Source Code
ShadowStrike Security
Elite Penetration Testing & Security Assessment Platform
Transform OpenClaw into a professional security operations center with 600+ Kali Linux tools, intelligent orchestration, and automated reporting.
What is ShadowStrike?
ShadowStrike is a comprehensive security testing platform that provides:
- Intelligent Tool Orchestration - Auto-selects best tools for each task
- Complete PT Lifecycle - From reconnaissance to professional reporting
- 600+ Security Tools - Full Kali Linux arsenal at your fingertips
- Automated Workflows - One command executes entire assessments
Key Features
๐ฏ Intelligent Reconnaissance
- Network Discovery: nmap, masscan, unicornscan
- Web Enumeration: dirb, gobuster, ffuf, wfuzz
- Subdomain Hunting: amass, sublist3r, assetfinder
- OSINT Gathering: theHarvester, recon-ng, maltego
๐ Vulnerability Assessment
- Web Testing: sqlmap, nikto, dalfox, nuclei
- Network Scanning: 610+ NSE scripts
- SSL/TLS Analysis: testssl.sh, sslscan, sslyze
- Configuration Review: Automated misconfiguration detection
โ๏ธ Professional Exploitation
- Web Exploits: SQL injection, XSS, LFI, RCE testing
- Password Attacks: hashcat, john, hydra (GPU-accelerated)
- Wireless Auditing: aircrack-ng, wifite, reaver
- Frameworks: Metasploit, searchsploit, BeEF
๐ก๏ธ Post-Exploitation
- Privilege Escalation: linpeas, winpeas
- Lateral Movement: Pivoting and tunneling
- Persistence Testing: Backdoor detection
- Data Exfiltration: Secure transfer methods
๐ Professional Reporting
- Executive Summaries: High-level risk overview
- Technical Reports: CVE correlation, PoC details
- Remediation Guides: Step-by-step fixes
- Evidence Collection: Screenshots and logs
Quick Start
Installation
cp -r shadowstrike-security ~/.openclaw/skills/
Add to agent config:
{
"skills": ["shadowstrike-security"]
}
Restart:
pkill -f "openclaw gateway" && openclaw gateway &
First Commands
"scan target.com" โ Quick port scan
"web target.com" โ Web application test
"pentest target.com" โ Full penetration test
"wifi" โ WiFi security audit
"hashes crack hash.txt" โ Password cracking
Command Reference
Network Assessment
| Command | Description | Example Output |
|---|---|---|
scan [target] |
Quick port scan | Ports: 22,80,443 |
deep [target] |
Full port scan (all 65,535) | [Complete scan] |
services [target] |
Service detection | 80:nginx, 3306:mysql |
os [target] |
OS fingerprinting | Linux 5.4 |
Web Application Testing
| Command | Description | Example Output |
|---|---|---|
web [target] |
Full web app test | SQLi found, XSS medium |
dirb [target] |
Directory discovery | /admin, /api, /config |
sql [target] |
SQL injection test | Vulnerable: id parameter |
xss [target] |
XSS testing | Reflected XSS confirmed |
vuln [target] |
Vulnerability scan | Critical: 2, High: 5 |
Complete Workflows
| Command | Description | Duration |
|---|---|---|
pentest [target] |
Full PT lifecycle | 10-30 min |
bugbounty [target] |
Bug bounty hunting | 15-45 min |
audit [network] |
Network security audit | 20-60 min |
compliance [target] |
Compliance check | 30-90 min |
Specialized Tools
| Command | Description |
|---|---|
wifi |
WiFi security audit |
hashes [file] |
Crack password hashes |
exploit [cve] |
Search and run exploits |
report |
Generate security report |
How It Works
Intelligent Tool Selection
ShadowStrike automatically chooses the best tools:
For Web Targets:
Input: "test web target.com"
ShadowStrike:
1. whatweb โ Technology fingerprinting
2. dirb โ Directory discovery
3. nikto โ Vulnerability scanning
4. sqlmap โ SQL injection test
5. dalfox โ XSS testing
6. nuclei โ CVE scanning
Output: "Critical: 2, High: 5, Report: ./target-security.md"
For Network Targets:
Input: "scan 192.168.1.0/24"
ShadowStrike:
1. nmap -sS โ Port scanning
2. nmap -sV โ Service detection
3. nmap -O โ OS fingerprinting
