hackingtool — Claude Code plugin

183 pentesting & OSINT tools at Claude's fingertips. Plugin-skill wrapper around Z4nzu/hackingtool. Runs locally on any OS — native Bash on Linux/macOS, WSL on Windows, or purpose-built Docker images (instrumentisto/nmap, projectdiscovery/nuclei, caffix/amass, and 20+ more). The skill picks the right backend and image automatically.

Built by ariacodez · wraps Z4nzu/hackingtool (MIT)

See it in Action

---

Install

/plugin marketplace add AKCODEZ/hackingtool-plugin
/plugin install hackingtool@hackingtool-marketplace

Then point Claude at a target:

"recon example.com"
"hunt the username johndoe"
"scan my repo for vulnerabilies"
"crack my own wifi before my neighbor does"

Claude picks the tools. You read the output.

---

How it works

Every tool invocation goes through ht_run.py, which:

1. Picks a backend: native (Linux/macOS), WSL (Windows + real distro), or Docker (anywhere Docker Desktop runs).

2. Maps known tools to purpose-built Docker images — fast pulls, clean ENTRYPOINTs, no apt install dance:

   Category	Images
   Port scanning	instrumentisto/nmap, ilyaglow/masscan, rustscan/rustscan
   Subdomain recon	projectdiscovery/subfinder, caffix/amass, projectdiscovery/httpx
   Vuln scanning	projectdiscovery/nuclei, projectdiscovery/katana
   OSINT	megadose/holehe, soxoj/maigret, spiderfoot/spiderfoot, secsi/theharvester
   Secrets	trufflesecurity/trufflehog, zricethezav/gitleaks
   Web attack	secsi/ffuf, devopsworks/gobuster, drwetter/testssl.sh, 0xsauby/wafw00f
   SQL injection	paoloo/sqlmap
   Active Directory	rflathers/impacket, byt3bl33d3r/netexec
   Phishing recon	elceef/dnstwist
   Fallback	kalilinux/kali-rolling (for anything not in the override map)

3. Runs the command, auto-retries with elevated privileges on permission errors (native/WSL), and surfaces the actual tool output as structured JSON.

The 🟢/🟡 icons in the inventory below are quick indicators of how the tool usually behaves — 🟢 for "plug-and-play" invocations, 🟡 for tools whose behavior depends on the backend and environment (adapter hardware, sudo config, etc.). Either way, the skill runs it and tells you what happened.

Current breakdown: 56 🟢 · 127 🟡 · 183 total.

---

OS support

The plugin picks a backend automatically via ht_env.py:

Host	Backend
Linux / macOS native	bash -lc <cmd>
Windows + real WSL distro (Ubuntu, Kali, etc.)	wsl -d <distro> -- bash -lc <cmd>
Windows + Docker Desktop	docker run --rm <image> <args>
Anywhere Docker is running	Docker backend (preferred when available)

Docker images in the override map are pulled on first use and cached. ht_run.py <tool_id> --install runs the install commands for native/WSL when you need the binary on the host itself.

---

Master tool inventory

Legend: 🟢 plug-and-play · 🟡 depends on backend / environment

183 tools total — 🟢 56 plug-and-play · 🟡 127 environment-dependent

🛡 Anonymously Hiding (2)

Tool	What it does	Claude	Flags
Anonymously Surf	It automatically overwrites the RAM when the system shuts down	🟡	sudo
Multitor	How to stay in multi places at the same time.	🟡	sudo

🔍 Information Gathering (26)

