āļø Shadow Strike Security OpenClaw Skill - ClawHub
Do you want your AI agent to automate Shadow Strike Security workflows? This free skill from ClawHub helps with security & passwords tasks without building custom tools from scratch.
What this skill does
Elite penetration testing platform with 600+ security tools
Install
npx clawhub@latest install shadow-strike-securityFull SKILL.md
Open original| name | description |
|---|---|
| shadowstrike-security | Elite penetration testing platform with 600+ security tools |
ShadowStrike Security
Elite Penetration Testing & Security Assessment Platform
Transform OpenClaw into a professional security operations center with 600+ Kali Linux tools, intelligent orchestration, and automated reporting.
What is ShadowStrike?
ShadowStrike is a comprehensive security testing platform that provides:
- Intelligent Tool Orchestration - Auto-selects best tools for each task
- Complete PT Lifecycle - From reconnaissance to professional reporting
- 600+ Security Tools - Full Kali Linux arsenal at your fingertips
- Automated Workflows - One command executes entire assessments
Key Features
šÆ Intelligent Reconnaissance
- Network Discovery: nmap, masscan, unicornscan
- Web Enumeration: dirb, gobuster, ffuf, wfuzz
- Subdomain Hunting: amass, sublist3r, assetfinder
- OSINT Gathering: theHarvester, recon-ng, maltego
š Vulnerability Assessment
- Web Testing: sqlmap, nikto, dalfox, nuclei
- Network Scanning: 610+ NSE scripts
- SSL/TLS Analysis: testssl.sh, sslscan, sslyze
- Configuration Review: Automated misconfiguration detection
āļø Professional Exploitation
- Web Exploits: SQL injection, XSS, LFI, RCE testing
- Password Attacks: hashcat, john, hydra (GPU-accelerated)
- Wireless Auditing: aircrack-ng, wifite, reaver
- Frameworks: Metasploit, searchsploit, BeEF
š”ļø Post-Exploitation
- Privilege Escalation: linpeas, winpeas
- Lateral Movement: Pivoting and tunneling
- Persistence Testing: Backdoor detection
- Data Exfiltration: Secure transfer methods
š Professional Reporting
- Executive Summaries: High-level risk overview
- Technical Reports: CVE correlation, PoC details
- Remediation Guides: Step-by-step fixes
- Evidence Collection: Screenshots and logs
Quick Start
Installation
cp -r shadowstrike-security ~/.openclaw/skills/
Add to agent config:
{
"skills": ["shadowstrike-security"]
}
Restart:
pkill -f "openclaw gateway" && openclaw gateway &
First Commands
"scan target.com" ā Quick port scan
"web target.com" ā Web application test
"pentest target.com" ā Full penetration test
"wifi" ā WiFi security audit
"hashes crack hash.txt" ā Password cracking
Command Reference
Network Assessment
| Command | Description | Example Output |
|---|---|---|
scan [target] |
Quick port scan | Ports: 22,80,443 |
deep [target] |
Full port scan (all 65,535) | [Complete scan] |
services [target] |
Service detection | 80:nginx, 3306:mysql |
os [target] |
OS fingerprinting | Linux 5.4 |
Web Application Testing
| Command | Description | Example Output |
|---|---|---|
web [target] |
Full web app test | SQLi found, XSS medium |
dirb [target] |
Directory discovery | /admin, /api, /config |
sql [target] |
SQL injection test | Vulnerable: id parameter |
xss [target] |
XSS testing | Reflected XSS confirmed |
vuln [target] |
Vulnerability scan | Critical: 2, High: 5 |
Complete Workflows
| Command | Description | Duration |
|---|---|---|
pentest [target] |
Full PT lifecycle | 10-30 min |
bugbounty [target] |
Bug bounty hunting | 15-45 min |
audit [network] |
Network security audit | 20-60 min |
compliance [target] |
Compliance check | 30-90 min |
Specialized Tools
| Command | Description |
|---|---|
wifi |
WiFi security audit |
hashes [file] |
Crack password hashes |
exploit [cve] |
Search and run exploits |
report |
Generate security report |
How It Works
Intelligent Tool Selection
ShadowStrike automatically chooses the best tools:
For Web Targets:
Input: "test web target.com"
ShadowStrike:
1. whatweb ā Technology fingerprinting
2. dirb ā Directory discovery
3. nikto ā Vulnerability scanning
4. sqlmap ā SQL injection test
