VulnClaw
An AI-powered penetration testing tool that automates information gathering, vulnerability discovery, exploitation, and report generation through natural language input.
- Region
- Domestic
- Pricing
- Free
- Open source
- Yes
- GitHub Stars
- ★ 1.4k
- Source
- GitHub
- Added
- 2026-07-01
- Last verified
- 2026-07-01
Overview
VulnClaw is an AI-driven CLI tool for penetration testing that automatically executes the full workflow—from information gathering to vulnerability exploitation and report generation—via natural language input. It combines large language models with an MCP toolchain, supports 13 LLM providers, and comes with 21 built-in penetration skills. Suitable for authorized penetration testing, CTF competitions, and security education. Users can operate it via simple command-line interface or Web UI.
Key features
- ▪Natural language-driven penetration testing
- ▪Supports 13 LLM providers
- ▪Built-in 21 penetration skills
- ▪Structured reasoning with adaptive reflection
- ▪Evidence-level hallucination gate
Use cases
Pros
- +High automation level
- +Supports multiple LLM providers
- +Rich built-in skills
- +Web UI mode available
Limitations / notes
- -Requires internet connection
- -Higher learning curve
- -Dependent on API keys
Who it's for
This overview was compiled by AI from public sources and may contain inaccuracies — please refer to the official site.
FAQ
Is it free?
Yes, the project is open-source and free to use.
Do I need scientific internet access?
Some features may require external API access, depending on the selected LLM provider.
Does it support Chinese?
Yes, it is compatible with multiple Chinese LLM providers.
Can it be used commercially?
Yes, but you must comply with the MIT license.
Something wrong? Let us know on the About page and we'll fix it.