Clearwing is an autonomous offensive-security tool designed to replicate advanced vulnerability scanning and source-code hunting capabilities using widely accessible AI models. It targets security engineers and researchers, offering automated analysis of live systems and codebases, with detailed reporting and potential for automated patch validation, inspired by Anthropic's Glasswing.

How It Works

The tool features two primary modes: a Network-pentest agent that employs a ReAct-loop with 63 integrated tools for target scanning, service detection, vulnerability assessment, and gated exploit attempts; and a Source-code hunter utilizing a file-parallel pipeline. This pipeline ranks source files, deploys specialized agents for in-depth analysis, uses ASan/UBSan crashes as ground truth, verifies findings via an adversarial agent, and can optionally generate validated patches. Both modes are built on LangGraph and share a common substrate including a knowledge graph, capability probing, and a sandbox layer.

Quick Start & Requirements

Installation involves cloning the repository, navigating to the directory, and running uv sync --all-extras followed by activating the virtual environment. Key prerequisites include Python 3.10+, a recent Rust toolchain for the genai-pyo3 bridge, and optionally Docker for sandbox features. An interactive setup wizard (clearwing setup) simplifies provider and credential configuration. Core CLI commands include clearwing scan for network targets and clearwing sourcehunt for code repositories. Comprehensive documentation is available in the docs/ directory, with a quick start guide at docs/quickstart.md and provider recipes at docs/providers.md.

Highlighted Details

• Dual-mode operation: Network-pentest agent and Source-code hunter.
• Source-code hunter provides granular evidence levels, from suspicion to validated patches.
• Supports a wide range of LLM providers via OpenAI-compatible endpoints (e.g., Ollama, vLLM, Together, Groq).
• Automated patch generation capability for identified vulnerabilities.
• CI integration support with SARIF output for GitHub Code Scanning.

Maintenance & Community

The README does not detail specific community channels (like Discord/Slack), active maintainers, or sponsorship information. Vulnerabilities found by Clearwing in third-party software should be reported to the respective vendor's disclosure channel, while vulnerabilities in Clearwing itself should be submitted via GitHub Security Advisories.

Licensing & Compatibility

Clearwing is released under the MIT License. While permissive for commercial use, the tool is explicitly designated as dual-use and requires authorized testing against targets the operator owns or has explicit written permission to test.

Limitations & Caveats

The tool carries a strong warning regarding authorized use, emphasizing operator responsibility for scope, legal authorization, and disclosure. It is intended solely for targets with explicit permission. Specific technical limitations, unsupported platforms, or known bugs are not detailed in the provided README excerpt.