RAPTOR — Security Research Agent for Claude Code
Autonomous offensive and defensive security framework built on Claude Code. Performs static analysis, binary fuzzing, vulnerability discovery, exploit generation, and patch development. MIT.
%20by%20%E2%80%9ELisa%20Wischofsky%E2%80%9D%2C%20licensed%20under%20%E2%80%9ECC0%201.0%E2%80%9D%20(https%3A%2F%2Fcreativecommons.org%2Fpublicdomain%2Fzero%2F1.0%2F)%3C%2Fdc%3Arights%3E%3C%2Frdf%3ADescription%3E%3C%2Frdf%3ARDF%3E%3C%2Fmetadata%3E%3Cmask%20id%3D%22viewboxMask%22%3E%3Crect%20width%3D%22980%22%20height%3D%22980%22%20rx%3D%22490%22%20ry%3D%22490%22%20x%3D%220%22%20y%3D%220%22%20fill%3D%22%23fff%22%20%2F%3E%3C%2Fmask%3E%3Cg%20mask%3D%22url(%23viewboxMask)%22%3E%3Crect%20fill%3D%22url(%23backgroundLinear)%22%20width%3D%22980%22%20height%3D%22980%22%20x%3D%220%22%20y%3D%220%22%20%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22backgroundLinear%22%20gradientTransform%3D%22rotate(323%200.5%200.5)%22%3E%3Cstop%20stop-color%3D%22%23FFE4CC%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23FFD7BA%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3Cpath%20d%3D%22M269%20153c13-1%2027%201%2040%204%2017%205%2034%2011%2050%2020a91%2091%200%200%201%2044%2043h41l47-1a284%20284%200%200%201%20150%2043l22%2016%2022%2024a58%2058%200%200%201%208%2067c-2%204-7%206-11%203s-6-8-9-13l-16-26-10-23-35-1c-4%200-8-1-11-4l-14-10c-1%204-3%209-6%2012-3%204-9%200-13-1-22-4-44-6-67-6-24%200-47%203-71%206l-23%204-8-2-18-5%203%2017-1%2014c0%204-3%208-5%2012l-19%2037c-6%2017-12%2034-16%2052%200%202-1%204-3%205l-12%202c5%209%206%2020%205%2030-1%2012-3%2025-9%2036%207%209%209%2020%2010%2032%202%2019%200%2038-7%2055-2%205-5%2010-10%2012-1%201-4%201-4-1-2-3-2-7-2-11l-3-13-18-1c-8-2-16-7-21-14l-9-10a233%20233%200%200%201-28-159c6-39%2021-76%2044-107a330%20330%200%200%200-87%2053c-6-6-8-14-8-22%201-19%209-36%2021-51-19%2010-35%2022-51%2035-3%202-5%205-9%205l-7-10c-3-11%201-24%207-33%209-16%2025-29%2039-40%204-4%2010-8%2013-13%201-2%200-6-2-7l-9-3c-2-1-2-3%200-5%2012-13%2029-17%2045-22%2030-7%2061-9%2091-3-17-7-34-13-52-16h-11l1-2c3-3%208-4%2012-4Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M528%20244c41%206%2080%2022%20113%2047%2028%2021%2050%2049%2065%2081%2013%2028%2020%2060%2019%2091-1%2015-3%2030-8%2044h-2l1-21c1-30-2-59-13-87-10-30-28-57-50-79-42-40-98-62-156-63a243%20243%200%200%200-196%2094%20207%20207%200%200%200-40%20139l2%2025c8%200%2019%200%2025%207l-3%203-17%201c-12%201-24%205-33%2013a64%2064%200%200%200-17%2039c-5%2032%2012%2065%2039%2083%2016%2010%2036%2015%2055%209%204-2%209-5%2014-3%203%201%204%204%205%207a251%20251%200%200%200%2090%20100c8%207%2018%2013%2028%2018%2018%208%2038%2014%2057%2019l32%208c5%201%209%201%2013%203l-4%201c-25%202-48-3-72-10-12-3-23-7-34-12a306%20306%200%200%201-84-63l2%2028c1%2017%200%2035-6%2052-4%2012-11%2024-19%2034-10%2010-22%2019-34%2026-10%207-21%2014-32%2018l-16%205%209-9%2031-20%2022-17a95%2095%200%200%200%2032-56c2-14%202-28%202-43v-27c-10-14-22-29-27-46-17%208-38%207-55-1-17-7-32-19-43-33-12-17-19-36-21-56s2-40%2015