VulnClaw
VulnClaw is an AI-powered penetration testing CLI tool that automates the full testing workflow—reconnaissance, vulnerability discovery, exploitation, and reporting—using natural language commands and LLM agents. It integrates with 13+ LLM providers and includes 21 built-in penetration skills.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Unclecheng-li/VulnClaw |
| Owner | Unclecheng-li |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 2k |
| Forks | 261 |
| Open issues | 8 |
| Latest release | v0.3.3 (2026-07-08) |
| Last updated | 2026-07-08 |
| Source | https://github.com/Unclecheng-li/VulnClaw |
What VulnClaw is
Python-based Agent framework using OpenAI-compatible APIs, MCP toolchain (fetch, memory, chrome-devtools, burp), and a target-driven solver engine that models penetration testing as state-space search. Features evidence-gated conclusion validation, adaptive payload mutation (L0-L4), and plugin-based vulnerability detection with persistent session management.
Get the VulnClaw source
Clone the repository and explore it locally.
git clone https://github.com/Unclecheng-li/VulnClaw.gitcd VulnClaw# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- API Key Management: Store LLM API keys securely (env vars, secret manager); no built-in encryption for config file. Review 'vulnclaw config' security practices before production use.
- MCP Service Setup: fetch and memory are local, but chrome-devtools and burp require external MCP servers. Plan infrastructure for browser automation and HTTP proxy interop.
- Python Code Execution Risk: Built-in python_execute tool is labeled 'experimental' and 'high-risk'—not a hardened sandbox. Restrict to authorized personnel and isolated networks.
- LLM Provider Costs: Continuous penetration testing (100 rounds/cycle × 10 cycles) can incur significant API spend; token budgets and cost controls depend on external provider billing.
- Session Persistence: All state (facts, findings, payloads) stored in SQLite under /data; ensure backups and retention policy align with compliance (data retention, incident response timeline).
When to avoid it — and what to weigh
- Unauthorized Security Testing — Project explicitly requires authorized-only usage (badge: 'Scope: Authorized Only'). Running against unauthorized targets violates legal and ethical boundaries and is grounds for legal liability.
- Offline or Air-Gapped Environments — Core functionality depends on external LLM APIs (OpenAI, Anthropic, DeepSeek, etc.); no standalone offline mode. All-in-one air-gapped deployment requires hosting a compatible LLM locally and reconfiguring base URLs.
- Non-Python or Legacy Architecture Teams — Python 3.10+ required; tight coupling to LLM agent loop, MCP services, and SQLite session storage. Not suitable for Go/Rust infrastructure or teams without Python expertise in the security ops workflow.
- Deterministic/Auditable Compliance Requirements — Agent behavior is non-deterministic (LLM model sampling, tool selection, payload mutation order). Full audit trail and policy enforcement require external orchestration; not inherently SOC2/ISO27001 ready.
License & commercial use
MIT License (permissive open-source). Allows commercial use, modification, and redistribution with attribution and license copy. No restrictions on proprietary deployment or SaaS use.
MIT is a permissive OSI-approved license permitting unrestricted commercial deployment, integration, and modification. However, the tool's legitimate use is restricted to authorized security testing; using it for unauthorized testing—even under a commercial service—is illegal. Ensure end-user contracts include authorization clauses, insurance, and legal review. No warranty or liability limitation stated in license itself.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
User Responsibility: Tool is purpose-built for authorized penetration testing; illegal use carries criminal liability. Authorization Validation: TUI workbench includes scope management UI, but enforcement relies on user discipline—no kernel-level isolation. LLM API Exposure: All test data, prompts, and findings sent to external LLM API; review privacy policy of chosen provider. Python Code Execution: python_execute tool runs arbitrary code—only for trusted operators in isolated networks. Session Data: SQLite stores facts, payloads, and findings in plaintext; encrypt at rest if sensitive. Model Injection: LLM prompt injection in user-supplied target descriptions or payloads could manipulate tool behavior—sanitize inputs.
Alternatives to consider
Metasploit Framework / Burp Suite Pro
Established, battle-tested commercial (Burp) and open-source (Metasploit) penetration testing suites with large communities, extensive exploit databases, and strong compliance audit trails. No LLM dependency; deterministic behavior. Trade-off: lower automation on endpoint-to-flag workflows; manual stage orchestration.
Nuclei (Projectdiscovery) + Custom Scripts
Fast, template-based vulnerability scanner with YAML-driven rules and strong community templates. Lighter weight and more deterministic than LLM-driven agents. Trade-off: no interactive agent reasoning; requires manual multi-stage chaining for complex exploitation flows.
ChatGPT / Claude + Manual Prompting
Free or subscription-based web access to capable LLMs without infrastructure overhead. Suitable for ad-hoc, low-stakes testing and learning. Trade-off: no integrated tool framework (nmap, HTTP proxies, codec); requires manual output parsing and session management; no persistent evidence gating.
Build on VulnClaw with DEV.co software developers
Get started with VulnClaw: install via pip, set your LLM API key, and run `vulnclaw run <target>` to begin. Use the TUI workbench to define authorization scopes. Requires Python 3.10+ and authorized-only usage.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
VulnClaw FAQ
Can I use VulnClaw for unauthorized security testing?
Do I need to pay for LLM API access?
Can I run VulnClaw offline or in an air-gapped network?
Is this a replacement for Metasploit or Burp Suite?
Software development & web development with DEV.co
Adopting VulnClaw is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.
Automate Your Authorized Security Testing with AI
Get started with VulnClaw: install via pip, set your LLM API key, and run `vulnclaw run <target>` to begin. Use the TUI workbench to define authorization scopes. Requires Python 3.10+ and authorized-only usage.