Download
VulnClaw is an AI-powered penetration testing agent that turns natural language security goals into structured testing workflows. It combines LLM agents, MCP toolchains, penetration testing skills, and command-line automation to support authorized security assessments. The project can guide information gathering, vulnerability discovery, validation, and report generation while keeping the workflow organized through sessions and tools. Its newer architecture uses a goal-driven solving engine instead of a fixed-round loop, helping the agent stop when the goal is reached, the search space is exhausted, or a safety budget is met. It also includes evidence checks designed to reduce hallucinated conclusions by requiring real tool output before accepting key findings. VulnClaw is intended for authorized testing, CTFs, security education, and controlled red-team environments.
Features
- Natural language penetration testing workflow
- Goal-driven solving engine
- Evidence-based finding validation
- MCP toolchain integration
- CLI, TUI, and Web UI modes
- Structured report and PoC generation
Project Samples