Tool	What it does	Claude	Flags
Amass (Attack Surface Mapping)	In-depth subdomain enumeration and attack surface mapping.	🟢	—
Breacher	An advanced multithreaded admin panel finder written in python.	🟡	interactive
Dracnmap	Open source program using nmap to exploit the network and gather information.	🟡	sudo
Find Info Using Shodan	Get ports, vulnerabilities, information, banners.	🟡	—
Gitleaks (Git Secret Scanner)	Fast secret scanner for git repos — detects hardcoded passwords, API keys, tokens.	🟢	—
Holehe (Email → Social Accounts)	Check if an email address is registered on 120+ websites.	🟢	—
Host to IP	Resolve hostname to IP.	🟡	interactive
httpx (HTTP Toolkit)	Fast multi-purpose HTTP probing tool.	🟢	—
Infoga - Email OSINT	Gathers email account information (ip, hostname, country) from public sources.	🟢	—
IsItDown (Check Website Down/Up)	Check Website Is Online or Not.	🟡	—
Maigret (Username OSINT)	Collect a dossier on a person by username across 3000+ sites.	🟢	—
Masscan (Fast Port Scanner)	Fastest internet port scanner — 10 million packets/sec.	🟡	sudo
Network Map (nmap)	Free utility for network discovery and security auditing.	🟡	sudo
Port Scanner - rang3r	Python script for multi-threaded port scanning.	🟡	interactive
Port scanning	Basic port scan wrapper.	🟡	interactive
ReconDog	ReconDog Information Gathering Suite.	🟡	sudo
ReconSpider (For All Scanning)	Advanced OSINT Framework for IPs, Emails, Websites, Organizations.	🟡	sudo
RED HAWK (All In One Scanning)	All in one tool for Information Gathering and Vulnerability Scanning.	🟢	—
RustScan (Modern Port Scanner)	Scans all 65k ports in 3 seconds, passes results to nmap automatically.	🟡	sudo
SecretFinder (like API & etc)	Python script for finding sensitive data like API keys.	🟡	sudo
SpiderFoot (OSINT Automation)	Automates OSINT collection for threat intelligence and attack surface mapping.	🟢	—
Striker	Recon & Vulnerability Scanning Suite.	🟡	interactive
Subfinder (Subdomain Enumeration)	Fast passive subdomain enumeration using multiple sources.	🟢	—
theHarvester (OSINT)	Gather emails, names, subdomains, IPs and URLs from public sources.	🟢	—
TruffleHog (Secret Scanner)	Find, verify, and analyze leaked credentials across git repos, S3 buckets, filesystems.	🟢	—
Xerosploit	Penetration testing toolkit to perform MITM attacks.	🟡	sudo

📚 Wordlist Generator (7)

Tool	What it does	Claude	Flags
Cupp	Common User Passwords Profiler — generates personalized wordlists.	🟡	interactive long
Goblin WordGenerator	Goblin WordGenerator.	🟢	long
haiti (Hash Type Identifier)	Identify hash types — supports 300+ algorithms.	🟢	long
Hashcat (Password Cracker)	World's fastest GPU/CPU password recovery tool — 300+ hash types.	🟡	sudo long
John the Ripper	Open-source password security auditing and recovery tool.	🟡	sudo long
Password list (1.4B Clear Text)	Search 1.4 Billion clear text credentials from BreachCompilation leak.	🟢	long
WordlistCreator	C program that generates all possibilities of passwords.	🟡	sudo long

📶 Wireless Attack (13)

Tool	What it does	Claude	Flags
Airgeddon	Multi-use bash script for auditing wireless networks.	🟡	sudo hw
Bettercap	Swiss army knife for WiFi, BLE, HID, and Ethernet recon and MITM.	🟡	sudo hw
Bluetooth Honeypot (bluepot)	Bluetooth receiver honeypot.	🟡	sudo hw
EvilTwin	Evil Twin attack via fake page and fake Access Point.	🟡	sudo hw
Fastssh	Multi-threaded scan and brute force against SSH.	🟡	sudo hw
Fluxion	Remake of linset — automated MITM wifi attack.	🟡	interactive sudo hw
hcxdumptool	Capture packets and PMKID hashes from WLAN devices.	🟡	sudo hw
hcxtools	Convert captured WLAN packets to hashcat/JtR-compatible format.	🟡	sudo hw
Howmanypeople	Count people around you by monitoring wifi signals.	🟡	sudo hw
pixiewps	Brute force offline WPS pin (pixie-dust attack).	🟡	sudo hw long
WiFi-Pumpkin	Rogue AP framework for creating fake networks.	🟡	sudo hw
Wifiphisher	Rogue Access Point framework for red team engagements.	🟡	sudo hw
Wifite	Automated wireless attack tool.	🟡	sudo hw

