V

VulnClaw

An AI-powered penetration testing tool that automates information gathering, vulnerability discovery, exploitation, and report generation through natural language input.

🇨🇳 DomesticFreeOpen source开源LLMPythonCLIMCP
Platforms: WebDesktopAPI
Region
Domestic
Pricing
Free
Open source
Yes
GitHub Stars
★ 1.4k
Source
GitHub
Added
2026-07-01
Last verified
2026-07-01
VulnClaw

Overview

VulnClaw is an AI-driven CLI tool for penetration testing that automatically executes the full workflow—from information gathering to vulnerability exploitation and report generation—via natural language input. It combines large language models with an MCP toolchain, supports 13 LLM providers, and comes with 21 built-in penetration skills. Suitable for authorized penetration testing, CTF competitions, and security education. Users can operate it via simple command-line interface or Web UI.

Key features

  • Natural language-driven penetration testing
  • Supports 13 LLM providers
  • Built-in 21 penetration skills
  • Structured reasoning with adaptive reflection
  • Evidence-level hallucination gate

Use cases

Authorized penetration testingCTF competitionsSecurity educationRed team exercises

Pros

  • High automation level
  • Supports multiple LLM providers
  • Rich built-in skills
  • Web UI mode available

Limitations / notes

  • Requires internet connection
  • Higher learning curve
  • Dependent on API keys

Who it's for

Security researchersPenetration testersCTF playersSecurity educators

This overview was compiled by AI from public sources and may contain inaccuracies — please refer to the official site.

FAQ

Is it free?

Yes, the project is open-source and free to use.

Do I need scientific internet access?

Some features may require external API access, depending on the selected LLM provider.

Does it support Chinese?

Yes, it is compatible with multiple Chinese LLM providers.

Can it be used commercially?

Yes, but you must comply with the MIT license.

Something wrong? Let us know on the About page and we'll fix it.