VulnClaw

VulnClaw

An penetration testing tool powered by AI Agent and MCP toolchain, supporting natural language input and full workflow automation.

Agent SkillDevOpen source渗透测试AI AgentMCP 工具链
Type
Agent Skill
Open source
Yes
GitHub Stars
★ 1.1k
Source
skill-github

Overview

VulnClaw is an AI-driven CLI penetration testing tool that automates the entire process—from information gathering and vulnerability discovery to exploitation and report generation—via natural language input. It combines LLM Agents with the MCP toolchain, supports multiple LLM providers, and includes numerous built-in penetration skills and tools. Suitable for authorized penetration testing, CTF competitions, security education, and red team exercises. Users can perform efficient penetration tests through simple command-line operations or a Web UI.

Capabilities

  • Natural language-driven penetration testing
  • Information gathering and fingerprinting
  • Vulnerability detection and exploitation
  • Automated generation of structured reports
  • Support for multiple LLM providers
  • Built-in encoding/decoding and encryption/decryption tools

Use cases

Authorized penetration testingCTF competitionsSecurity educationRed team exercises

Setup

Requires: API KeyNode 环境Python 3.10+
pip install vulnclaw or install from source: git clone https://github.com/Unclecheng-li/VulnClaw.git && cd VulnClaw && pip install -e .

This information was compiled by AI from public sources and may contain inaccuracies — please refer to the source.

FAQ

How to set the API Key?

Use the command `vulnclaw config set llm.api_key sk-your-key-here`.

Which LLM providers are supported?

Supports 13 providers including OpenAI, MiniMax, DeepSeek, Zhipu, Moonshot, Qwen, and more.

How to start the Web UI?

Use the command `vulnclaw web` to launch the local Web interface, default address: `http://127.0.0.1:7788`.

Related skills