Offensive security skills for Claude — drop-in SKILL.md files that turn Claude into a context-aware red team operator.
Built by SnailSploit — GenAI Security Research.
claude-red is a curated library of offensive security skills for the Claude Skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a specific attack surface — from SQLi to shellcode, EDR evasion to ADCS abuse.
Drop a skill into your Claude environment and it behaves like a specialist: it knows the techniques, the tooling, the edge cases, and the escalation paths. Skills load on demand based on conversational triggers — you don't pay context for skills you aren't using.
Use it for: authorized red team engagements, bug bounty triage, security research, CTF preparation, training operators, and exploring attack surfaces methodically.
# Clone into a directory Claude will scan
git clone https://github.com/SnailSploit/claude-red ~/.claude/skills/claude-red
# Or install only one category
git clone --filter=blob:none --sparse https://github.com/SnailSploit/claude-red
cd claude-red && git sparse-checkout set Skills/web Skills/active-directoryClaude will auto-load matching skills based on conversational triggers (e.g. mentioning SQLi loads offensive-sqli).
# Point Claude at a single skill before a session
cat Skills/web/offensive-sqli/SKILL.md | claude --system-file -
# Or load a whole category
cat Skills/active-directory/**/SKILL.md | claude --system-file -Paste the contents of a SKILL.md into a Project's system prompt or prepend to your conversation.
./install.sh # interactive
./install.sh --target ~/.claude/skills # explicit target
./install.sh --category web # one category| Category | Skills | Focus |
|---|---|---|
| Web Application | 16 | OWASP Top 10 + business logic + advanced web bug classes |
| Auth & Identity | 2 | JWT, OAuth |
| Active Directory | 1 | On-prem AD attack methodology (expanding) |
| Wireless | 13 | 802.11, WPA2/3, EAP, WPS, evil-twin, BLE, Zigbee, Z-Wave, LoRa, sub-GHz |
| Cloud | 1 | AWS / Azure / GCP attack paths (expanding) |
| Mobile | 1 | Android + iOS pentest (expanding) |
| IoT & Embedded | 1 | Hardware, firmware, RTOS, ICS (expanding) |
| Infrastructure & Red Team | 7 | Initial access, EDR evasion, Windows ops |
| Exploit Development | 6 | Stack/heap, mitigations, crash analysis, TOCTOU |
| Fuzzing & VR | 4 | libFuzzer, AFL++, bug ID, vuln classes |
| Reconnaissance | 2 | OSINT tooling and methodology |
| AI Security | 1 | Prompt injection, jailbreaks, RAG poisoning |
| Utility | 2 | Fast-checking, professional reporting |
Skills/web/
| Skill | Description |
|---|---|
offensive-sqli |
SQL injection — error/blind/OOB, DB-specific, ORM CVEs, cloud paths |
offensive-xss |
Cross-site scripting — stored, reflected, DOM, mutation |
offensive-ssrf |
Server-side request forgery — cloud metadata, filter bypass |
offensive-ssti |
Server-side template injection — engine ID, RCE paths |
offensive-xxe |
XML external entity — OOB exfil, blind exploitation |
offensive-idor |
Insecure direct object references — enumeration, business logic |
offensive-file-upload |
File upload — extension bypass, polyglots, webshells |
offensive-rce |
Remote code execution — chaining, command injection |
offensive-deserialization |
Insecure deserialization — Java/PHP/.NET gadget chains |
offensive-race-condition |
Race conditions — TOCTOU, single-packet, limit bypass |
offensive-request-smuggling |
HTTP request smuggling — CL.TE, TE.CL, h2 desync |
offensive-open-redirect |
Open redirect — OAuth abuse, phishing, SSRF pivots |
offensive-parameter-pollution |
HTTP parameter pollution — WAF bypass, logic confusion |
offensive-graphql |
GraphQL — introspection, batching, IDOR via aliases |
offensive-waf-bypass |
WAF bypass — encoding, chunking, case mutation |
offensive-business-logic |
Business logic — workflow bypass, pricing, refunds, chains |
Skills/auth/
| Skill | Description |
|---|---|
offensive-jwt |
JWT — alg:none, key confusion, secret cracking |
offensive-oauth |
OAuth — open redirect abuse, token leakage, PKCE bypass |
Skills/active-directory/
| Skill | Description |
|---|---|
offensive-active-directory |
AD — Kerberoast, ASREProast, ACL abuse, ADCS ESC1-15, delegation, persistence, hybrid AAD |
Note: This category is being expanded. The AD overview is being split into 16 focused skills (Kerberoasting, ASREProasting, ADCS, coercion, NTLM relay, BloodHound, ticket forgery, GPO abuse, etc.). See Roadmap.
