Claude Code Plugins

Community-maintained marketplace

Feedback

vulnerability-scanner

@xenitV1/claude-code-maestro
61
0

Comprehensive guide for automated vulnerability scanning tools and techniques. Covers DAST, SAST, SCA, network scanning, and CI/CD integration.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name vulnerability-scanner
description Comprehensive guide for automated vulnerability scanning tools and techniques. Covers DAST, SAST, SCA, network scanning, and CI/CD integration.

Vulnerability Scanner Skill

Automated vulnerability scanning tools and techniques for 2025.

Tool Categories

DAST (Dynamic Application Security Testing)

OWASP ZAP

# Start ZAP in daemon mode
zap.sh -daemon -port 8080

# Quick scan
zap-cli quick-scan https://target.com

# Full scan with API
zap-cli active-scan https://target.com
zap-cli report -o report.html -f html

# API scan
zap-api-scan.py -t https://api.target.com/openapi.json -f openapi

# CI/CD Integration
docker run -t owasp/zap2docker-stable zap-baseline.py \
  -t https://target.com -r report.html

Burp Suite

# Run headless scan
java -jar burpsuite_pro.jar --config-file=config.json \
  --project-file=project.burp

# API scan with OpenAPI
# Import OpenAPI spec → Scanner → Scan selected items

# Intruder attacks
# Sniper: Single position, multiple payloads
# Battering ram: All positions, same payload
# Pitchfork: Multiple positions, parallel payloads
# Cluster bomb: All combinations

Nuclei (2025 Essential)

# Run all templates
nuclei -u https://target.com

# Specific template categories
nuclei -u https://target.com -t cves/
nuclei -u https://target.com -t vulnerabilities/
nuclei -u https://target.com -t exposures/

# Custom templates
nuclei -u https://target.com -t /path/to/custom-templates/

# Rate limiting
nuclei -u https://target.com -rl 100 -c 25

# Output formats
nuclei -u https://target.com -o results.txt -json

SAST (Static Application Security Testing)

Semgrep (2025 Recommended)

# Install
pip install semgrep

# Run with auto-detected rules
semgrep --config auto .

# Security-focused rules
semgrep --config p/security-audit .
semgrep --config p/owasp-top-ten .

# CI/CD Integration
semgrep ci --config p/default

# Custom rules
semgrep --config my-rules.yaml .

SonarQube

# Run scanner
sonar-scanner \
  -Dsonar.projectKey=myproject \
  -Dsonar.sources=. \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=token

# Quality gates
# Critical: 0 bugs, 0 vulnerabilities
# High: < 5 code smells
# Coverage: > 80%

SCA (Software Composition Analysis)

npm audit

# Basic audit
npm audit

# JSON output for CI/CD
npm audit --json > audit.json

# Fix automatically
npm audit fix

# Force fix (breaking changes)
npm audit fix --force

Snyk

# Install
npm install -g snyk

# Authenticate
snyk auth

# Test dependencies
snyk test

# Monitor for new vulnerabilities
snyk monitor

# Container scanning
snyk container test myimage:latest

# IaC scanning
snyk iac test terraform/

Trivy (2025 Essential)

# Filesystem scan
trivy fs .

# Container image scan
trivy image myimage:latest

# Kubernetes manifest scan
trivy k8s --report summary cluster

# SBOM generation
trivy image --format spdx-json -o sbom.json myimage:latest

# CI/CD with severity threshold
trivy image --exit-code 1 --severity CRITICAL myimage:latest

Network Scanning

Nmap

# Quick scan
nmap -sV target.com

# Full port scan
nmap -p- --min-rate 1000 target.com

# Vulnerability scripts
nmap --script vuln target.com

# Service enumeration
nmap -sC -sV -oA results target.com

# Stealth scan
nmap -sS -T2 -Pn target.com

Nessus

# Start scan via API
curl -k -X POST https://nessus:8834/scans \
  -H "X-Cookie: token=xxx" \
  -d '{"uuid":"template-uuid","settings":{"name":"test","targets":"target.com"}}'

# Export results
curl -k -X GET "https://nessus:8834/scans/1/export?format=html" \
  -H "X-Cookie: token=xxx"

CI/CD Integration

GitHub Actions

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      # SAST with Semgrep
      - name: Semgrep
        uses: returntocorp/semgrep-action@v1
        with:
          config: p/security-audit
      
      # SCA with npm audit
      - name: npm audit
        run: npm audit --audit-level=high
      
      # Container scanning with Trivy
      - name: Trivy
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'myimage:${{ github.sha }}'
          severity: 'CRITICAL,HIGH'
          exit-code: '1'
      
      # DAST with ZAP
      - name: ZAP Scan
        uses: zaproxy/action-baseline@v0.9.0
        with:
          target: 'https://staging.example.com'

GitLab CI

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml
  - template: Security/DAST.gitlab-ci.yml

sast:
  stage: test
  
dependency_scanning:
  stage: test
  
container_scanning:
  stage: test
  
dast:
  stage: dast
  variables:
    DAST_WEBSITE: https://staging.example.com

Vulnerability Prioritization (2025)

CVSS v4.0

Base Score Components:
├── Attack Vector (AV): Network, Adjacent, Local, Physical
├── Attack Complexity (AC): Low, High
├── Privileges Required (PR): None, Low, High
├── User Interaction (UI): None, Required
├── Scope (S): Unchanged, Changed
├── Confidentiality (C): None, Low, High
├── Integrity (I): None, Low, High
└── Availability (A): None, Low, High

Severity Ratings:
- Critical: 9.0 - 10.0
- High: 7.0 - 8.9
- Medium: 4.0 - 6.9
- Low: 0.1 - 3.9

EPSS (Exploit Prediction Scoring System)

# Prioritize by exploitability probability
# EPSS > 0.1 = High likelihood of exploitation
# Combine with CVSS for risk-based prioritization

priority = cvss_score * epss_probability * asset_criticality

False Positive Reduction

Triage Workflow

  1. Automated filtering: Remove known false positives
  2. Context analysis: Check if vulnerable code is reachable
  3. Manual verification: Confirm exploitability
  4. Documentation: Mark as false positive with reason

Tool Configuration

# Semgrep ignore patterns
.semgrepignore:
  - tests/
  - vendor/
  - "*.test.ts"

# Trivy ignore
.trivyignore:
  - CVE-2021-12345  # Not applicable to our config

Reporting

Vulnerability Report Template

## Executive Summary
- Total vulnerabilities: X
- Critical: X, High: X, Medium: X, Low: X

## Top Findings
1. [CRITICAL] SQL Injection in /api/users
2. [HIGH] Missing authentication on admin endpoint
3. [MEDIUM] Outdated dependency with known CVE

## Recommendations
1. Immediate: Patch critical vulnerabilities
2. Short-term: Update dependencies
3. Long-term: Implement security testing in CI/CD

Quick Reference

Tool Type Best For
OWASP ZAP DAST Web app scanning
Nuclei DAST Template-based scanning
Semgrep SAST Code patterns
SonarQube SAST Code quality + security
Snyk SCA Dependency vulnerabilities
Trivy SCA/Container Container security
Nmap Network Port/service discovery
Nessus Network Comprehensive scanning