-56c9-10%2022-18%2035-21-4-14-6-29-6-44a234%20234%200%200%201%2083-173%20249%20249%200%200%201%20199-55Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M653%20320c22%2022%2040%2049%2050%2079%2011%2028%2014%2057%2013%2087l-1%2021-5%2015-2%2013%202%2056c0%2021%201%2042-1%2063l-3%2047c-2%2016-7%2031-14%2045-11%2018-26%2033-44%2044-13%208-27%2012-41%2016l-38%2011-17%203c0%201%201%202%203%202%208%205%2017%205%2026%204-3%207-4%2014-2%2022%203%207%2011%2011%2017%2014%2012%206%2024%207%2036%209%207%206%2014%2014%2016%2024%202%208%202%2016-2%2023-5%2010-14%2018-24%2023-13%208-27%2014-42%2018a468%20468%200%200%201-222-1c-17-4-33-9-48-17-12-6-23-13-32-22-5-7-9-14-10-23%2011-4%2022-11%2032-18%2012-7%2024-16%2034-26%208-10%2015-22%2019-34%206-17%207-35%206-52l-2-28%2022%2023c19%2015%2040%2030%2062%2040%2011%205%2022%209%2034%2012%2024%207%2047%2012%2072%2010l4-1c-4-2-8-2-13-3l-32-8c-19-5-39-11-57-19l-29-17c-11-9-23-17-33-27a251%20251%200%200%201-56-74c-1-3-2-6-5-7-5-2-10%201-14%203-19%206-39%201-55-9a88%2088%200%200%201-39-83c1-14%207-28%2017-39%209-8%2021-12%2033-13l17-1%203-3c-6-7-17-7-25-7l-2-25a207%20207%200%200%201%2040-139%20243%20243%200%200%201%20196-94c58%201%20114%2023%20156%2063Z%22%20fill%3D%22%23ffffff%22%2F%3E%3Cpath%20d%3D%22M710%20522c3%200%203%204%204%206%203%2011%204%2023%205%2034l2%2021c1%2022%202%2043%201%2065-1%2021-1%2044-5%2065a136%20136%200%200%201-80%2099c-15%207-31%2011-48%2013v15c1%203%203%204%205%206%2012%206%2023%208%2036%2011%2012%203%2024%205%2036%2011-3%203-7%204-11%204-7%201-15-1-23-1-12-2-24-3-36-9-6-3-14-7-17-14-2-8-1-15%202-22-9%201-18%201-26-4-2%200-3-1-3-2l17-3%2038-11c14-4%2028-8%2041-16%2018-11%2033-26%2044-44%207-14%2012-29%2014-45l3-47c2-21%201-42%201-63l-2-56%202-13ZM252%20549c8%200%2017%201%2023%207%205%204%2010%209%2012%2015%201%203%200%206-2%208l-13%208c-7%206-7%2019%200%2025%206%205%2014%208%2021%2011%202%200%205%201%206%203-1%202-3%203-5%203-10%200-20-3-28-9-5-3-8-8-9-13-2-8-2-17%204-24%204-6%2011-9%2018-12-4-5-7-11-14-13-7-3-15-3-22-5l9-4Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M490%20492c7%203%2013%208%2019%2013%206%206%2012%2013%2013%2022%200%202%201%205-2%206l-4-8c2%209-3%2020-12%2024-6%203-13%204-19%203-9-1-17-6-23-13-4-6-6-14-4-21%201-8%205-15%2011-19a90%2090%200%200%200-55%2014c-5%203-10%207-13%2012-2%203-5%205-9%205-6%200-10-7-8-12l8-11c12-10%2026-18%2041-22%2019-6%2040-2%2057%207ZM681%20484c6%202%2014%204%2017%209%204%206%201%2013-6%2014%202%208%202%2017-3%2024-7%209-23%2011-31%203-5-6-9-14-8-22%201-4%203-7%206-11-12%203-21%2011-28%2020-4%205-6%2010-9%2016l-5%201%201-6a90%2090%200%200%201%2039-43c8-5%2017-7%2027-5Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M533%20358c6%202%209%208%2010%2014%200%208-3%2016-7%2022-3%203-7%204-10%201-4-3-2-10-2-15l-13%2010c-6%204-13%207-20%209-9%204-19%205-30%208l-25%208c-8%203-15%208-22%2012l-25%2017c-5%203-8%207-11%2012-2-4-1-8%201-11a401%20401%200%200%201%2035-29c16-13%2036-21%2055-28l28-11c8-4%2014-11%2021-16%205-2%2010-4%2015-3ZM626%20376l6%207c17%207%2033%207%2049%2016%204%202%207%206%209%