vibed-lab / agents

hardw00t/ai-security-arsenal

83 stars · Last commit 2026-04-19

A collection of skills, agents, commands, and workflows for security researchers. Compatible with Claude Code, Claude Desktop, OpenCode, and other AI coding tools.

Code ReviewTestingDebuggingDocumentationDevOps & InfraSecurityFrontendBackendData & ML

README preview

# AI Security Arsenal

A collection of skills for automated security testing, penetration testing, and security assessment workflows with coding agents like Claude Code, Codex, OpenCode, and others.

Each skill is structured as a thin **router** (`SKILL.md`, 150-250 lines) with lazy-loaded sibling content (`workflows/`, `methodology/`, `payloads/`, `references/`, `examples/`, `schemas/`). This lets agents load only what a sub-task needs instead of parsing a monolithic document every turn — leaving more context for the actual target code, traffic, and tool output.

**Last validated:** 2026-04 against frontier coding agents (Claude Opus 4.x, GPT-5.x class).

## Skills Overview

| Category | Skill | Description |
|----------|-------|-------------|
| **Mobile** | [android-pentest](#android-pentest) | Android app pentesting with Frida, objection, ADB |
| **Mobile** | [ios-pentest](#ios-pentest) | iOS app security testing with Frida, Cycript, objection |
| **Web** | [dast-automation](#dast-automation) | Dynamic testing with ZAP, Burp, Nuclei, Playwright |
| **Web** | [api-security](#api-security) | REST/GraphQL API security, OWASP API Top 10 |
| **Cloud** | [cloud-security](#cloud-security) | AWS/GCP/Azure security assessment |
| **Cloud** | [iac-security](#iac-security) | Infrastructure as Code security scanning |
| **Cloud** | [container-security](#container-security) | Docker/Kubernetes security assessment |
| **Network** | [network-pentest](#network-pentest) | Internal network/AD penetration testing |

View full repository on GitHub →