## https://sploitus.com/exploit?id=099D7B73-70B8-51AC-9516-A43F94A6A758
# Pentest-Web β Claude Code Website Penetration Testing Plugin
This plugin is based on Claude Codeβs automated penetration testing framework for single websites. It covers the entire process: target identification β fingerprint/architecture analysis β API discovery β port scanning β unauthorized testing β vulnerability validation. ## Features
- **Smart Target Identification**: Automatically identifies internal/external IPs and domain names, selecting appropriate toolsets.
- **CDN + WAF Detection and Bypass**: Retrieves CDN-related real IPs, detects WAF protections, and implements various bypass strategies.
- **Fingerprint and Architecture Identification**: Utilizes TscanClientβs built-in fingerprint library and httpx technology stack for detection.
- **Multi-Type API Discovery**: Supports REST, SOAP-WSDL, Swagger-OpenAPI, GraphQL, WebPack, Vue Router.
- **Port Scanning**: Includes Top1000 ports and service identification.
- **Directories and Sensitive Files**: Performs ffuf dictionary scans and special checks for sensitive paths.
- **Unauthorized Testing**: Tests authentication mechanisms separately by API type.
- **Vulnerability Validation**: Includes SQL injection, XSS, SSRF, command injection, file upload, path traversal, XXE, SSTI, cross-origin resource sharing (CORS), JWT, and OAuth2.
- **SPA Special**: Bypasses Vue route guards, separates front-end and back-end authentication, and extracts JS source code credentials.
## Prerequisites
### 1. Claude Code
Install the [Claude Code](https://claude.ai/code) CLI or VS Code extension. ### 2. MCP Server
Configure the MCP Server as follows (located in `~/.claude.json` or `.claude/settings.json`):
```json
{
"mcpServers": {
"playwright-mcp-server": {... },
"filesystem-mcp": {... }
}
}
```
### 3. Penetration Tools
Place the tools in a unified directory (e.g., `D:/pentest-tools/`). The directory structure should look like this:
```
{{AITOOLS_DIR}}/
βββ TscanClient_windows_amd64_v2.9.5/
βββ cdnChecker_1.0.0_windows_amd64/ (includes cdn_cname.txt and resolvers.txt)
βββ httpx_1.9.0_windows_amd64/
βββ ffuf_2.1.0_windows_amd64/
βββ enscan-v2.0.5-windows-amd64/
βββ /TideFinger_windows_amd64_v3.2.3.exe
βββ js/urlfinder_0.0.3_windows_amd64/
βββ /nuclei/
```
## Installation
```bash
# 1. Clone the repository
git clone https://github.com/pentest-web-plugin.git
cd pentest-web-plugin
# 2. Replace the tool path placeholders (replace {{AITOOLS_DIR}} with your actual tool directory)
# Linux/macOS:
find. -name "*.md" -exec sed -i 's|{{AITOOLS_DIR}}|/your/actual/tools/path|g' {} \;
# Windows PowerShell:
Get-ChildItem -Recurse -Filter "*.md" | ForEach-Object { (Get-Content $_.FullName) -replace '\{\{AITOOLS_DIR\}\}', 'D:\your\tools\path' | Set-Content $_.FullName }
# 3. Use the plugin in Claude Code
claude.
```
## Usage
Simply enter the target URL in the Claude Code dialog to trigger the test:
```
Perform penetration testing on https://example.com
```
The plugin will automatically activate and execute the penetration test according to the process. ## Important Security Rules
- Domain names like `.gov.cn` and `.mil.cn` are **prohibited from being tested** and will be automatically filtered out.
- Vulnerability scanning with nuclei will **only be performed upon explicit user request**.
- Test results will be written to `tmp//` without contaminating the projectβs root directory.
- By default, this plugin only performs information gathering and unauthorized testing; it does not actively exploit vulnerabilities.
## File Structure
```
pentest-web-plugin/
βββ CLAUDE.md # Project configuration and tool paths
βββ MEMORY.md # Project memory (methodology, experience, preferences)
βββ README.md
βββ.gitignore
βββ.claude/
βββ skills/
βββ pentest-web/
βββ skill.md # Core skill description (complete testing process)
```
## Dependency Tools
This skill relies on the following open-source/free tools. Please download them yourself:
| Tool | Purpose | Source |
|------|----------|--------|
| TscanClient | Comprehensive scanning (ports, fingerprints, directories, JS) | Internal tool |
| cdnChecker | CDN detection and bypass | Internal tool |
| httpx | HTTP probing and fingerprint recognition | [projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) |
| ffuf | Directory and parameter fuzzing | [ffuf/ffuf](https://github.com/ffuf/ffuf) |
| urlfinder | Extracting APIs from JS | Internal tool |
| TideFinger | Fingerprint recognition | Internal tool |
| nuclei | Vulnerability scanning | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) |
| Playwright | Browser automation | [microsoft/playwright](https://github.com/microsoft/playwright) |
## License
**This tool is intended only for authorized security testing and educational purposes.**
- Penetration testing of unauthorized targets is strictly prohibited.
- Users must comply with local laws and bear all legal responsibilities arising from using this tool.
- The author is not responsible for any misuse, illegal use, or unauthorized use of this tool.
This skill is part of the Claude Code automated testing framework. The actual penetration testing capabilities and results depend on the toolsets and environment configured by the user.
[source-iocs-preserved url=https://github.com//pentest-web-plugin.git]