Back your AI security reports with real-world case citations and hard data,
built on 22,132 WooYun business logic vulnerability cases.
A Claude Code plugin: transforms reports from "consider testing payment tampering" into "WooYun payment bypass: 1,056 cases, 68.7% high-severity — M1905 movie site's ¥2,588 subscription was purchased for ¥0.50."
# Install WooYun Legacy plugin /plugin marketplace add tanweai/wooyun-legacy /plugin install wooyun-legacy@tanweai-security # Then just ask > Help me test the payment security of this e-commerce platform with shopping cart, Alipay/WeChat Pay, orders, and refunds. # Claude will auto-cite real WooYun cases: # "M1905 movie site's ¥2,588 for just ¥0.50" # "Payment bypass: 1,056 cases, 68.7% high-sev"
Claude's security testing capabilities are already strong. In 12 controlled evaluations, Claude without the plugin passed 98% of domain-specific assertions. Test techniques don't need the plugin.
Transform Claude's security reports from "you should test for payment tampering" into "WooYun payment bypass: 1,056 cases, 68.7% high-severity — M1905 movie site's ¥2,588 subscription was purchased for ¥0.50." Case citations, statistics, and data-driven prioritization — these make reports convincing to stakeholders.
Claude already knows business logic security testing methodology — amount=0.01, IDOR enumeration, state machine step-skipping — these test techniques work without the plugin. The plugin doesn't teach new penetration techniques; it adds data ammunition to existing capabilities.
Claude already knows the attack techniques. The plugin adds the data layer — backing every judgment with cases and statistics.
| Dimension | Without Plugin | With Plugin | Why It Matters |
|---|---|---|---|
| Case References | "Consider testing payment tampering" | "M1905 movie site's ¥2,588 subscription for ¥0.50" | Stakeholders pay attention to real company names |
| Statistics | "Risk is relatively high" | "Payment bypass: 1,056 cases, 68.7% high-severity" | Quantitative data gives prioritization a factual basis |
| Taxonomy | Generic OWASP categories | WooYun's "Arbitrary X" taxonomy | Aligns with Chinese security community conventions |
| Prioritization | Experience-based judgment | Ranked by high-severity % (password reset 88% > payment bypass 68.7%) | When time is limited, data tells you what to test first |
| Business Scenarios | Generic web scenarios | Alipay/WeChat callbacks, government OA, telecom BOSS | Real targets for Chinese SRC and enterprise testing |
No configuration needed. The plugin activates automatically when you ask security-related questions.
"Help me test the payment security of this e-commerce platform with shopping cart, Alipay/WeChat Pay, orders, and refunds."
"Multi-tenant SaaS platform with REST APIs. Design a complete authorization test plan — IDOR, vertical privilege escalation, unauthorized access."
"Audit this e-commerce order API code for all business logic vulnerabilities."
"Found payment tampering, IDOR on orders, and unauthenticated admin panel. Write a convincing report for management."
"Client gave me two days to test a B2B platform with many features. Can't test everything. Prioritize by risk."
"Test a government services platform with unified auth, admin approvals, license lookup, online payment via Alipay/WeChat."
"Targeting a large internet company. Two days. Help me create a vulnerability hunting plan."
"Test a ticketing system for race conditions — ticket purchasing, payment, refunds. Include test scripts."
"Prepare a payment security training for the dev team" / "How to test business logic for compliance audits"
Loads on demand, not all at once. After SKILL.md triggers, Layer 1 loads first, then deeper layers as the task requires.
12 full-domain controlled evaluations (with_skill vs without_skill), covering all 6 domains.
| Assertion Category | With Skill | Without Skill |
|---|---|---|
| WooYun Case References | 12/12 (100%) | 0/12 (0%) |
| WooYun Statistics | 12/12 (100%) | 0/12 (0%) |
| Domain-Specific Assertions | 48/48 (100%) | 47/48 (98%) |
The plugin's core value is injecting real WooYun historical data (company cases + quantitative statistics + unique taxonomy), not general security knowledge.
Two install modes: Lite Install covers all core capabilities. Full Install adds the complete raw case database.
| Lite Install (Marketplace) | Full Install (git clone) | |
|---|---|---|
| Size | ~432KB | ~71MB |
| Domain References (Layer 1) | 6 files | 6 files |
| Deep Analysis (Layer 2) | 8 files (complete) | 8 files (complete) |
| Case Database (Layer 3) | 15 condensed indexes (60KB) | 15 complete databases (71MB raw) |
| Industry Playbooks | Not included | Telecom & banking pentest methodology |
| Evaluation Data | Not included | 12 controlled A/B tests |
| Best for | Day-to-day testing · Reports · Bug bounty | Full case search · Data analysis · Custom dev |
Via Marketplace. 432KB. Full methodology + condensed case indexes.
Clone the full repo. 71MB. All 22,132 raw case records included.
Verify: type /skills to see the skill list, or just ask a security testing question.
/plugin marketplace update tanweai-security to update the marketplace, then /plugin update wooyun-legacy@tanweai-security to update the plugin.