Offensive Security Research Config for Claude Code

A comprehensive Claude Code configuration tailored for security researchers, red teamers, and vulnerability analysts. Includes 25 specialized skills, 6 agents, and 46 vulnerability reference files covering the full offensive security lifecycle.

Quick Setup

# Method 1: One-liner install (recommended)
curl -sL https://raw.githubusercontent.com/hypnguyen1209/offensive-claude/main/install.sh | bash

# Method 2: Clone + install script
git clone https://github.com/hypnguyen1209/offensive-claude.git ~/offensive-claude
cd ~/offensive-claude && bash install.sh

# Method 3: Manual copy
git clone https://github.com/hypnguyen1209/offensive-claude.git ~/offensive-claude
cp -r ~/offensive-claude/skills ~/.claude/skills
cp -r ~/offensive-claude/agents ~/.claude/agents
cp ~/offensive-claude/CLAUDE.md ~/.claude/CLAUDE.md

Skills and agents activate automatically — no additional configuration needed.

Structure

.
├── skills/                        # 25 skill modules (SKILL.md per directory)
│   ├── recon-osint/
│   ├── vulnerability-analysis/
│   ├── exploit-development/
│   ├── ...
│   └── references/                # 47 vulnerability pattern files
├── agents/                        # 6 specialized sub-agents
├── CLAUDE.md                      # System prompt & behavior config
├── settings.json                  # Claude Code settings, permissions, MCP servers
├── install.sh                     # One-liner install script
└── README.md

Skills (25)

| # | Skill | Coverage | |---|-------|----------| | 01 | recon-osint | Subdomain enum, CVE lookup, breach intel, DNS history, Shodan/Censys | | 02 | vulnerability-analysis | Taint analysis, source-sink tracing, false positive discipline | | 03 | exploit-development | ROP chains, heap exploitation, shellcode, deserialization, mitigation bypass | | 04 | reverse-engineering | IDA/Ghidra, Frida, angr, firmware extraction, anti-RE bypass | | 05 | web-pentest | SQLi, XSS, SSRF, race conditions, GraphQL, JWT, business logic | | 06 | network-attack | AD exploitation, lateral movement, pivoting, wireless, protocol attacks | | 07 | red-team-ops | C2, persistence, privesc, defense evasion, LOLBins, exfiltration | | 08 | cloud-security | AWS/Azure/GCP privesc, container escape, Kubernetes, IaC review | | 09 | malware-analysis | Static/dynamic analysis, YARA rules, unpacking, C2 protocol RE | | 10 | ai-security | Prompt injection, RAG poisoning, model extraction, adversarial ML | | 11 | threat-hunting | MITRE ATT&CK mapping, Sigma rules, log correlation, behavioral detection | | 12 | privesc-linux | SUID, capabilities, sudo, kernel exploits, Docker escape, cron abuse | | 13 | privesc-windows | Token abuse, service exploitation, UAC bypass, credential harvesting | | 14 | coding-mastery | Python/C/Go/Rust/ASM for exploit dev, scanners, C2, crypto | | 15 | crypto-analysis | TLS auditing, hash cracking, RSA attacks, side-channel, implementation review | | 16 | incident-response | Memory forensics (Volatility), timeline analysis, IOC extraction, containment | | 17 | edr-evasion | Hook unhooking, direct/indirect syscalls, AMSI/ETW bypass, sleep masking | | 18 | initial-access | HTML smuggling, ISO/MOTW bypass, DLL sideload, staged payloads, phishing | | 19 | shellcode-dev | PEB walk, API hashing, loaders, PE-to-shellcode, cross-platform | | 20 | windows-mitigations | ASLR/DEP/CFG/CET/ACG bypass, WDAC/ASR bypass, PPL exploitation | | 21 | windows-boundaries | Kernel/user boundary, sandbox escape, AppContainer, COM elevation | | 22 | keylogger-arch | SetWindowsHookEx, RawInput, direct HID, ETW capture, stealth IOCs | | 23 | mobile-pentest | Android/iOS, Frida, SSL pinning bypass, exported components, biometric bypass | | 24 | advanced-redteam | C2 infra (redirectors, malleable profiles), OPSEC, tiered infrastructure | | 25 | active-directory-attack | Kerberoasting, NTLM relay, Golden/Silver Ticket, ADCS, delegation abuse |