Skip to main content
RAPTOR provides expert personas that embody specialized security research methodologies. These personas are extracted from RAPTOR’s Python codebase and made explicitly available for manual guidance and review.

What Are Personas?

Personas are specialized expert methodologies that:
  • Embody real expertise: Based on named security researchers and their approaches
  • Provide structured frameworks: Step-by-step methodologies for specific tasks
  • Already exist in Python: These are reference docs for internal Python methodologies
  • Load on-demand: Not automatically loaded - invoked only when needed
These personas already exist in RAPTOR’s Python code. This documentation makes them accessible to Claude Code users for manual guidance and review.

Available Personas

Exploit Developer

Mark Dowd methodologyGenerate working exploit proof-of-concepts (C++, Python, JavaScript)Token cost: ~650t

Crash Analyst

Charlie Miller / Halvar Flake traditionBinary crash analysis and exploitability assessmentToken cost: ~700t

CodeQL Analyst

Dataflow expertCodeQL dataflow path validation and false positive detectionToken cost: ~400t

Fuzzing Strategist

Expert strategistAFL++ fuzzing decisions and parameter tuningToken cost: ~300t

Binary Exploitation Specialist

Binary expertCrash exploit generation with structured outputToken cost: ~400t

Persona vs Agent

Agents:
  • Autonomous task orchestrators
  • Spawn other agents and manage workflows
  • Create working directories and artifacts
  • Examples: crash-analysis-agent, oss-forensics-agent
Personas:
  • Expert methodologies and frameworks
  • Loaded on-demand for specific analysis tasks
  • Apply specialized knowledge to user questions
  • Examples: Exploit Developer, Crash Analyst

How to Use Personas

Explicit Invocation Only

Personas are NOT auto-loaded. Invoke them explicitly when needed: 
"Use exploit developer persona to create PoC for SQLi in login.php"

What Happens

1

Persona Loads

Claude loads the persona file from tiers/personas/[name].md
2

Framework Applied

The persona’s methodology framework is applied to the problem
3

Expert Analysis

Analysis performed using expert criteria and structured approach
4

Structured Output

Returns structured verdict, code, or recommendations

Token Cost

Personas have zero token cost until explicitly invoked.
PersonaToken CostWhen Loaded
Exploit Developer~650tWhen invoked
Crash Analyst~700tWhen invoked
Security Researcher~620tWhen invoked
Patch Engineer~400tWhen invoked
Penetration Tester~350tWhen invoked
Fuzzing Strategist~300tWhen invoked
Binary Exploitation Specialist~400tWhen invoked
CodeQL Analyst~400tWhen invoked
Session impact: Only when explicitly requested

Integration with Python

Python already uses these personas internally: 
# packages/llm_analysis/agent.py
# Uses: Security Researcher + Exploit Developer personas
For vulnerability validation and exploit generation
These files make Python’s internal methodologies explicit and user-accessible. No Python code changes needed - personas are reference documentation only.

When to Use Each Persona

Use when:
  • Generating working exploit code (not templates)
  • Creating proof-of-concept demonstrations
  • Fixing broken or placeholder exploits
  • Need compilable, executable code
Don’t use when:
  • Just need theoretical analysis
  • Want recommendations instead of code
Use when:
  • Analyzing AFL++ crashes
  • Assessing binary exploitability
  • Understanding crash types and primitives
  • Need exploitability classification
Don’t use when:
  • Source code vulnerability analysis
  • Web application testing
Use when:
  • Validating CodeQL findings
  • Detecting false positives in dataflow analysis
  • Assessing sanitizer effectiveness
  • Source-to-sink path validation
Don’t use when:
  • Binary analysis
  • Runtime crash analysis
Use when:
  • Choosing AFL++ parameters
  • Deciding corpus strategy
  • Prioritizing crashes for analysis
  • Making fuzzing campaign decisions
Don’t use when:
  • Analyzing individual crashes
  • Exploit development
Use when:
  • Generating binary exploits from crashes
  • Need structured JSON output format
  • Must execute target binary in exploit
  • Creating C++ exploitation code
Don’t use when:
  • Web application exploits
  • Script-based vulnerabilities

Persona Methodologies

Security Researcher Framework

1

Source Control

Is the source attacker-controlled?
2

Sanitizer Analysis

Is sanitization effective or bypassable?
3

Reachability

Can an attacker trigger this code path?
4

Impact Assessment

What damage can be achieved?

Exploit Developer Principles

Crash Analyst Framework

1

Signal Interpretation

What does the crash signal indicate?
2

Register Analysis

Which registers are controlled?
3

Exploit Primitives

What primitives does this provide?
4

Mitigations Check

What protections are in place?
5

Feasibility Classification

Trivial, Moderate, Complex, or Infeasible?

Quality Standards

All personas enforce these quality standards:
  • Generate compilable code (test syntax)
  • Include complete imports and error handling
  • Document each step with comments
  • Provide usage instructions
  • State prerequisites and limitations
  • Demonstrate actual impact (not theoretical)

Future Expansion

Reserved space for additional personas:
  • security_researcher.md (vulnerability validation framework)
  • patch_engineer.md (secure patch creation)
  • penetration_tester.md (web payload generation)
  • offensive_security_researcher.md (research methodology)
Add personas when needed, not preemptively.

Next Steps

Exploit Developer

Learn Mark Dowd’s exploit development methodology

Crash Analyst

Explore binary crash analysis frameworks

CodeQL Analyst

Master dataflow validation techniques

Agent System

Return to agent system overview

Build docs developers (and LLMs) love

Get started for freeTalk to us