Skills / Engineering / Thrunt (Threat Hunting Workflows)

Thrunt (Threat Hunting Workflows)

Run structured threat-hunting workflows in agentic IDEs like Claude Code. Shapes hypotheses, maps the environment, plans and runs hunts, audits evidence, and publishes findings — with phase-based orchestration, forensics, and milestone tracking.

Thrunt is a threat-hunting framework for agentic coding tools. It drives the full hunt lifecycle through composable skills: shape a hypothesis, map the environment, plan a hunt, run it, validate findings, audit evidence, and publish. An autonomous orchestrator executes remaining phases (discuss to plan to execute) and tracks state across milestones, making repeatable, evidence-driven hunts practical inside the IDE.

security threat-hunting forensics detection incident-response

When to use

Use when running a threat hunt, forming and validating a detection hypothesis, mapping an environment for investigation, auditing collected evidence, or orchestrating a multi-phase hunt to a published report.

Examples

Shape a hypothesis

Frame a hunt from a suspicion

Shape a threat-hunting hypothesis around possible brute-force-to-persistence activity on our auth servers

Run the hunt autonomously

Execute remaining phases end to end

Run the remaining hunt phases autonomously and produce a session report with validated findings
Added to wishlist