2010s1%208-2%2012l-16-6c-12-6-24-7-36-11-7-3-14-4-19-10-4%208-4%2017-8%2026-1%201-1%204-4%203l-1-8%202-11c1-8%204-16%207-23%202-6%208-8%2013-5Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M603%20613v1c-4%208-11%2015-20%2018-3%201-7%201-9-1v-4c7-5%2016-9%2024-12l5-2Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M661%20646c3%203%206%208%207%2012%203%205%204%2011%203%2017l-4-5-1-2-10-15-1-1v-1c-1-2-2-3-1-5%202-2%204-1%207%200Zm-30%2025a40%2040%200%200%201%2029%2013c3%204%207%207%208%2010%202%204%202%208-2%2010-5%204-13%205-20%205a5207%205207%200%200%201-42%201l-28%203-18%201-10%202-19%201c1-3%202-4%205-5l5-6%204-3c7-7%2017-12%2026-17l2-1c10-5%2021-9%2031-11%2010-3%2019-4%2029-3Zm-6%2029c-1-7%201-14%204-20-11-1-22%200-32%203l-1%2011-1%207%2030-1Zm11-19%201%201%204%201c6%202%2011%207%2015%2012l3%203c-6%202-12%202-19%202h-10c4-6%206-12%206-19Zm-48%2020c-1-5%200-10%201-15a254%20254%200%200%200-43%2021c10-3%2021-4%2031-5l11-1Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M690%20460h30c9%201%2017%201%2026%204%203%201%205%204%204%208-4%205-10%206-16%207v29c-2%2014-3%2029-8%2043-4%2011-15%2019-25%2023-8%203-17%205-25%206-11%201-22-1-33-2-6-1-12-1-17-4-6-4-12-10-15-17-2-6-5-12-6-19-1-10-2-21%200-31-12-2-24-4-36-1l-4%205-1%2011c-1%2012-2%2025-6%2036-3%209-9%2016-16%2022l-15%208c-24%207-48%2012-73%2011-16-1-33-4-47-12-13-7-25-18-32-31l-4-13-1-23v-21c-7-1-13%200-19-4-3-2-4-7-1-10%203-4%209-5%2014-7%2015-6%2029-8%2045-11l19-2c18-2%2036-3%2054-2%2019%200%2037%201%2056%204%208%201%2015%205%2022%209l10%2011%2024%203%2012%201%202-9%207-8c9-5%2019-7%2028-10l47-4Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M707%20480c6%202%2013%208%2013%2015%201%204-3%208-7%208-6-1-9-7-12-11-2-2-4-2-4-5%200-5%206-8%2010-7ZM524%20487c8%201%2015%205%2020%2011%203%204%204%2010%202%2014s-7%206-12%204c-3-2-4-5-6-8-2-2-4-3-7-3l-12-5c-2-2-2-5%200-7%203-5%209-7%2015-6Z%22%20fill%3D%22%23fff%22%2F%3E%3Cpath%20d%3D%22M508%20220a271%20271%200%200%201%2097%2024c14%207%2029%2014%2042%2023%208%205%2016%2011%2022%2018l22%2025c-9%204-18%203-27%202-17-2-34-4-51-3l-8-1-7-5-12-8c0%204-1%207-3%2011-2%202-4%203-7%203-4-1-7-3-11-3a470%20470%200%200%200-155%203h-11l-18-6c1%209%204%2018%203%2026-1%204-1%208-3%2011-7%2014-15%2027-21%2042-7%2017-13%2035-17%2053%200%202-1%204-3%205l-12%202c5%209%206%2020%205%2030-1%2012-3%2026-9%2036%207%209%2010%2021%2010%2033%201%2019%200%2037-7%2055-2%204-5%209-10%2011-1%201-4%201-4-1-2-4-2-9-3-13-2-15-9-29-20-40-8-7-17-14-26-19-6-2-11-4-16-8l-6-8c-12-32-16-67-12-101a285%20285%200%200%201%2037-113c10-16%2022-30%2035-43%2010-9%2020-17%2031-23l14-5%2032-11%2019-2h43c23%200%2044-2%2067%200Z%22%20fill%3D%22%23000000%22%2F%3E%3C%2Fg%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
Installation avec revue préalable
Cet actif nécessite une revue. Le prompt copié demande un dry-run, affiche les écritures, puis continue seulement après confirmation.
npx -y tokrepo@latest install 938e0073-7c96-44de-aee0-550e4bead6c5 --target codexDry-run d'abord, confirmez les écritures, puis lancez cette commande.