5. dalfox ā XSS testing
6. nuclei ā CVE scanning
Output: "Critical: 2, High: 5, Report: ./target-security.md"
For Network Targets:
Input: "scan 192.168.1.0/24"
ShadowStrike:
1. nmap -sS ā Port scanning
2. nmap -sV ā Service detection
3. nmap -O ā OS fingerprinting
4. nmap --script=vulners ā Vuln detection
Output: "Hosts: 15, Open ports: 47, Vulnerabilities: 12"
Tool Arsenal
Information Gathering (50+ tools)
nmap, masscan, unicornscan, zmap
theHarvester, recon-ng, maltego
amass, sublist3r, assetfinder, findomain
Web Testing (60+ tools)
nikto, sqlmap, burpsuite, zap
dirb, gobuster, wfuzz, ffuf
dalfox, xsser, nuclei, arachni
wpscan, joomscan, droopescan
Password Attacks (30+ tools)
hashcat (GPU-accelerated), john, hydra
medusa, ncrack, patator, crowbar
crunch, cewl, cupp (wordlist generators)
Wireless (25+ tools)
aircrack-ng, wifite, reaver, bully
kismet, wireshark, airmon-ng
hostapd-wpe, freeradius-wpe
Exploitation (35+ tools)
metasploit, searchsploit, beef
setoolkit, sqlmap, commix
routersploit, exploitdb
Forensics (40+ tools)
autopsy, sleuthkit, volatility
foremost, scalpel, binwalk
yara, cuckoo, remnux, ghidra
Workflow Examples
Example 1: Bug Bounty Hunting
You: "bugbounty target.com"
ShadowStrike executes:
ā Subdomain enumeration (amass, sublist3r)
ā Screenshot all services
ā Technology fingerprinting
ā Vulnerability scanning (nikto, nuclei)
ā SQL injection testing (sqlmap)
ā XSS testing (dalfox, xsser)
ā SSL/TLS analysis (testssl.sh)
Results:
š° Critical (P1): 1 - SQL Injection
š° High (P2): 3 - XSS, IDOR, LFI
š° Medium (P3): 5 - Various issues
Reports:
š P1-SQLi-report.md (Ready to submit)
š P2-XSS-report.md (Ready to submit)
š P2-IDOR-report.md (Ready to submit)
Potential Bounty: $2,000 - $5,000
Example 2: Network Security Audit
You: "audit 192.168.1.0/24"
ShadowStrike executes:
ā Host discovery (nmap -sn)
ā Port scanning (nmap -sS -p-)
ā Service detection (nmap -sV)
ā OS fingerprinting (nmap -O)
ā Vulnerability scanning (nmap --script=vulners)
ā SSL testing (testssl.sh)
ā Default credential testing
Results:
Hosts Found: 23
Open Ports: 147
Services: 89
Vulnerabilities: 34 (Critical: 3, High: 8, Medium: 23)
Report: ./network-audit-report.md
Example 3: Full Penetration Test
You: "pentest target.com"
Phase 1: Reconnaissance (5 min)
ā Subdomain enumeration
ā IP range discovery
ā Technology stack identification
ā DNS enumeration
Phase 2: Scanning (10 min)
ā Port scanning
ā Service detection
ā OS fingerprinting
Phase 3: Enumeration (10 min)
ā User enumeration
ā Share discovery
ā Directory brute-forcing
Phase 4: Vulnerability Assessment (15 min)
ā Automated scanning
ā Manual verification
ā Exploit research
Phase 5: Exploitation (10 min)
ā Attempt exploitation
ā Proof of concept
ā Credential testing
Phase 6: Post-Exploitation (10 min)
ā Privilege escalation testing
ā Lateral movement
ā Data collection
Phase 7: Reporting (5 min)
ā Executive summary
ā Technical findings
ā Risk ratings
ā Remediation steps
Final Report:
Security Score: 68/100
Critical: 2, High: 5, Medium: 8, Low: 12
Full Report: ./pentest-target-report.md
Remediation: ./pentest-target-remediation.md
Evidence: ./pentest-target-evidence/
Legal & Ethics
ā ļø IMPORTANT: Use Responsibly
You CAN:
- ā Test systems you own
- ā Test systems with written authorization
- ā Conduct authorized penetration tests
- ā Perform security audits on your infrastructure
- ā Participate in bug bounty programs (within scope)
You CANNOT:
- ā Test systems without permission
- ā Attack systems illegally
- ā Violate privacy laws
- ā Cause damage to systems
- ā Steal data
Legal Notice: Unauthorized access is illegal under:
- Computer Fraud and Abuse Act (CFAA)
- Computer Misuse Act (UK)
- Similar laws worldwide
Always obtain proper authorization before testing.
Requirements
- OpenClaw >= 2026.2.3
- Kali Linux 2024.x (recommended)
- Sudo access for privileged operations
- 4GB RAM minimum (8GB recommended)
- 20GB free disk space
License
MIT License - Free for educational and authorized security testing
ShadowStrike Security: Professional Tools for Professional Testing āļøš”ļø