Autonomous Offensive/Defensive Security Research Framework

RAPTOR is an autonomous offensive/defensive security research framework built on Claude Code. It automates code scanning, fuzzing, vulnerability analysis, exploit generation, and patching, empowering security researchers with agentic workflows.

How It Works

RAPTOR integrates traditional security tools (Semgrep, CodeQL, AFL++) with advanced LLM reasoning. It orchestrates these components through an agentic workflow, enabling deep code understanding, automated exploitability proof, and patch generation. Its multi-layered architecture progresses from basic analysis to specialized expert personas for comprehensive security operations.

Quick Start & Requirements

Installation offers two options: a local setup requiring Claude Code, Semgrep, CodeQL, AFL++, Python 3.12, and an Anthropic API key, or a pre-built devcontainer (approx. 6GB) that bundles all prerequisites. The devcontainer requires a --privileged flag for the rr debugger. Official documentation is available for Claude Code usage and Python CLI reference.

Highlighted Details

• Autonomous capabilities include code scanning (Semgrep, CodeQL), binary fuzzing (AFL++), vulnerability analysis, exploit proof-of-concept generation, and automated patching.
• Supports FFmpeg-specific patching for recent disclosures.
• Features a multi-layered architecture with progressive disclosure and 9 on-demand expert personas.
• Offers dual interfaces: interactive Claude Code or Python CLI for scripting/CI/CD integration.
• Experimental benchmarks indicate comparable exploit generation quality and cost across frontier LLMs (Claude, GPT-4, Gemini).

Maintenance & Community

Described as an "early release" and "quick hack," RAPTOR actively welcomes community contributions to enhance its capabilities. It is currently in alpha. Collaboration and discussion occur on the #raptor channel at the Prompt||GTFO Slack.

Licensing & Compatibility

RAPTOR is licensed under MIT. However, users must be aware of external tool licenses, such as CodeQL's restriction against commercial use.

Limitations & Caveats

RAPTOR is an alpha project, characterized as a "quick hack" with "vibe coding and duct tape." It automatically installs dependencies unless the devcontainer is used. The devcontainer is substantial (~6GB). Local LLMs may produce non-compilable exploit code, necessitating frontier models for reliable exploit generation. The rr debugger requires the --privileged flag.