I built a set of Claude Code subagents designed for pentesters and red teamers doing authorized engagements.

What it does: You install 6 agent files into Claude Code, and it automatically routes to the right specialist based on what you're working on. Paste Nmap output and it prioritizes attack vectors with

follow-up commands. Ask about an AD attack and it gives you the methodology AND the detection perspective. Ask it to write a report finding and it formats it to PTES standards with CVSS scoring.

The agents cover:

- Engagement planning with MITRE ATT&CK mapping

- Recon/scan output analysis (Nmap, Nessus, BloodHound, etc.)

- Exploitation methodology with defensive perspective built in

- Detection rule generation (Sigma, Splunk SPL, Elastic KQL)

- DISA STIG compliance analysis with keep-open justifications

- Professional pentest report writing

Every technique references ATT&CK IDs, and the exploit guide agent is required to explain what the attack looks like from the blue team side — so it's useful for purple team work too.

Repo has example outputs so you can see the quality before installing: https://github.com/0xSteph/pentest-ai/tree/main/examples

Open to feedback. If you think an agent is missing or the methodology is off somewhere, PRs are welcome.