DEV.co
Open-Source Security · Unclecheng-li

VulnClaw

VulnClaw is an AI-powered penetration testing CLI tool that automates the full testing workflow—reconnaissance, vulnerability discovery, exploitation, and reporting—using natural language commands and LLM agents. It integrates with 13+ LLM providers and includes 21 built-in penetration skills.

Source: GitHub — github.com/Unclecheng-li/VulnClaw
2k
GitHub stars
261
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryUnclecheng-li/VulnClaw
OwnerUnclecheng-li
Primary languagePython
LicenseMIT — OSI-approved
Stars2k
Forks261
Open issues8
Latest releasev0.3.3 (2026-07-08)
Last updated2026-07-08
Sourcehttps://github.com/Unclecheng-li/VulnClaw

What VulnClaw is

Python-based Agent framework using OpenAI-compatible APIs, MCP toolchain (fetch, memory, chrome-devtools, burp), and a target-driven solver engine that models penetration testing as state-space search. Features evidence-gated conclusion validation, adaptive payload mutation (L0-L4), and plugin-based vulnerability detection with persistent session management.

Quickstart

Get the VulnClaw source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Unclecheng-li/VulnClaw.gitcd VulnClaw# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized Penetration Testing & Red Team Exercises

Automate the full testing pipeline (recon → discovery → exploitation → reporting) for authorized targets; scales from single endpoint to continuous monitoring with 100 rounds/cycle × 10 cycles.

CTF Competitions & Security Training

Self-contained tool with 7 core + 14 specialized skills (Web, Crypto, Misc, OSINT), 29 codec/crypto operations, Python code execution, and structured reasoning suitable for capture-the-flag scenarios and hands-on labs.

Security Assessment Reporting & Documentation

Automatically generates structured Markdown reports and executable Python PoC scripts; TUI workbench and Web UI for managing authorization scopes, test ranges, and inline constraint tracking.

Implementation considerations

  • API Key Management: Store LLM API keys securely (env vars, secret manager); no built-in encryption for config file. Review 'vulnclaw config' security practices before production use.
  • MCP Service Setup: fetch and memory are local, but chrome-devtools and burp require external MCP servers. Plan infrastructure for browser automation and HTTP proxy interop.
  • Python Code Execution Risk: Built-in python_execute tool is labeled 'experimental' and 'high-risk'—not a hardened sandbox. Restrict to authorized personnel and isolated networks.
  • LLM Provider Costs: Continuous penetration testing (100 rounds/cycle × 10 cycles) can incur significant API spend; token budgets and cost controls depend on external provider billing.
  • Session Persistence: All state (facts, findings, payloads) stored in SQLite under /data; ensure backups and retention policy align with compliance (data retention, incident response timeline).

When to avoid it — and what to weigh

  • Unauthorized Security Testing — Project explicitly requires authorized-only usage (badge: 'Scope: Authorized Only'). Running against unauthorized targets violates legal and ethical boundaries and is grounds for legal liability.
  • Offline or Air-Gapped Environments — Core functionality depends on external LLM APIs (OpenAI, Anthropic, DeepSeek, etc.); no standalone offline mode. All-in-one air-gapped deployment requires hosting a compatible LLM locally and reconfiguring base URLs.
  • Non-Python or Legacy Architecture Teams — Python 3.10+ required; tight coupling to LLM agent loop, MCP services, and SQLite session storage. Not suitable for Go/Rust infrastructure or teams without Python expertise in the security ops workflow.
  • Deterministic/Auditable Compliance Requirements — Agent behavior is non-deterministic (LLM model sampling, tool selection, payload mutation order). Full audit trail and policy enforcement require external orchestration; not inherently SOC2/ISO27001 ready.

License & commercial use

MIT License (permissive open-source). Allows commercial use, modification, and redistribution with attribution and license copy. No restrictions on proprietary deployment or SaaS use.

MIT is a permissive OSI-approved license permitting unrestricted commercial deployment, integration, and modification. However, the tool's legitimate use is restricted to authorized security testing; using it for unauthorized testing—even under a commercial service—is illegal. Ensure end-user contracts include authorization clauses, insurance, and legal review. No warranty or liability limitation stated in license itself.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

User Responsibility: Tool is purpose-built for authorized penetration testing; illegal use carries criminal liability. Authorization Validation: TUI workbench includes scope management UI, but enforcement relies on user discipline—no kernel-level isolation. LLM API Exposure: All test data, prompts, and findings sent to external LLM API; review privacy policy of chosen provider. Python Code Execution: python_execute tool runs arbitrary code—only for trusted operators in isolated networks. Session Data: SQLite stores facts, payloads, and findings in plaintext; encrypt at rest if sensitive. Model Injection: LLM prompt injection in user-supplied target descriptions or payloads could manipulate tool behavior—sanitize inputs.

Alternatives to consider

Metasploit Framework / Burp Suite Pro

Established, battle-tested commercial (Burp) and open-source (Metasploit) penetration testing suites with large communities, extensive exploit databases, and strong compliance audit trails. No LLM dependency; deterministic behavior. Trade-off: lower automation on endpoint-to-flag workflows; manual stage orchestration.

Nuclei (Projectdiscovery) + Custom Scripts

Fast, template-based vulnerability scanner with YAML-driven rules and strong community templates. Lighter weight and more deterministic than LLM-driven agents. Trade-off: no interactive agent reasoning; requires manual multi-stage chaining for complex exploitation flows.

ChatGPT / Claude + Manual Prompting

Free or subscription-based web access to capable LLMs without infrastructure overhead. Suitable for ad-hoc, low-stakes testing and learning. Trade-off: no integrated tool framework (nmap, HTTP proxies, codec); requires manual output parsing and session management; no persistent evidence gating.

Software development agency

Build on VulnClaw with DEV.co software developers

Get started with VulnClaw: install via pip, set your LLM API key, and run `vulnclaw run <target>` to begin. Use the TUI workbench to define authorization scopes. Requires Python 3.10+ and authorized-only usage.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

VulnClaw FAQ

Can I use VulnClaw for unauthorized security testing?
No. The project explicitly requires 'Authorized Only' scope. Using it against systems without explicit written authorization violates computer fraud laws (CFAA in US, equivalent in other jurisdictions) and is grounds for criminal prosecution and civil liability.
Do I need to pay for LLM API access?
Yes, core functionality requires an external LLM API key (OpenAI, Anthropic, DeepSeek, etc.). Costs depend on token usage; continuous testing can incur significant charges. Some providers offer free tier credits (e.g., OpenAI $18/month) suitable for learning.
Can I run VulnClaw offline or in an air-gapped network?
Partially. If you host a compatible LLM locally (e.g., Ollama, vLLM) and reconfigure base_url, you can avoid external API calls. However, some MCP services (chrome-devtools, burp) still require network connectivity or external service hosting.
Is this a replacement for Metasploit or Burp Suite?
No. VulnClaw is complementary: it automates the decision-making layer (what to test next) using LLM reasoning, while relying on standard tools (nmap, curl, custom HTTP probes) for execution. It does not replace the exploit database (Metasploit) or interactive proxy (Burp).

Software development & web development with DEV.co

Adopting VulnClaw is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.

Automate Your Authorized Security Testing with AI

Get started with VulnClaw: install via pip, set your LLM API key, and run `vulnclaw run <target>` to begin. Use the TUI workbench to define authorization scopes. Requires Python 3.10+ and authorized-only usage.