🧩 SQL Injection (7)

Tool	What it does	Claude	Flags
Blisqy	Find time-based blind SQL injections on HTTP headers.	🟡	—
DSSS	Damn Small SQLi Scanner — GET and POST parameters.	🟡	—
Explo	Describe web security issues in human and machine readable format.	🟡	—
Leviathan	Mass audit toolkit — service discovery, brute force, SQLi detection.	🟢	—
NoSqlMap	Audit and automate injection attacks on NoSQL databases.	🟢	—
Sqlmap	Automate detection and exploitation of SQL injection flaws.	🟡	interactive
SQLScan	Quick web scanner to find SQL injection points.	🟡	sudo

🎣 Phishing Attack (17)

Tool	What it does	Claude	Flags
AdvPhishing	Advance Phishing Tool — OTP phishing.	🟡	sudo
Autophisher	Automated Phishing Toolkit.	🟡	sudo
BlackEye	Phishing tool with 38 website templates.	🟡	sudo
BlackPhish	Phishing toolkit.	🟡	sudo
dnstwist	Domain name permutation engine — typosquatting and brand impersonation.	🟢	—
Evilginx3	MITM attack framework for phishing login credentials.	🟡	sudo
HiddenEye	Modern phishing tool with multi-tunnelling.	🟡	sudo
I-See-You	Find the exact location of a target via social engineering.	🟡	sudo
Maskphish	Hide phishing URL under a normal looking URL.	🟡	sudo
Pyphisher	Easy to use phishing tool with 77 website templates.	🟡	sudo
QR Code Jacking	QR Code Jacking (Any Website).	🟡	sudo
QRLJacking	Session hijacking against QR-code-based login.	🟡	sudo
SayCheese	Grab webcam shots from target via malicious link.	🟡	sudo
Setoolkit	Social-Engineer Toolkit.	🟡	sudo
ShellPhish	Phishing tool for 18 social media.	🟡	sudo
SocialFish	Automated Phishing Tool & Information Collector.	🟡	sudo
Thanos	Browser to Browser Phishing toolkit.	🟡	sudo

🌐 Web Attack (20)

Tool	What it does	Claude	Flags
Arjun	HTTP parameter discovery — finds hidden GET/POST parameters.	🟢	—
Blazy	Modern login page bruteforcer (also clickjacking).	🟡	archived
Caido	Lightweight web security auditing toolkit — Burp alternative in Rust.	🟡	sudo
CheckURL	Detect evil URLs that use IDN Homograph Attack.	🟢	—
Dirb	Web Content Scanner — existing and hidden Web Objects.	🟡	interactive sudo
Dirsearch	Web path brute-forcing — directories and files on web servers.	🟢	—
Feroxbuster	Fast, recursive content discovery tool in Rust.	🟡	sudo long
ffuf	Fast web fuzzer — content, parameter, vhost discovery.	🟢	long
Gobuster	Directory/file, DNS, and vhost brute-forcing in Go.	🟢	—
Katana	Next-generation crawling and spidering framework.	🟢	—
mitmproxy	Interactive TLS-capable intercepting HTTP proxy.	🟢	—
Nikto	Scan web servers for dangerous files, outdated software, misconfig.	🟡	sudo
Nuclei	Fast, template-based vulnerability scanner used by 50k+ teams.	🟢	—
OWASP ZAP	Full-featured web application security scanner.	🟡	sudo gui
Skipfish	Automated active web application security reconnaissance.	🟡	sudo
Sub-Domain TakeOver	Sub-domain takeover scanner.	🟡	—
Sublist3r	Enumerate subdomains of websites using OSINT.	🟡	sudo
testssl.sh	Check TLS/SSL ciphers, protocols, and cryptographic flaws.	🟢	—
wafw00f	Fingerprint and identify Web Application Firewalls (WAF).	🟢	—
Web2Attack	Web hacking framework with tools and exploits.	🟡	sudo

