Skip to main content

EXTENSIONS

User-built models, drivers, vaults, and reports — the parts that plug into swamp.

Filter by what you need and pull what fits.

Selection
22 results
label:security

Aws Default Sg Audit

@jentz/aws-default-sg-audit · v2026.06.22.0

Fleet audit for AWS Security Hub control EC2.2 ("VPC default security groups

upd Jun 220 pullsA100/100

Aws S3 Bucket Audit

@jentz/aws-s3-bucket-audit · v2026.06.22.0

Workflow-scope report that audits S3 buckets against standard security

upd Jun 2211 pullsA100/100

Discourse

@webframp/discourse · v2026.06.15.1

Query Discourse forums via the public REST API. List categories, browse

upd Jun 220 pullsA100/100

Threat Model

@webframp/threat-model · v2026.06.15.1

Agile threat modeling as an agent-guided concept model.

upd Jun 225 pullsA100/100

Aws/guardduty

@webframp/aws/guardduty · v2026.06.15.1

Query and inspect GuardDuty findings from a delegated administrator account,

upd Jun 227 pullsA100/100

Aws/securityhub Findings

@webframp/aws/securityhub-findings · v2026.06.15.1

Query and manage AWS Security Hub findings from a delegated administrator

upd Jun 2215 pullsA100/100

Shodan

@dougschaefer/shodan · v2026.06.16.1

Query the Shodan internet-wide scan database to find and profile internet-exposed devices. Single API key resolved from vault. Read the account plan and remaining credits, run searches that return trimmed device records (IP, org, product, location, open port, CVEs) with facet rollups, count results without spending query credits, pull the full banner history for one IP, do keyless InternetDB lookups (ports, CPEs, tags, CVEs), and request on-demand scans of IPs you own. Built for AV/IoT exposure recon.

upd Jun 161 pullsA100/100

Hashicorp Vault

@webframp/hashicorp-vault · v2026.06.15.1

HashiCorp Vault secrets management via REST API (KV v1 and v2)

upd Jun 1619 pullsA100/100

Trust Network

@mccormick/trust-network · v2026.06.13.1

Inventory and report on OIDC trust policies and workload-identity federation across GitHub, Google Cloud, and Cloudflare One.

upd Jun 1319 pullsA100/100

Cloudflare

@mccormick/cloudflare · v2026.06.09.1

Cloudflare One / Zero Trust Access discovery for swamp.

upd Jun 95 pullsA100/100

Cve/mini Shai Hulud

@swamp/cve/mini-shai-hulud · v2026.06.04.2

Scans deno.lock and package-lock.json files for npm packages compromised

upd Jun 412 pullsA100/100

Cve/dirtyfrag

@swamp/cve/dirtyfrag · v2026.06.04.2

Detects and mitigates the Dirty Frag Linux local privilege escalation

upd Jun 48 pullsA100/100

Azure

@dougschaefer/azure · v2026.05.27.3

Azure infrastructure management via az CLI — 31 model types covering compute, networking, data, security, RBAC, Azure Policy, Defender for Cloud, Entra directory, monitoring, DNS, DevOps, and subscription-wide topology with Mermaid diagrams and cost estimation.

upd May 2726 pullsA100/100

Tailscale

@keeb/tailscale · v2026.05.25.1

Install Tailscale on remote VMs over SSH and sync tailnet machine inventory from tailscale status JSON into per-machine resources.

upd May 253.0k pullsA100/100

Cloudflare Audit

@webframp/cloudflare-audit · v2026.05.24.1

Cloudflare security and configuration audit workflow.

upd May 2469 pullsA100/100

Macos Doctor

@alvagante/macos-doctor · v2026.05.22.1

Read-only local macOS security, sanity, and performance posture checks with a severity-rated report.

upd May 222 pullsB85/100

Github

@hivemq/github · v2026.05.22.67

GitHub models for swamp. Currently provides @hivemq/github/token, which audits a single GitHub token.

upd May 227 pullsB85/100

Mudroom

@hivemq/mudroom · v2026.05.20.61

Run Claude Code (and other workloads) inside a macOS apple/container sandbox.

upd May 2043 pullsB83/100

Mudroom

@bixu/mudroom · v2026.05.06.2

Run Claude Code (and other workloads) inside a macOS apple/container sandbox.

upd May 66 pullsA100/100

Github Security

@bixu/github-security · v2026.04.23.2

GitHub repository security auditing with support for native features and third-party tool detection

upd Apr 235 pullsA100/100

Tailnet Healthcheck

@bixu/tailnet-healthcheck · v2026.04.23.2

Tailnet health reporting — find devices running outdated Tailscale clients and alert via Slack

upd Apr 233 pullsA100/100

Tailscale

@john/tailscale · v2026.03.02.1

Tailscale tailnet management — 10 model types covering devices, users, ACLs, DNS, auth keys, webhooks, settings, contacts, posture, and log config. 22 workflows for device inventory, user lifecycle, ACL audit, security audit, compliance, incident response, monitoring, and more. Fix: OAuth token cache now keys on credentials so different tailnets/OAuth clients no longer share tokens.

upd Mar 226 pullsunscored