hackingtool-plugin brings 183 pentesting and OSINT tools from the Z4nzu/hackingtool project directly into Claude Code as a plugin. Developed by AKCodez, this Python-based wrapper (380 GitHub stars) lets Claude execute tools locally on Linux, macOS, or Windows. It handles backend selection automatically—using native Bash, WSL, or Docker images—and runs compatible commands while passing others back for manual handling.
The plugin exists to extend Claude's capabilities for security tasks without requiring users to switch contexts or install tools manually. Z4nzu/hackingtool serves as the core inventory, organized into over 20 categories like port scanning, subdomain recon, vulnerability scanning, and OSINT. Claude interprets natural language prompts, selects tools, and delivers output in structured JSON.
Core features
This plugin stands out for its automation and cross-platform execution:
- Backend auto-detection: Chooses native Bash on Linux/macOS (
bash -lc <cmd>), WSL on Windows with a distro like Ubuntu or Kali (wsl -d <distro> -- bash -lc <cmd>), or Docker where available. - Docker image mapping: Uses optimized images for speed, such as
instrumentisto/nmapfor port scanning,projectdiscovery/nucleifor vuln scanning, andpaoloo/sqlmapfor SQL injection. Fallback tokalilinux/kali-rollingfor unmapped tools. - Tool readiness indicators: 56 tools marked 🟢 (plug-and-play), 127 🟡 (environment-dependent), totaling 183.
- Privilege handling: Auto-retries with elevated permissions on native/WSL if permission errors occur.
- Installation helpers:
ht_run.py <tool_id> --installsets up binaries on host for native/WSL use.
Every invocation routes through ht_run.py, which maps tools, pulls Docker images on first use (cached afterward), executes, and returns results.
Backend and image details
The plugin prioritizes Docker for consistency but adapts to the host environment via ht_env.py. Here's the backend selection:
| Host OS | Backend Used |
|---|---|
| Linux/macOS native | bash -lc <cmd> |
| Windows + WSL distro | wsl -d <distro> -- bash -lc <cmd> |
| Windows + Docker Desktop | docker run --rm <image> <args> |
| Any Docker runtime | Docker (preferred) |
For specific tools, it overrides with dedicated images:
| Category | Example Images |
|---|---|
| Port scanning | instrumentisto/nmap, ilyaglow/masscan, rustscan/rustscan |
| Subdomain recon | projectdiscovery/subfinder, caffix/amass, projectdiscovery/httpx |
| Vuln scanning | projectdiscovery/nuclei, projectdiscovery/katana |
| OSINT | megadose/holehe, soxoj/maigret, spiderfoot/spiderfoot, secsi/theharvester |
| Secrets scanning | trufflesecurity/trufflehog, zricethezav/gitleaks |
| Web attacks | secsi/ffuf, devopsworks/gobuster, drwetter/testssl.sh, 0xsauby/wafw00f |
| SQL injection | paoloo/sqlmap |
| Active Directory | rflathers/impacket, byt3bl33d3r/netexec |
| Phishing recon | elceef/dnstwist |
This setup avoids broad images like full Kali Linux unless needed, reducing overhead.
Getting it running
Installation happens through the Claude Code plugin marketplace. Run these commands in sequence:
/plugin marketplace add AKCODEZ/hackingtool-plugin
/plugin install hackingtool@hackingtool-marketplace
Once installed, point Claude at a target with plain English prompts. Examples from the README:
"recon example.com""hunt the username johndoe""scan my repo for vulnerabilities""crack my own wifi before my neighbor does"
Claude selects tools like subfinder for recon or nuclei for scans, executes via the appropriate backend, and shows output. For native/WSL tools needing setup, use ht_run.py <tool_id> --install—though Docker handles most cases without host changes.
Docker images pull automatically on first run, and the plugin manages retries for issues like missing sudo access.
Typical use cases
Security researchers and pentesters using Claude Code benefit most. It fits workflows involving quick recon on domains (e.g., amass for subdomains, httpx for live hosts), OSINT on usernames (maigret, holehe), or repo audits (trufflehog, gitleaks). Web app testing with ffuf or gobuster, and even niche tasks like dnstwist for phishing variants, run from chat.
If you handle Active Directory assessments, tools like impacket or netexec activate through prompts. The plugin suits local execution where cloud sandboxes fall short, such as WiFi cracking demos or hardware-dependent scans. Casual users testing personal security (e.g., own-site vuln checks) find it accessible, as Claude picks tools without deep command-line knowledge.
Tool inventory overview
The full list draws from Z4nzu/hackingtool's categories, with the plugin rating each for reliability:
- 🟢 (56 tools): Direct execution, minimal dependencies—e.g., nmap, subfinder, nuclei.
- 🟡 (127 tools): May need sudo, adapters, or config—e.g., masscan, sqlmap, spiderfoot.
Screenshots in the README show Claude's interface: tool selection after a prompt like "recon example.com," followed by output tables from rustscan or amass. This visual feedback helps verify runs.
Comparisons to alternatives
Direct use of Z4nzu/hackingtool requires manual setup on Kali Linux or similar, with a TUI for navigation—lacking AI integration. hackingtool-plugin adds Claude's natural language layer on top, automating tool choice across OSes. For Docker-only pentesting, projects like Nuclei or Amass standalone offer single-tool focus but no 183-tool suite. If you avoid Docker, native/WSL backends match Kali Linux's feel without VM overhead, though heavier than browser-based tools like Burp Suite Community.
It's heavier than minimal recon kits (e.g., just subfinder + httpx) due to the full inventory.
Users without WSL, Docker Desktop, or Bash access face limits—stick to manual hackingtool installs then. Source code and full details sit at https://github.com/AKCodez/hackingtool-plugin (MIT license).
Comments