🔧 Post Exploitation (10)

Tool	What it does	Claude	Flags
Chisel	Fast TCP/UDP tunnel over HTTP — pivoting and port forwarding.	🟢	—
Chrome Keylogger	Hera Chrome Keylogger.	🟡	sudo
Evil-WinRM	Ultimate WinRM shell for Windows pentesting.	🟢	—
Havoc	Modern post-exploitation C2 framework with EDR evasion.	🟢	—
Ligolo-ng	Advanced tunneling/pivoting via TUN interfaces.	🟢	—
Mythic	Collaborative multi-payload C2 platform for red team ops.	🟡	sudo
PEASS-ng (LinPEAS/WinPEAS)	Privilege escalation enumeration for Linux and Windows.	🟢	—
pwncat-cs	Post-exploitation platform — manages reverse/bind shells.	🟢	—
Sliver	Cross-platform adversary emulation / red team C2.	🟡	sudo
Vegile (Ghost In The Shell)	Set up backdoor/rootkits when a backdoor is already set up.	🟡	sudo

🕵 Forensics (8)

Tool	What it does	Claude	Flags
Autopsy	Forensic investigation platform.	🟡	sudo gui
Binwalk	Analyze, reverse engineer, and extract firmware images.	🟢	—
Bulk extractor	Extract useful information without parsing the file system.	🟡	—
Guymager (Disk Clone / ISO)	Free forensic imager for media acquisition.	🟡	sudo
pspy	Monitor Linux processes without root — cron jobs, scheduled tasks.	🟢	—
Toolsley	Ten-plus useful tools for investigation.	🟡	—
Volatility 3	World's most widely used memory forensics framework.	🟡	interactive
Wireshark	Network capture and analyzer.	🟡	sudo gui

📦 Payload Creation (8)

Tool	What it does	Claude	Flags
Brutal	Toolkit for payloads, powershell attacks, HID attacks.	🟡	sudo
Enigma	Multiplatform payload dropper.	🟡	sudo
Mob-Droid	Generate metasploit payloads easily.	🟡	sudo
MSFvenom Payload Creator	Wrapper to generate multiple types of payloads.	🟡	sudo
Spycam	Win32 payload that captures webcam images every minute.	🟢	—
Stitch	Cross Platform Python Remote Administrator Tool.	🟡	sudo
The FatRat	Backdoor/payload generation that can bypass most AV.	🟡	sudo
Venom Shellcode Generator	Exploits apache2 to deliver LAN payloads via fake webpages.	🟡	sudo

🧰 Exploit Framework (3)

Tool	What it does	Claude	Flags
Commix	Automated OS command injection and exploitation tool.	🟡	interactive sudo
RouterSploit	Exploitation framework dedicated to embedded devices.	🟡	sudo
WebSploit	Advanced MITM framework.	🟡	sudo

🔁 Reverse Engineering (5)

Tool	What it does	Claude	Flags
Androguard	Reverse engineering and malware analysis of Android apps.	🟡	sudo
Apk2Gold	CLI tool for decompiling Android apps to Java.	🟡	interactive sudo
Ghidra	NSA's software reverse engineering framework.	🟡	sudo gui
JadX	Dex to Java decompiler.	🟡	sudo
Radare2	Portable UNIX-like reverse engineering framework.	🟢	—

⚡ DDOS (6)

