Claude Skill

Unclecheng-li/VulnClaw

VulnClaw automates penetration testing using AI Agent, MCP tool chain, and Skill orchestration. Input natural language to trigger info gathering, vulnerability discovery, exploitation, and report g...

Overview

Stars541
Forks82
LanguagePython
Last pushed2026-06-16
Last synced2026-06-17
View on GitHub

Repository

OwnerUnclecheng-li
RepositoryVulnClaw
Full nameUnclecheng-li/VulnClaw
Repo ID1,214,349,536
GitHub URLhttps://github.com/Unclecheng-li/VulnClaw

Install this Skill

pip install vulnclaw
GitHub

Registry

Typemcp_server
Quality score80/100
Verificationreadme_parsed
Last verified2026-06-11
Platforms
MCPOpenClaw
Capabilities
memorysearchimageterminalaiai-agentai-toolsctfcybersecurityopenclaw
Detected files
README.mdREADME_EN.mdpyproject.tomltests
Config keys
URLVULNCLAW_LLM_API_KEYVULNCLAW_LLM_BASE_URL
Install methods
  • pip install vulnclaw
  • git clone https://github.com/Unclecheng-li/VulnClaw.git
  • pip install -e .
  • npx: 已安装
  • pip install vulnclaw[web]

Summary

VulnClaw is an AI-driven penetration testing framework that combines AI Agent, MCP tool chain, and penetration Skill orchestration with large language models to automate the full workflow from natural language input to information gathering, vulnerability discovery, exploitation, and report generation.

Chinese description

基于AI Agent + MCP工具链 + 渗透Skill编排,配合大语言模型,实现自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。

Key features

  • AI Agent + MCP tool chain orchestration
  • Penetration Skill orchestration for automated workflows
  • Natural language input to full penetration pipeline
  • End-to-end automation: info gathering → exploit → report

Use cases

  • Automated penetration testing for web applications
  • CTF challenge automation with AI assistance
  • Security assessment report generation
  • Vulnerability discovery and exploitation pipeline

README excerpt

<div align="center"> # VulnClaw 🦞 > *AI 驱动的渗透测试 CLI 工具 — 说人话,打漏洞。* [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) [![Python 3.10+](https://img.shields.io/badge/Python-3.10+-blue.svg)](https://www.python.org/) [![OpenAI Compatible](https://img.shields.io/badge/API-OpenAI_Compatible-green)](https://platform.openai.com/) [![MCP](https://img.shields.io/badge/Toolchain-MCP-orange)](https://modelcontextprotocol.io/) [![PyPI](https://img.shields.io/badge/PyPI-v0.3.0-blueviolet)](https://pypi.org/project/vulnclaw/) [![Security](https://img.shields.io/badge/Scope-Authorized_Only-red)](#-安全声明) <br> 🌐 **English version**: [`README_EN.md`](README_EN.md) **本项目是可独立运行的 AI 渗透测试 Agent。** <br> 基于 LLM Agent + MCP 工具链 + 渗透 Skill 编排, 配合 OpenAI / MiniMax / DeepSeek 等兼容模型, 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。 [快速开始](#快速开始) · [架构设计](#️-架构) · [Skill 体系](#-内置-skill) </div> --- ## 它能做什么 输入自然语言,AI 自动执行渗透测试全流程: ``` 用户输入:帮我对 http://target.example.com 进行渗透测试 VulnClaw 自动执行: Round 1: 信息收集 → 指纹识别、端口扫描、目录枚举 Round 2: 漏洞发现 → 检测注入点、已知 CVE、配置缺陷 Round 3: 漏洞利用 → PoC 验证、权限获取 Round 4: 报告生成 → 结构化报告 + Python PoC 脚本 ``` <img width="1148" height="642" alt="image" src="https://github.com/user-attachments/assets/576e1cf6-25da-4969-864b-40e77d020dbf" /> 适用于已授权的渗透测试、CTF 竞赛、安全教学、红队演练等场景。 --- ## 特性 - **自然语言驱动** — 用人话描述渗透意图,自动识别阶段和工具 - **13 个 LLM Provider** — OpenAI / MiniMax / DeepSeek / 智谱 / Moonshot / 千问 / SiliconFlow / 豆包 / 百川 / 阶跃星辰 / 商汤 / 零一万物,一键切换 - **MCP 工具链** — 已内置 12 个 MCP 服务配置和 23 个工具定义;当前 `fetch` / `memory` 以稳定的 `local` 模式运行,其余 MCP 集成多仍处于预览或占位阶段,待完整 session 生命周期管理落地后再逐步恢复真实协议接入 - **AI Agent 核心** — OpenAI 兼容协议 + Tool Calling + 自主渗透循环 - **21 个渗透 Skill** — 7 核心 + 14 专项 Skill(含 CTF Web/Crypto/Misc、osint-recon、secknowledge-skill),含 180 个参考文档 - **

Topics

aiai-agentai-toolsctfcybersecurityopenclawpenetration-testingpenetration-testing-toolssecurity-toolsskill

Explore more

Owner: Unclecheng-liLanguage: Python

Data from GitHub. Synced on 2026-06-17