Skills/wireless/
| Skill | Description |
|---|---|
offensive-wifi |
802.11 overview — entrypoint into the wireless category |
offensive-wifi-recon |
Adapter selection, monitor mode, multi-band airspace mapping |
offensive-wpa2-psk |
Handshake capture, PMKID, hashcat 22000 cracking |
offensive-wpa3-sae |
Transition-mode downgrade, Dragonblood, SAE side-channels |
offensive-wpa-enterprise |
802.1X / EAP attacks, eaphammer evil-twin RADIUS |
offensive-wps |
Pixie Dust, online PIN brute, vendor PIN generators |
offensive-evil-twin |
KARMA, Mana, captive portal, post-association MITM |
offensive-krack-fragattacks |
KRACK + FragAttacks supplicant testing |
offensive-deauth-disassoc |
Targeted/broadcast deauth, PMF awareness, action frames |
offensive-bluetooth-ble |
BLE GATT enum, pairing downgrade, sniffing, MITM |
offensive-bluetooth-classic |
BR/EDR — SDP, SPP, KNOB, BlueBorne, HID spoofing |
offensive-zigbee-thread-matter |
802.15.4 mesh — KillerBee, Touchlink abuse, ZCL command injection |
offensive-z-wave |
S0 key derivation flaw, S2 commissioning, hub pivots |
offensive-lorawan-sub-ghz |
LoRaWAN ABP/OTAA, KeeLoq garage doors, fixed-code, TPMS |
Skills/cloud/
| Skill | Description |
|---|---|
offensive-cloud |
AWS / Azure / GCP — privesc, IMDS, cross-account, persistence, CSPM evasion |
Note: Cloud-identity (Entra/AAD/Okta hybrid) skills coming separately. See Roadmap.
Skills/mobile/
| Skill | Description |
|---|---|
offensive-mobile |
Android + iOS — Frida, pinning, storage, biometric, deep links |
Skills/iot/
| Skill | Description |
|---|---|
offensive-iot |
Hardware recon, firmware, RTOS, ICS/OT, MQTT/CoAP |
Note: Being split into 10 focused skills (UART/JTAG, flash dump, fault injection, U-Boot, secure boot, RTOS, ICS protocols). See Roadmap.
Skills/infrastructure/
| Skill | Description |
|---|---|
offensive-initial-access |
Phishing, drive-by, supply chain — TA0001 |
offensive-advanced-redteam |
Full kill chain, C2, OPSEC, lateral, persistence |
offensive-edr-evasion |
Unhooking, indirect syscalls, PPID spoofing |
offensive-shellcode |
Writing, encoding, injection techniques |
offensive-keylogger-arch |
Keylogger architecture and input-capture techniques |
offensive-windows-mitigations |
Windows mitigations — ACG, Arbitrary Code Guard |
offensive-windows-boundaries |
Defeating Windows boundaries — sandbox escape, privilege |
Skills/exploit-dev/
| Skill | Description |
|---|---|
offensive-exploit-development |
Stack/heap, ROP chains, mitigations |
offensive-exploit-dev-course |
Structured curriculum format |
offensive-basic-exploitation |
Linux exploitation, mitigations disabled — beginner-to-mid |
offensive-crash-analysis |
Crash triage, exploitability assessment, root cause |
offensive-mitigations |
Modern kernel mitigations — ASLR, CFG, CET, PAC |
offensive-toctou |
Time-of-check/use across binary, kernel, web, container |
Skills/fuzzing/
| Skill | Description |
|---|---|
offensive-fuzzing |
libFuzzer, AFL++, coverage-guided, mutation strategies |
offensive-fuzzing-course |
Curriculum — finding vulns via fuzzing |
offensive-bug-identification |
Code review patterns, static analysis triggers |
offensive-vuln-classes |
Vulnerability classes — real-world examples, taxonomy |
Skills/recon/
| Skill | Description |
|---|---|
offensive-osint |
OSINT tools — recon-ng, theHarvester, Maltego pipelines |
offensive-osint-methodology |
OSINT methodology — structured intelligence collection |
Skills/ai/
| Skill | Description |
|---|---|
offensive-ai-security |
AI pentest — prompt injection, jailbreaking, RAG poisoning |
Skills/utility/
| Skill | Description |
|---|---|
offensive-fast-checking |
Fast triage checklist — quick-win identification |
offensive-reporting |
Pro pentest reporting — CVSS, evidence, exec summary, retest |
The library is being expanded in seven phases. Track progress in CHANGELOG.md.
| Phase | Category | New Skills | Status |
|---|---|---|---|
| 1 | Internal AD/Windows (rename active-directory/ → internal/) |
+16 | Planned |
| 2 | Cloud Identity (Entra/AAD, ADFS, Okta, M365) | +10 | Planned |
| 3 | Wireless split (WPA2/3, EAP, BLE, Zigbee, Z-Wave, LoRa, sub-GHz) | +12 | Mandatory |
| 4 | IoT split (UART/JTAG, flash, fault injection, RTOS, ICS) | +10 | Planned |
| 5 | Web Basics (recon, auth bypass, access control, CSRF, headers, CORS, cache, clickjack) | +8 | Planned |
| 6 | Web Advanced (proto pollution, SAML, OIDC, WebSocket, gRPC, postMessage, SSI/ESI, CSTI) | +10 | Planned |
| 7 | Polish (README, LICENSE, manifest, install) | — | In progress |
End state: ~107 skills across the same 13+ categories.
Contributions welcome. See CONTRIBUTING.md for the skill template, frontmatter standard, and review process. Focused, single-surface skills are preferred over monolithic overviews.
MIT — use freely, attribution appreciated.
- Author: Kai Aizen (SnailSploit) — snailsploit.com
- Original Checklists: Sahar Shlichov — the offensive checklist collection many of these skills are based on.
- Community: PRs and feedback that keep the library current with the threat landscape.
"Give Claude the right skill and it stops being a chatbot. It becomes an operator."