobile & IoT | _Planned_ — Android/iOS testing, API interception, firmware analysis |
### Specialized Agents
Each plugin ships with AI agents designed for autonomous multi-step operations:
| Agent | Plugin | Role |
| ----------- | ------- | ------------------------------------------------------------------- |
| **darlene** | elliot | Campaign orchestrator — plans and runs multi-phase attack campaigns |
| **scout** | elliot | Reconnaissance — maps attack surface before exploitation |
| **cipher** | romero | Reverse engineering orchestrator — drives binary analysis workflows |
| **ghost** | trenton | Opsec orchestrator — multi-phase machine hardening |
| **cleaner** | trenton | Anti-forensics specialist — trace removal and footprint elimination |
| **joanna** | tyrell | Leak hunter — multi-source exposed database discovery |
| **scott** | tyrell | Acquisition specialist — probe, dump, convert, and pipeline data |
## Getting Started
### Prerequisites
- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) with MCP support
- [Hexstrike MCP server](https://github.com/0x4m4/hexstrike-ai/) on Kali Linux (or compatible)
- Node.js 18+
### Installation
Add the fsociety marketplace, then install the plugins you need:
```bash
claude plugin marketplace add ogrodev/fsociety
claude plugin install elliot@fsociety
```
No cloning, no build step, no dependencies.
> [!TIP]
> You can install multiple plugins at once. Each plugin is independent — install only what you need.
### Quick Start
Initialize an engagement workspace with the setup wizard:
```bash
/setup my-operation
```
The wizard walks you through targets, goals, scope, and plugin selection. It generates a tailored workspace:
| File | Purpose |
| ----------------- | ------------------------------------------------------- |
| `engagement.json` | Central config — targets, plugins, opsec level, scope |
| `CLAUDE.md` | Tailored guidance with only your active plugin commands |
| `scope.md` | Formal scope definition |
| `targets.jsonl` | Structured target list (append-only, SHA256-deduped) |
### OPSEC Profiles
Choose a profile that matches your engagement's anonymity requirements:
| Profile | Speed | Anonymity | Use Case |
| ---------- | -------- | -------------- | ------------------------- |
| `surface` | Maximum | None | Lab / CTF environments |
| `standard` | Moderate | Basic | Authorized external tests |
| `paranoid` | Slow | Full (Tor/VPN) | Red team engagements |
## How It Works
fsociety is **not** a Node.js application — there's no build step, no `package.json`, no test suite. It's a **Claude Code plugin marketplace**: a collection of markdown-driven plugins that extend Claude Code with offensive security capabilities.
### Plugin Anatomy
Every plugin follows the same structure:
```
plugin-name/
├── plugin.json # Plugin definition (name, version, skills, agents)
├── CLAUDE.md # Plugin-specific guidance for Claude Code
├── commands/*.md # Slash commands with YAML frontmatter
├── skills/*/SKILL.md # Auto-activating skills with reference docs
├── agents/*.md # Agent definitions with YAML frontmatter
├── scripts/*.js # Node.js scripts (zero npm deps, stdlib only)
└── hooks/hooks.json # Lifecycle hooks wiring scripts to events
```
### Key Design Decisions
- **Zero dependencies** — all scripts use only Node.js built-ins (`fs`, `path`, `crypto`, `child_process`)
- **Markdown-driven** — commands, skills, and agents are `.md` files with YAML frontmatter
- **Plugin isolation** — no cross-plugin imports or shared scripts
- **JSONL for data** — append-only JSONL files for findings, techniques, and intel
- **SHA256 deduplication** — all trackers deduplicate by hashing normalized key fields
### Repository Structure
```
fsociety/
├── .claude-plugin/
│ └── marketplace.json # Plugin registry
├── elliot/ # Web & Application security
├── romero/ # Reverse engineering
├── trenton/ # Operational security
├── tyrell/ # Leak database hunting
├── fsociety/ # Engagement setup & orchestration
├── CLAUDE.md
└── LICENSE
```
> [!NOTE]
> See each plugin's own `README.md` for its complete command reference, data layer, and conventions
```text
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX XX
XX MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMMMMssssssssssssssssssssssssssMMMMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMss''' '''ssMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMyy'' ''yyMMMMMMMMMMMM XX
XX MMMMMMMMyy'' ''yyMMMMMMMM XX
XX MMMMMy'' ''yMMMMM XX
XX MMMy' 'yMMM XX
XX Mh' 'hM XX
XX - - XX
XX XX
XX :: :: XX
XX MMhh. ..hhhhhh.. ..hhhhhh.. .hhMM XX
XX MMMMMh ..hhMMMMMMMMMMhh. .hhMMMMMMMMMMhh.. hMMMMM XX
XX ---MMM .hMMMMdd:::dMMMMMMMhh.. ..hhMMMMMMMd:::ddMMMMh. MMM--- XX
XX MMMMMM MMmm'' 'mmMMMMMMMMyy. .yyMMMMMMMMmm' ''mmMM MMMMMM XX
XX ---mMM '' 'mmMMMMMMMM MMMMMMMMmm' '' MMm--- XX
XX yyyym' . 'mMMMMm' 'mMMMMm' . 'myyyy XX
XX mm'' .y' ..yyyyy.. '''' '''' ..yyyyy.. 'y. ''mm XX
XX MN .sMMMMMMMMMss. . . .ssMMMMMMMMMs. NM XX
XX N` MMMMMMMMMMMMMN M M NMMMMMMMMMMMMM `N XX
XX + .sMNNNNNMMMMMN+ `N N` +NMMMMMNNNNNMs. + XX
XX o+++ ++++Mo M M oM++++ +++o XX
XX oo oo XX
XX oM oo oo Mo XX
XX oMMo M M oMMo XX
XX +MMMM s s MMMM+ XX
XX +MMMMM+ +++NNNN+ +NNNN+++ +MMMMM+ XX
XX +MMMMMMM+ ++NNMMMMMMMMN+ +NMMMMMMMMNN++ +MMMMMMM+ XX
XX MMMMMMMMMNN+++NNMMMMMMMMMMMMMMNNNNMMMMMMMMMMMMMMNN+++NNMMMMMMMMM XX
XX yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy XX
XX m yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy m XX
XX MMm yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy mMM XX
XX MMMm .yyMMMMMMMMMMMMMMMM MMMMMMMMMM MMMMMMMMMMMMMMMMyy. mMMM XX
XX MMMMd ''''hhhhh odddo obbbo hhhh'''' dMMMM XX
XX MMMMMd 'hMMMMMMMMMMddddddMMMMMMMMMMh' dMMMMM XX
XX MMMMMMd 'hMMMMMMMMMMMMMMMMMMMMMMh' dMMMMMM XX
XX MMMMMMM- ''ddMMMMMMMMMMMMMMdd'' -MMMMMMM XX
XX MMMMMMMM '::dddddddd::' MMMMMMMM XX
XX MMMMMMMM- -MMMMMMMM XX
XX MMMMMMMMM MMMMMMMMM XX
XX MMMMMMMMMy yMMMMMMMMM XX
XX MMMMMMMMMMy. .yMMMMMMMMMM XX
XX MMMMMMMMMMMMy. .yMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMy. .yMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMs. .sMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMss. .... .ssMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMMMNo oNNNNo oNMMMMMMMMMMMMMMMMMMMM XX
XX XX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```