diff --git a/README.md b/README.md index a038fdc6..bc3886b4 100644 --- a/README.md +++ b/README.md @@ -199,6 +199,7 @@ Third-party plugins built by the community. [PRs welcome](#contributing)! - [KiCad Happy](https://github.com/aklofas/kicad-happy) - KiCad EDA skills for schematic analysis, PCB layout review, component sourcing, BOM management, and manufacturing preparation. - [Langfuse Observability](https://github.com/avivsinai/langfuse-mcp) - Query traces, debug exceptions, analyze sessions, and manage prompts via MCP tools. - [Launch Fast](https://github.com/BlockchainHB/launchfast_codex_plugin) - Official Launch Fast plugin adapter for rapid SaaS deployment. +- [Mantis](./plugins/deonmenezes/mantishack) - Autonomous bug bounty hunter for authorized engagements — 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. - [Mobazha](https://github.com/mobazha/mobazha-skills) - Decentralized e-commerce skills — deploy self-hosted stores, import products from Shopify/Amazon, configure custom domains and Telegram bots, set up Tor privacy, and manage your store via MCP. - [MorningAI](https://github.com/octo-patch/MorningAI) - AI news tracking skill that monitors 80+ entities across 6 sources (Reddit, HN, GitHub, Hugging Face, arXiv, X) and generates scored daily reports with infographics and message digests. - [Nullcost](https://github.com/johnvouros/nullcost-plugin) - Catalog-backed free-tier, free-trial, and cheap developer-tool recommendations for Codex through bundled skills and MCP tools. diff --git a/plugins.json b/plugins.json index 5e4151d9..edf1a15d 100644 --- a/plugins.json +++ b/plugins.json @@ -3,7 +3,7 @@ "name": "awesome-codex-plugins", "version": "1.0.0", "last_updated": "2026-05-23", - "total": 86, + "total": 87, "categories": [ "Development & Workflow", "Tools & Integrations" @@ -679,6 +679,16 @@ "source": "awesome-codex-plugins", "install_url": "https://raw.githubusercontent.com/BlockchainHB/launchfast_codex_plugin/HEAD/plugins/launchfast/.codex-plugin/plugin.json" }, + { + "name": "Mantis", + "url": "https://github.com/deonmenezes/mantishack", + "owner": "deonmenezes", + "repo": "mantishack", + "description": "Autonomous bug bounty hunter for authorized engagements — 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs.", + "category": "Tools & Integrations", + "source": "awesome-codex-plugins", + "install_url": "https://raw.githubusercontent.com/hashgraph-online/awesome-codex-plugins/HEAD/plugins/deonmenezes/mantishack/.codex-plugin/plugin.json" + }, { "name": "Mobazha", "url": "https://github.com/mobazha/mobazha-skills", diff --git a/plugins/deonmenezes/mantishack/.codex-plugin/plugin.json b/plugins/deonmenezes/mantishack/.codex-plugin/plugin.json new file mode 100644 index 00000000..fc4c4ccf --- /dev/null +++ b/plugins/deonmenezes/mantishack/.codex-plugin/plugin.json @@ -0,0 +1,44 @@ +{ + "name": "mantis", + "version": "0.1.0", + "description": "Mantis offensive-security daemon — autonomous bug bounty hunter with 7-phase FSM (RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT), parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. Use only against assets you own or have explicit written authorization to test.", + "author": { + "name": "Deon Menezes", + "url": "https://github.com/deonmenezes" + }, + "homepage": "https://mantishack.com", + "repository": "https://github.com/deonmenezes/mantishack", + "license": "Apache-2.0 OR MIT", + "keywords": [ + "security", + "pentest", + "bug-bounty", + "offensive-security", + "vulnerability-scanner", + "mcp" + ], + "mcpServers": "./.mcp.json", + "interface": { + "displayName": "Mantis", + "shortDescription": "Autonomous bug bounty hunting for authorized engagements.", + "longDescription": "Mantis runs a 7-phase finite-state machine — RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT — with parallel hunter sub-agents, cryptographic scope enforcement, and BLAKE3/Ed25519 Merkle event logs. Generates disclosure-ready reports in Markdown, PDF, HackerOne, Bugcrowd, SARIF, and OpenVEX formats. AUTHORIZED USE ONLY — never run against assets you do not own or have explicit written authorization to test.", + "developerName": "Deon Menezes", + "category": "Security", + "capabilities": [ + "Interactive", + "MCP", + "Security" + ], + "composerIcon": "./assets/icon.svg", + "logo": "./assets/icon.svg", + "websiteURL": "https://mantishack.com", + "privacyPolicyURL": "https://github.com/deonmenezes/mantishack/blob/main/SECURITY.md", + "termsOfServiceURL": "https://github.com/deonmenezes/mantishack/blob/main/DISCLAIMER_BOB_STYLE.md", + "defaultPrompt": [ + "Start a Mantis hunt for example.com", + "Show Mantis status for the latest run", + "Generate a disclosure-ready report for the latest finding" + ], + "brandColor": "#0F1419" + } +} diff --git a/plugins/deonmenezes/mantishack/.mcp.json b/plugins/deonmenezes/mantishack/.mcp.json new file mode 100644 index 00000000..64ef9d75 --- /dev/null +++ b/plugins/deonmenezes/mantishack/.mcp.json @@ -0,0 +1,8 @@ +{ + "mcpServers": { + "mantis": { + "command": "npx", + "args": ["-y", "-p", "mantishack", "mantis-mcp"] + } + } +} diff --git a/plugins/deonmenezes/mantishack/assets/icon.svg b/plugins/deonmenezes/mantishack/assets/icon.svg new file mode 100644 index 00000000..0b0c603d --- /dev/null +++ b/plugins/deonmenezes/mantishack/assets/icon.svg @@ -0,0 +1,11 @@ + + + + + + + + + + +