Thrunt (Threat Hunting Workflows)
Run structured threat-hunting workflows in agentic IDEs like Claude Code. Shapes hypotheses, maps the environment, plans and runs hunts, audits evidence, and publishes findings — with phase-based orchestration, forensics, and milestone tracking.
Thrunt is a threat-hunting framework for agentic coding tools. It drives the full hunt lifecycle through composable skills: shape a hypothesis, map the environment, plan a hunt, run it, validate findings, audit evidence, and publish. An autonomous orchestrator executes remaining phases (discuss to plan to execute) and tracks state across milestones, making repeatable, evidence-driven hunts practical inside the IDE.
When to use
Use when running a threat hunt, forming and validating a detection hypothesis, mapping an environment for investigation, auditing collected evidence, or orchestrating a multi-phase hunt to a published report.
Examples
Shape a hypothesis
Frame a hunt from a suspicion
Shape a threat-hunting hypothesis around possible brute-force-to-persistence activity on our auth servers
Run the hunt autonomously
Execute remaining phases end to end
Run the remaining hunt phases autonomously and produce a session report with validated findings