Share
## https://sploitus.com/exploit?id=35B29861-729D-5D6F-A5AB-1C25D00D4E3D
# Security Vulnerability Scanner
A Claude Code plugin that automates security vulnerability analysis for any project.
## What it does
1. **Detects** your project's tech stack, languages, and dependencies
2. **Fetches** known CVE/CWE data from the NIST National Vulnerability Database
3. **Scans** your code for vulnerable patterns using 576 regex rules across 20 CWEs
4. **Generates** proof-of-concept exploit scripts for confirmed vulnerabilities
5. **Fixes** vulnerabilities inline and produces a detailed security report
## Supported Languages
JavaScript/TypeScript, Python, Go, Java, Rust, PHP, Ruby, C/C++
## Prerequisites
- Python 3.8+
- `requests` library: `pip install requests`
- NVD API key (optional, recommended): [Request one here](https://nvd.nist.gov/developers/request-an-api-key)
Set your API key:
```bash
export NVD_API_KEY="your-key-here"
```
## Installation
```bash
claude plugin install security-vuln-scanner
```
Or test locally:
```bash
claude --plugin-dir /path/to/SkillCyberPunk
```
## Usage
Invoke the skill in any project:
```
/security-vuln-scanner
```
Or ask naturally:
```
"Scan this project for security vulnerabilities"
"Check for CVEs in my dependencies"
"Run a security audit"
"Find insecure code patterns"
```
## Output
- `security-report-YYYY-MM-DD.md` โ Full vulnerability report with findings, severity scores, and fix recommendations
- `security-pocs/` โ Proof-of-concept exploit scripts (with `--dry-run` safety mode)
- Inline fixes applied directly to your source code
## CWE Coverage
| Category | CWEs |
|----------|------|
| Injection | CWE-89 (SQL), CWE-78 (OS Command), CWE-79 (XSS) |
| Traversal & SSRF | CWE-22 (Path Traversal), CWE-918 (SSRF) |
| Auth & Access | CWE-287, CWE-306, CWE-862 |
| Data Exposure | CWE-200, CWE-798 (Hardcoded Creds) |
| Deserialization | CWE-502 |
| Crypto | CWE-327 (Weak Crypto) |
| Web | CWE-352 (CSRF), CWE-434 (File Upload), CWE-611 (XXE) |
| Memory Safety | CWE-119 (Buffer Overflow), CWE-416 (Use After Free), CWE-190 (Integer Overflow) |
| Config | CWE-732 (Permissions), CWE-400 (Resource Consumption) |
## License
MIT