Overview RAPTOR offers two interfaces:
Claude Code (recommended): Natural language interface with interactive workflowsPython CLI : Command-line interface for scripting and CI/CD integration
This guide covers both approaches.
Claude Code quick start Use RAPTOR with plain English in Claude Code via slash commands.
Clone and open RAPTOR
git clone https://github.com/gadievron/raptor.git cd raptor claude
Install dependencies
Let Claude install dependencies for you: "Install dependencies from requirements.txt" "Install semgrep" "Set my ANTHROPIC_API_KEY to [your-key]"
Check DEPENDENCIES.md for licenses of the various tools before installing.
Start using RAPTOR
Just say “hi” to get started, then try: /scan - Scan code for vulnerabilities /fuzz - Fuzz binaries (asks to install AFL++ if needed) /web - Test web applications
Try /analyze on one of the test cases in /tests/data Natural language examples Just talk naturally to Claude:
Code scanning /scan - scan this directory /scan - find secrets in my code /scan - check for SQL injection vulnerabilities
Binary fuzzing /fuzz - fuzz this binary /fuzz - test ./myapp for 5 minutes /fuzz - find crashes in /usr/local/bin/myapp
Web testing /web - test my website /web - scan https://localhost:3000 for XSS /web - check this app for OWASP Top 10
The /web command is currently in alpha status. Treat as experimental.
Interactive workflow example Here’s what a typical RAPTOR session looks like:
You: /scan - scan this code Claude: I'll scan the current directory with RAPTOR... [Runs scan...] Found 5 vulnerabilities! 1. SQL Injection (CRITICAL) - api/db.py:23 Generated exploit: out/exploits/sqli_001.py Generated patch: out/patches/sqli_001.patch Would you like me to: 1. Apply the patches? 2. Explain the SQL injection? 3. Show the exploit code? You: Show me the exploit Claude: [Reads and displays the exploit code] This exploit works by... You: Apply the patch for that one Claude: [Applies the patch using Edit tool] ✓ Patch applied! The SQL injection is now fixed. Want me to scan again to verify the fix?
Benefits of Claude Code interface
No command-line syntax to remember
AI understands your intent
Results explained in plain English
Interactive fix workflow
Fast and autonomous
Python CLI quick start For scripting or CI/CD integration, use the Python CLI directly.
Clone the repository
git clone https://github.com/gadievron/raptor.git cd raptor
Install Python dependencies
pip install -r requirements.txt
Install external tools
# Install Semgrep pip install semgrep # Optional: Install AFL++ for fuzzing # macOS: brew install afl++ # Ubuntu/Debian: sudo apt install afl++
Configure LLM provider
# For Anthropic Claude (recommended) export ANTHROPIC_API_KEY = your-key-here # For OpenAI export OPENAI_API_KEY = your-key-here # For local Ollama (free) export OLLAMA_HOST = http :// localhost : 11434
Run your first scan
# Full autonomous workflow python3 raptor.py agentic --repo /path/to/code # Static analysis only python3 raptor.py scan --repo /path/to/code # Binary fuzzing python3 raptor.py fuzz --binary /path/to/binary --duration 3600
Python CLI examples Scan repository
Full autonomous workflow
Binary fuzzing
CodeQL analysis
# Scan for all vulnerabilities python3 raptor.py scan --repo /path/to/code # Scan for specific policy groups python3 raptor.py scan --repo /path/to/code --policy_groups secrets
Using the devcontainer A devcontainer with all prerequisites pre-installed is available for easy onboarding.
Open in VS Code
Use the command Dev Container: Open Folder in Container in VS Code or any of its forks.
Or build with Docker
docker build -f .devcontainer/Dockerfile -t raptor-devcontainer:latest .
What’s included in the devcontainer Pre-installed security tools:
Semgrep (static analysis)
CodeQL CLI v2.15.5 (semantic code analysis)
AFL++ (fuzzing)
rr debugger (deterministic record-replay debugging)
Build & debugging tools:
gcc, g++, clang-format, make, cmake, autotools
gdb, gdb-multiarch, binutils
Web testing (alpha):
Playwright browser automation (Chromium, Firefox, Webkit browsers)
The devcontainer is massive (~6GB), starting with Microsoft Python 3.12 devcontainer and adding static analysis, fuzzing, and browser automation tools.
The devcontainer runs with --privileged flag required for rr debugger.
Available commands Main entry point /raptor - RAPTOR security testing assistant (start here for guidance)
Security testing /scan - Static code analysis (Semgrep + CodeQL) /fuzz - Binary fuzzing with AFL++ /web - Web application security testing (alpha) /agentic - Full autonomous workflow (analysis + exploit/patch generation) /codeql - CodeQL-only deep analysis with dataflow /analyze - LLM analysis only (no exploit/patch generation - 50% faster & cheaper)
Exploit development & patching /exploit - Generate exploit proof-of-concepts (beta) /patch - Generate security patches for vulnerabilities (beta) /crash-analysis - Analyze an FFmpeg crash and generate validated root-cause analysis
Forensics & investigation /oss-forensics - Evidence-backed forensic investigation for public GitHub repositories
Development & testing /create-skill - Save custom approaches (experimental) /test-workflows - Run comprehensive test suite (stub)
Example output Here’s what RAPTOR output looks like:
╔═══════════════════════════════════════════════════════════════════════════╗ ║ ║ ║ ██████╗ █████╗ ██████╗ ████████╗ ██████╗ ██████╗ ║ ║ ██╔══██╗██╔══██╗██╔══██╗╚══██╔══╝██╔═══██╗██╔══██╗ ║ ║ ██████╔╝███████║██████╔╝ ██║ ██║ ██║██████╔╝ ║ ║ ██╔══██╗██╔══██║██╔═══╝ ██║ ██║ ██║██╔══██╗ ║ ║ ██║ ██║██║ ██║██║ ██║ ╚██████╔╝██║ ██║ ║ ║ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ║ ║ ║ ║ Autonomous Offensive/Defensive Research Framework ║ ║ Based on Claude Code - v1.0-beta ║ ║ ║ ╚═══════════════════════════════════════════════════════════════════════════╝ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣤⣤⣀⣀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣾⣿⣿⠿⠿⠟ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣀⣀⣀⣀⣀⣤⣴⣶⣶⣶⣤⣿⡿⠁⠀⠀⠀ ⣀⠤⠴⠒⠒⠛⠛⠛⠛⠛⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠁⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⣿⣿⣿⡟⠻⢿⡀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣾⢿⣿⠟⠀⠸⣊⡽⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡇⣿⡁⠀⠀⠀⠉⠁⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⠿⣿⣧⠀ Get them bugs.....
Next steps
Installation Detailed installation instructions and environment setup
Architecture Learn about RAPTOR’s technical architecture
Claude Code usage Complete guide to using RAPTOR with Claude Code
Python CLI Full Python command-line reference
