Vulnerability Scanning & Assessment
🔎 Vulnerability Scanning & Assessment
Overview
This skill enables Claude to assist with comprehensive vulnerability scanning and security assessment operations. It covers CVE detection, dependency auditing, configuration review, CVSS scoring, and automated vulnerability reporting.
Prerequisites
Required
- Python 3.8+
requests,packaging,jinja2
Optional
- Nmap with NSE scripts — Network vulnerability scanning
- OpenVAS — Full vulnerability management
- Nuclei — Template-based vulnerability scanner
- Trivy — Container and dependency scanning
pip install requests packaging jinja2 pyyaml
Core Capabilities
1. Dependency Vulnerability Auditing
Claude can analyze project dependencies for known vulnerabilities:
When the user asks to audit dependencies:
- Identify the project's package manager (pip, npm, go, maven, cargo, etc.)
- Parse dependency files (requirements.txt, package.json, go.mod, pom.xml, Cargo.toml)
- Extract exact versions for all direct and transitive dependencies
- Query the OSV (Open Source Vulnerabilities) database and NVD for known CVEs
- Map each vulnerability to its CVSS score and severity level
- Check if patched versions are available
- Generate a prioritized remediation report
- Suggest minimum version upgrades to resolve vulnerabilities
Supported dependency files:
| Language | Files |
|---|---|
| Python | requirements.txt, Pipfile.lock, pyproject.toml, setup.py |
| JavaScript | package.json, package-lock.json, yarn.lock |
| Go | go.mod, go.sum |
| Java | pom.xml, build.gradle |
| Rust | Cargo.toml, Cargo.lock |
| Ruby | Gemfile, Gemfile.lock |
| PHP | composer.json, composer.lock |
2. Configuration Security Auditing
Claude can review server and application configurations for security issues:
When the user asks to audit configurations:
- Parse the configuration file format (nginx, Apache, SSH, Docker, Kubernetes)
- Check against CIS Benchmarks and security best practices
- Identify dangerous defaults left unchanged
- Flag overly permissive settings (wide-open CORS, directory listing, debug mode)
- Check for missing security-hardening directives
- Compare against known-good baseline configurations
- Generate findings with severity, description, and remediation steps
Supported configurations:
- Web Servers: Nginx, Apache, IIS, Caddy
- SSH: OpenSSH
sshd_config - Databases: MySQL, PostgreSQL, MongoDB, Redis
- Container: Dockerfile, docker-compose.yml, Kubernetes manifests
- Cloud: AWS Security Groups, IAM Policies, S3 Bucket policies
3. Network Vulnerability Scanning
Integration with network scanning tools for host-level assessment:
When the user asks to scan for vulnerabilities:
- Define scan scope (IP ranges, hostnames, ports)
- Execute service detection scans
- Run vulnerability detection scripts (Nmap NSE, custom checks)
- Match discovered services against known vulnerable versions
- Check for default credentials on common services
- Test for critical misconfigurations (open relays, anonymous access)
- Score and prioritize findings by CVSS
4. CVSS Scoring & Risk Assessment
Claude can calculate and explain CVSS scores:
When the user asks about CVSS:
- Calculate CVSS v3.1 Base Score from attack vector metrics
- Explain each metric's contribution to the score
- Determine severity rating (None, Low, Medium, High, Critical)
- Apply Temporal and Environmental adjustments if data is available
- Generate risk matrices for multiple vulnerabilities
- Prioritize remediation based on exploitability and impact
5. Vulnerability Report Generation
Generate professional vulnerability assessment reports:
When the user asks for a report:
- Compile all findings with severity classification
- Include executive summary for management audience
- Provide technical details for each finding
- Include proof-of-concept steps where applicable
- List remediation recommendations prioritized by risk
- Generate compliance mapping (PCI-DSS, SOC2, ISO 27001)
- Export in multiple formats (JSON, HTML, Markdown, PDF-ready)
Usage Instructions
Example Prompts
> Audit the Python dependencies in this project for known CVEs
> Review this nginx configuration for security issues
> Calculate the CVSS v3.1 score for a remote code execution via unauthenticated API
> Generate a vulnerability assessment report from these scan results
> Check if any of these software versions have known exploits
Script Reference
dependency_auditor.py
python scripts/dependency_auditor.py --project-dir ./myapp --format json --output audit.json
python scripts/dependency_auditor.py --requirements requirements.txt --severity high,critical
config_auditor.py
python scripts/config_auditor.py --type nginx --config /etc/nginx/nginx.conf --output audit.json
python scripts/config_auditor.py --type sshd --config /etc/ssh/sshd_config
cvss_calculator.py
python scripts/cvss_calculator.py --vector "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
Integration Guide
Chaining with Other Skills
- ← Recon & OSINT (01): Receive discovered hosts and services for scanning
- → Exploit Development (03): Pass confirmed vulnerabilities for PoC development
- → Blue Team Defense (15): Generate remediation and hardening recommendations
- → CSOC Automation (11): Auto-generate tickets for discovered vulnerabilities
References
More from masriyan/claude-code-cybersecurity-skill
reverse engineering & binary analysis
Binary analysis, disassembly, decompilation, firmware RE, and protocol reverse engineering
10incident response & digital forensics
IR playbook execution, evidence collection, timeline analysis, memory forensics, and post-incident reporting
10cryptographic analysis & assessment
Cipher identification, SSL/TLS auditing, hash analysis, key strength assessment, and crypto implementation review
10exploit development & payload engineering
Proof-of-concept development, payload crafting, shellcode generation, and exploitation techniques
10cloud security & container hardening
AWS/Azure/GCP security auditing, container hardening, IaC scanning, and Kubernetes security
7blue team defense & hardening
System hardening, detection engineering, baseline monitoring, and patch management
7