4. nmap --script=vulners โ Vuln detection
Output: "Hosts: 15, Open ports: 47, Vulnerabilities: 12"
Tool Arsenal
Information Gathering (50+ tools)
nmap, masscan, unicornscan, zmap
theHarvester, recon-ng, maltego
amass, sublist3r, assetfinder, findomain
Web Testing (60+ tools)
nikto, sqlmap, burpsuite, zap
dirb, gobuster, wfuzz, ffuf
dalfox, xsser, nuclei, arachni
wpscan, joomscan, droopescan
Password Attacks (30+ tools)
hashcat (GPU-accelerated), john, hydra
medusa, ncrack, patator, crowbar
crunch, cewl, cupp (wordlist generators)
Wireless (25+ tools)
aircrack-ng, wifite, reaver, bully
kismet, wireshark, airmon-ng
hostapd-wpe, freeradius-wpe
Exploitation (35+ tools)
metasploit, searchsploit, beef
setoolkit, sqlmap, commix
routersploit, exploitdb
Forensics (40+ tools)
autopsy, sleuthkit, volatility
foremost, scalpel, binwalk
yara, cuckoo, remnux, ghidra
Workflow Examples
Example 1: Bug Bounty Hunting
You: "bugbounty target.com"
ShadowStrike executes:
โ Subdomain enumeration (amass, sublist3r)
โ Screenshot all services
โ Technology fingerprinting
โ Vulnerability scanning (nikto, nuclei)
โ SQL injection testing (sqlmap)
โ XSS testing (dalfox, xsser)
โ SSL/TLS analysis (testssl.sh)
Results:
๐ฐ Critical (P1): 1 - SQL Injection
๐ฐ High (P2): 3 - XSS, IDOR, LFI
๐ฐ Medium (P3): 5 - Various issues
Reports:
๐ P1-SQLi-report.md (Ready to submit)
๐ P2-XSS-report.md (Ready to submit)
๐ P2-IDOR-report.md (Ready to submit)
Potential Bounty: $2,000 - $5,000
Example 2: Network Security Audit
You: "audit 192.168.1.0/24"
ShadowStrike executes:
โ Host discovery (nmap -sn)
โ Port scanning (nmap -sS -p-)
โ Service detection (nmap -sV)
โ OS fingerprinting (nmap -O)
โ Vulnerability scanning (nmap --script=vulners)
โ SSL testing (testssl.sh)
โ Default credential testing
Results:
Hosts Found: 23
Open Ports: 147
Services: 89
Vulnerabilities: 34 (Critical: 3, High: 8, Medium: 23)
Report: ./network-audit-report.md
Example 3: Full Penetration Test
You: "pentest target.com"
Phase 1: Reconnaissance (5 min)
โ Subdomain enumeration
โ IP range discovery
โ Technology stack identification
โ DNS enumeration
Phase 2: Scanning (10 min)
โ Port scanning
โ Service detection
โ OS fingerprinting
Phase 3: Enumeration (10 min)
โ User enumeration
โ Share discovery
โ Directory brute-forcing
Phase 4: Vulnerability Assessment (15 min)
โ Automated scanning
โ Manual verification
โ Exploit research
Phase 5: Exploitation (10 min)
โ Attempt exploitation
โ Proof of concept
โ Credential testing
Phase 6: Post-Exploitation (10 min)
โ Privilege escalation testing
โ Lateral movement
โ Data collection
Phase 7: Reporting (5 min)
โ Executive summary
โ Technical findings
โ Risk ratings
โ Remediation steps
Final Report:
Security Score: 68/100
Critical: 2, High: 5, Medium: 8, Low: 12
Full Report: ./pentest-target-report.md
Remediation: ./pentest-target-remediation.md
Evidence: ./pentest-target-evidence/
Legal & Ethics
โ ๏ธ IMPORTANT: Use Responsibly
You CAN:
- โ Test systems you own
- โ Test systems with written authorization
- โ Conduct authorized penetration tests
- โ Perform security audits on your infrastructure
- โ Participate in bug bounty programs (within scope)
You CANNOT:
- โ Test systems without permission
- โ Attack systems illegally
- โ Violate privacy laws
- โ Cause damage to systems
- โ Steal data
Legal Notice: Unauthorized access is illegal under:
- Computer Fraud and Abuse Act (CFAA)
- Computer Misuse Act (UK)
- Similar laws worldwide
Always obtain proper authorization before testing.
Requirements
- OpenClaw >= 2026.2.3
- Kali Linux 2024.x (recommended)
- Sudo access for privileged operations
- 4GB RAM minimum (8GB recommended)
- 20GB free disk space
License
MIT License - Free for educational and authorized security testing
ShadowStrike Security: Professional Tools for Professional Testing โ๏ธ๐ก๏ธ