git404hub

what is claudesec fr?

mmlqm/claudesec — explained in plain English

Analysis updated 2026-05-18

40ShellAudience · developerComplexity · 4/5LicenseSetup · moderate

tl;dr

An AI assisted framework that runs standard security scanning tools, filters out false positives, and generates reports for authorized penetration testing.

vibe map

mindmap
  root((ClaudeSec))
    What it does
      AI guided recon
      Vulnerability scanning
      False positive filtering
      Report generation
    Tech stack
      Shell scripts
      Claude AI
      Nuclei and SQLMap
    Use cases
      Authorized penetration testing
      Bug bounty recon
      Attack chain analysis
    Audience
      Security researchers
      Red teams
      Bug bounty hunters

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Run an authorized reconnaissance chain against a target you have permission to test.

VIBE 2

Scan for common vulnerabilities like SQL injection and cross site scripting with AI assisted triage.

VIBE 3

Reduce false positives by letting the AI filter and prioritize scanner output.

VIBE 4

Generate an executive and technical report from a completed security assessment.

what's the stack?

ShellClaude AINucleiSQLMapDocker

how it stacks up fr

mmlqm/claudesecinfersports/infersports-skilljurisupport/jurisupport-plugins
Stars404041
LanguageShellShellShell
Setup difficultymoderateeasymoderate
Complexity4/52/53/5
Audiencedeveloperdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Requires Linux, WSL2, or Docker and relies on external security tools like nmap-style scanners being installed via the setup script, intended only for authorized testing.

MIT license: free to use, modify, and distribute, including for commercial purposes, as long as the copyright notice is kept.

in plain english

ClaudeSec is a shell based security testing framework built for professional red teams, bug bounty hunters, and security researchers doing authorized penetration testing. It uses Claude to read the raw output of well known security scanning tools, decide what matters, and turn scattered findings into a clear report, rather than replacing the tools themselves. The framework follows a defined process. It starts with a reconnaissance stage that runs a chain of established tools in sequence, first finding subdomains, then checking which ones are live, fingerprinting what software they run, discovering hidden directories, and pulling apart their JavaScript for clues. From there, a vulnerability assessment stage runs targeted scanning tools such as SQLMap for database injection, XSStrike for cross site scripting, jwt_tool for token weaknesses, and nuclei for known vulnerability patterns. Findings then go through a manual verification stage, where the AI's suggestions guide a human to confirm real issues rather than acting alone. A key part of the design is reducing false positives and noise. The AI stage groups and prioritizes findings using a modified version of the standard CVSS 3.1 severity scoring system, filters out results it judges unlikely to be real, and looks for ways that several small, low severity issues might combine into one serious attack path. The end result is a report meant for two audiences: an executive summary for stakeholders and a detailed technical version for other security practitioners. The project says it follows recognized industry methodologies including PTES, the OWASP Testing Guide, and NIST's security testing guidance. It runs on Linux, Windows Subsystem for Linux, and Docker, is installed by cloning the repository and running an install script, and is released under the MIT license. The full README is longer than what was shown.

prompts (copy fr)

prompt 1
Help me install ClaudeSec on Linux or WSL using the provided install script.
prompt 2
Explain how ClaudeSec's reconnaissance phase chains subfinder, httpx, and ffuf together.
prompt 3
Walk me through running an authorized scan against my own test target with ClaudeSec.
prompt 4
Explain how ClaudeSec scores findings using its modified CVSS 3.1 approach.
prompt 5
Help me understand what a generated ClaudeSec report includes for stakeholders.

Frequently asked questions

what is claudesec fr?

An AI assisted framework that runs standard security scanning tools, filters out false positives, and generates reports for authorized penetration testing.

What language is claudesec written in?

Mainly Shell. The stack also includes Shell, Claude AI, Nuclei.

What license does claudesec use?

MIT license: free to use, modify, and distribute, including for commercial purposes, as long as the copyright notice is kept.

How hard is claudesec to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is claudesec for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.