v0.1.0: initial public release

GRIMNIR — a Claude Code orchestrator that runs penetration-testing engagements end to end: it classifies a target, scopes it, delegates to the right specialist agent, shares intel across them, validates findings, and compiles one unified report.

The idea

• One orchestrator, six specialists. GRIMNIR (the PM) never tests directly — it routes. HUGINN runs Phase 0 recon; Specter (API/web), ARTEMIS (GenAI/LLM), Hunter (network), Nimbus (cloud), and Nomad (mobile) do the work in their domain.
• Findings are born theoretical. A validation layer tracks evidence strength (theoretical → validated → confirmed, or refuted) and gates reports: only proven findings reach a report body, and authorization bugs need a recorded negative control. "Don't rubber-stamp" becomes a property of the data, not a habit.
• Cross-agent intel feed. Recon and findings flow between agents — a mobile endpoint becomes a Specter target, an exposed service becomes a Hunter lead — so the most impactful chains span domains.
• Public-repo hygiene by design. The engine is generic and tracked; per-engagement and operator data live outside the repo.

What's here

• The GRIMNIR orchestrator (CLAUDE.md) plus 6 specialist agent definitions and their skills
• Engagement lifecycle tooling: state.sh, intel.sh, finding.sh, validate-finding.sh, handoff.sh, with schema-enforced JSON
• Slash commands: /engage, /scope, /recon, /api-audit, /genai-audit, /net-audit, /cloud-audit, /mobile-audit, /full-audit, /report, /sitrep, /intel
• Specialist scripts and wordlists (cloud storage + Firebase probes, APK recon + manifest audit, recon helpers)
• Caido proxy integration (caido-mode) for replay-driven testing, and APK extraction (pull-apk.sh)
• A selftest.sh regression gate (100 checks) plus a repo-hygiene sweep

Frameworks

OWASP API Top 10 · OWASP LLM + Agentic Top 10 · WSTG · MASVS · MITRE ATT&CK + ATLAS · CIS Benchmarks · PTES

---

Built for authorized security testing, bug-bounty, and research use only. MIT licensed.