Tool	What it does	Claude	Flags
Asyncrone (SYN Flood)	C-based multifunction SYN Flood weapon.	🟡	interactive sudo long
DDoS Script	DDoS attack script — 36+ methods.	🟡	interactive sudo long
GoldenEye	Python3 stress testing app.	🟡	interactive long
SaphyraDDoS	Python DDoS script.	🟡	interactive long
SlowLoris	HTTP Denial of Service attack.	🟡	interactive sudo long
UFOnet	P2P cryptographic disruptive toolkit for DoS/DDoS.	🟡	gui long

🖥 RAT (1)

Tool	What it does	Claude	Flags
Pyshell	RAT with file upload/download.	🟢	—

💥 XSS (9)

Tool	What it does	Claude	Flags
XSStrike	Python-based XSS detection and exploitation tool.	🟡	sudo
DalFox	XSS scanning and parameter analysis tool.	🟡	sudo
Extended XSS Searcher	Extended XSS searcher and finder.	🟡	interactive
RVuln	Multi-threaded web vulnerability scanner in Rust.	🟡	sudo
XanXSS	Reflected XSS searching tool with template-based payloads.	🟡	—
XSpear	XSS scanner built on Ruby Gems.	🟢	—
XSS Payload Generator	XSS payload generator, scanner, and dork finder.	🟡	sudo
XSS-Freak	XSS scanner written in Python 3.	🟡	sudo
XSSCon	XSS scanner.	🟡	interactive sudo

🖼 Steganography (4)

Tool	What it does	Claude	Flags
SteganoHide	Hide/retrieve data in image or audio files.	🟡	interactive sudo
StegnoCracker	Brute force hidden data inside files.	🟡	interactive long
StegoCracker	Hide and retrieve data in image or audio files.	🟡	sudo
Whitespace	Steganography via whitespace and unicode.	🟡	sudo

🏢 Active Directory (6)

Tool	What it does	Claude	Flags
BloodHound	Graph theory to reveal hidden attack paths in AD/Azure.	🟡	sudo
Certipy	Active Directory Certificate Services enumeration and abuse.	🟢	—
Impacket	Python classes for SMB, MSRPC, Kerberos, LDAP.	🟢	—
Kerbrute	Kerberos pre-auth brute-forcer — enumeration and spraying.	🟢	—
NetExec (nxc)	Swiss army knife for Windows/AD pentesting — CrackMapExec successor.	🟢	—
Responder	LLMNR/NBT-NS/MDNS poisoner for credential capture.	🟡	sudo

☁ Cloud Security (4)

Tool	What it does	Claude	Flags
Pacu	AWS exploitation framework for offensive security testing.	🟢	—
Prowler	Security tool for AWS, Azure, GCP, Kubernetes.	🟢	—
ScoutSuite	Multi-cloud security auditing tool.	🟢	—
Trivy	Vulnerability scanner for containers, Kubernetes, IaC.	🟡	sudo

📱 Mobile Security (3)

Tool	What it does	Claude	Flags
Frida	Dynamic instrumentation toolkit for runtime hooking.	🟢	—
MobSF	All-in-one mobile app pentesting and malware analysis.	🟢	—
Objection	Runtime mobile exploration powered by Frida.	🟢	—

✨ Other (1)

Tool	What it does	Claude	Flags
HatCloud	Ruby tool to bypass CloudFlare and discover real IP.	🟡	interactive

📱 Android Attack (5)

Tool	What it does	Claude	Flags
DroidCam (Capture Image)	Grab front camera snap using a link.	🟡	sudo
EvilApp	Android App that hijacks authenticated sessions in cookies.	🟢	—
Keydroid	Android Keylogger + Reverse Shell.	🟢	—
Lockphish	Lock-screen phishing.	🟢	—
MySMS	Android App that hacks SMS through WAN.	🟢	—

📧 Email Verifier (1)

