GitFeed
Back to feed

AKCodez/hackingtool-plugin

AKCodez/hackingtool-plugin
256
+11/day
62
Python

Claude Code plugin: 183+ pentesting & OSINT tools from Z4nzu/hackingtool. Auto-runs what it can, hands off the rest.

From the README

hackingtool — Claude Code plugin

183 pentesting & OSINT tools at Claude's fingertips. Plugin-skill wrapper around Z4nzu/hackingtool. Runs locally on any OS — native Bash on Linux/macOS, WSL on Windows, or purpose-built Docker images (instrumentisto/nmap, projectdiscovery/nuclei, caffix/amass, and 20+ more). The skill picks the right backend and image automatically.

Built by ariacodez · wraps Z4nzu/hackingtool (MIT)

See it in Action

Install

/plugin marketplace add AKCODEZ/hackingtool-plugin
/plugin install hackingtool@hackingtool-marketplace

Then point Claude at a target:

"recon example.com"
"hunt the username johndoe"
"scan my repo for vulnerabilies"
"crack my own wifi before my neighbor does"

Claude picks the tools. You read the output.

How it works

Every tool invocation goes through ht_run.py, which:

  1. Picks a backend: native (Linux/macOS), WSL (Windows + real distro), or Docker (anywhere Docker Desktop runs).

  2. Maps known tools to purpose-built Docker images — fast pulls, clean ENTRYPOINTs, no apt install dance:

    | Category | Images | |---|---| | Port scanning | instrumentisto/nmap, ilyaglow/masscan, rustscan/rustscan | | Subdomain recon | projectdiscovery/subfinder, caffix/amass, projectdiscovery/httpx | | Vuln scanning | projectdiscovery/nuclei, projectdiscovery/katana | | OSINT | megadose/holehe, soxoj/maigret, spiderfoot/spiderfoot, secsi/theharvester | | Secrets | trufflesecurity/trufflehog, zricethezav/gitleaks | | Web attack | secsi/ffuf, devopsworks/gobuster, drwetter/testssl.sh, 0xsauby/wafw00f | | SQL injection | paoloo/sqlmap | | Active Directory | rflathers/impacket, byt3bl33d3r/netexec | | Phishing recon | elceef/dnstwist | | Fallback | kalilinux/kali-rolling (for anything not in the override map) |

  3. Runs the command, auto-retries with elevated privileges on permission errors (native/WSL), and surfaces the actual tool output as structured JSON.

The 🟢/🟡 icons in the inventory below are quick indicators of how the tool usually behaves — 🟢 for "plug-and-play" invocations, 🟡 for tools whose behavior depends on the backend and environment (adapter hardware, sudo config, etc.). Either way, the skill runs it and tells you what happened.

Current breakdown: 56 🟢 · 127 🟡 · 183 total.

OS support

The plugin picks a backend automatically via ht_env.py:

| Host | Backend | |---|---| | Linux / macOS native | bash -lc | | Windows + real WSL distro (Ubuntu, Kali, etc.) | wsl -d -- bash -lc | | Windows + Docker Desktop | docker run --rm | | Anywhere Docker is running | Docker backend (preferred when available) |

Docker images in the override map are pulled on first use and cached. ht_run.py --install runs the install commands for native/WSL when you need the binary on the host itself.

Master tool inventory

Legend: 🟢 plug-and-play · 🟡

View on GitHub