What it is
RAPTOR is an autonomous offensive and defensive security framework built on Claude Code. It performs static analysis, binary fuzzing, vulnerability discovery, exploit generation, and patch development. RAPTOR turns Claude Code into a security research assistant that can analyze codebases for vulnerabilities and suggest fixes.
RAPTOR is for security researchers, penetration testers, and development teams who want AI-assisted vulnerability discovery and remediation in their codebases.
The project is actively maintained with regular releases and a growing user community. Documentation covers common use cases, and the open-source nature means you can inspect the source code, contribute fixes, and adapt the tool to your specific requirements.
How it saves time or tokens
Manual security auditing requires deep expertise and hours of code review per module. RAPTOR automates the repetitive parts: scanning for common vulnerability patterns (SQL injection, buffer overflows, insecure deserialization), fuzzing inputs, and generating proof-of-concept exploits. Human researchers focus on complex logic vulnerabilities while RAPTOR handles the checklist.
How to use
- Install Claude Code from claude.ai/download.
- Clone the RAPTOR repository and enter the project directory.
- Run RAPTOR commands to perform security analysis on your target codebase.
Example
# Clone RAPTOR
git clone https://github.com/gadievron/raptor
cd raptor
# Run static analysis on a target
claude 'Analyze the src/ directory for SQL injection vulnerabilities'
# Fuzz an API endpoint
claude 'Fuzz the /api/login endpoint with malformed JSON payloads'
# Generate a security report
claude 'Create a security audit report for this codebase'Related on TokRepo
- AI Tools for Security -- Security research and auditing tools
- AI Tools for Coding -- Code analysis and review tools
Common pitfalls
- RAPTOR relies on Claude Code's context window. Very large codebases exceed the context limit. Split the analysis into module-by-module scans for better results.
- Exploit generation is for authorized testing only. Running RAPTOR against systems you do not own or have permission to test violates computer fraud laws.
- Automated vulnerability scanners produce false positives. Always manually verify RAPTOR's findings before reporting them as confirmed vulnerabilities.
Before adopting this tool, evaluate whether it fits your team's existing workflow. Read the official documentation thoroughly, and start with a small proof-of-concept rather than a full migration. Community forums, GitHub issues, and Stack Overflow are valuable resources when you encounter edge cases not covered in the documentation.
Questions fréquentes
RAPTOR can detect SQL injection, cross-site scripting (XSS), buffer overflows, insecure deserialization, path traversal, command injection, and other common vulnerability classes through static analysis and fuzzing.
Yes. RAPTOR is built as a skill set for Claude Code. It uses Claude's reasoning capabilities to analyze code, understand control flow, and generate exploits and patches.
Yes. RAPTOR is released under the MIT license. The full source code and skill definitions are available on GitHub.
Yes. After identifying a vulnerability, RAPTOR can generate a patch that fixes the issue. It explains the vulnerability, shows the proof of concept, and provides a corrected code snippet.
RAPTOR is a research tool that augments human security researchers. It can accelerate the discovery phase, but production security audits should always include manual review and verification of automated findings.
Sources citées (3)
- RAPTOR GitHub— RAPTOR is an autonomous security research framework for Claude Code
- RAPTOR README— Static analysis and fuzzing for vulnerability discovery
- Anthropic Claude Code— Claude Code for AI-assisted coding
En lien sur TokRepo
Source et remerciements
Created by Gadi Evron and team. Licensed under MIT.
raptor — ⭐ 1,800+
Thank you to the RAPTOR team for building an AI-powered security research framework on Claude Code.
Fil de discussion
Actifs similaires
Claude Forge — Plugin Framework for Claude Code
Supercharge Claude Code with 11 AI agents, 36 commands, and 15 skills. The oh-my-zsh-inspired plugin framework with 6-layer security hooks. 5-minute install. 640+ GitHub stars.
Claude Code Agent: Cloud Architect — AWS/GCP/Azure Design
Claude Code agent for cloud architecture. Infrastructure design, cost optimization, security best practices across AWS, GCP, and Azure.
AgentShield — Security Audit for Claude Code
Security auditor for Claude Code configs. Scans `.claude/` for secrets, risky permissions, hook injection, and MCP misconfigs; outputs CI-ready reports.
Claude Code Hooks — Custom Automation Recipes
Collection of ready-to-use Claude Code hook recipes for automating code formatting, testing, notifications, and security checks. Copy-paste into settings.json. Community-maintained.