Tool	What it does	Claude	Flags
Knockmail	Verify if an email exists.	🟡	sudo

🔑 Hash Crack (1)

Tool	What it does	Claude	Flags
Hash Buster	Hash cracking via public hash databases.	🟢	—

🎭 Homograph (1)

Tool	What it does	Claude	Flags
EvilURL	Unicode evil domains for IDN Homograph Attack.	🟢	—

🧪 Mix Tools (2)

Tool	What it does	Claude	Flags
Crivo	Extract and filter URLs, IPs, domains, and subdomains.	🟡	—
Terminal Multiplexer	Tilix — tiling terminal emulator.	🟡	sudo

💉 Payload Injection (2)

Tool	What it does	Claude	Flags
Debinject	Inject malicious code into *.debs.	🟢	—
Pixload	Image Payload Creating tools.	🟡	sudo

📱 Social Media (4)

Tool	What it does	Claude	Flags
AllinOne SocialMedia Attack	Brute-force Gmail, Hotmail, Twitter, Facebook, Netflix.	🟡	sudo
Application Checker	Check if an app is installed on the target via link.	🟡	sudo
Facebook Attack	Facebook BruteForcer.	🟡	interactive sudo
Instagram Attack	Brute force attack against Instagram.	🟡	archived

🔎 Social Media Finder (4)

Tool	What it does	Claude	Flags
Find SocialMedia By Facial Recognition	Social Media Mapping Tool that correlates profiles.	🟡	sudo
Find SocialMedia By UserName	Find usernames across 75+ social networks.	🟡	sudo
Sherlock	Hunt down social media accounts by username.	🟡	interactive sudo
SocialScan	Check email and username availability on online platforms.	🟡	interactive

🕸 Web Crawling (1)

Tool	What it does	Claude	Flags
Gospider	Fast web spider written in Go.	🟡	sudo

📡 Wifi Jamming (2)

Tool	What it does	Claude	Flags
KawaiiDeauther	Pentest toolkit for wifi deauthentication.	🟡	sudo hw
WifiJammer-NG	Continuously jam all wifi clients and APs within range.	🟡	sudo hw

---

Refreshing the tool index

When upstream hackingtool adds tools, regenerate data/tools.json and the README table:

python ${CLAUDE_PLUGIN_ROOT}/scripts/ht_index.py --hackingtool-path /path/to/hackingtool
python ${CLAUDE_PLUGIN_ROOT}/scripts/build_readme_table.py > new_table.md

If hackingtool is a sibling directory of this repo, --hackingtool-path isn't needed — the script auto-detects.

---

Directory layout

hackingtool-plugin/
├── .claude-plugin/
│   └── marketplace.json          # marketplace entry
├── images/                       # screenshots + logo
├── README.md                     # this file
└── plugins/hackingtool/
    ├── .claude-plugin/plugin.json
    ├── data/tools.json           # generated index
    ├── scripts/
    │   ├── ht_index.py           # (dev) regenerate tools.json
    │   ├── build_readme_table.py # (dev) regenerate the table above
    │   ├── ht_search.py          # query index
    │   ├── ht_env.py             # detect backend
    │   └── ht_run.py             # backend-aware tool runner
    └── skills/pentest/
        ├── SKILL.md
        └── reference/
            ├── workflows.md
            └── runtime-fallbacks.md

---

Limitations

• Python 3.10+ required.
• No async tool streaming. Long-running tools block until they finish or timeout.
• Docker backend pulls kalilinux/kali-rolling on first use.
• Capability flags are heuristics. If you find a mis-tagged tool, fix it in data/tools.json or open an issue.

---

Credits

• Upstream toolkit: Z4nzu/hackingtool — all tool metadata, categorization, and screenshots originate from this project.
• Plugin wrapper: ariacodez (AKCodez on GitHub).

License

MIT. Upstream Z4nzu/hackingtool is also MIT-licensed.

For authorized security testing, bug bounty, CTFs, and research only.