RAPTOR

RAPTOR (Recursive Autonomous Penetration Testing and Observation Robot) adopts a dual-layer architecture — a Python execution layer responsible for running Semgrep/CodeQL, parsing SARIF, and dispatching LLM calls; and a Claude Code decision layer handling prioritization, attack scenario definition, and exploitability judgment. Core capabilities include 12 slash commands covering fully autonomous auditing (/agentic), attack surface mapping (/understand), multi-stage vulnerability validation (/validate, a 4-stage pipeline for false positive filtering), deep CodeQL analysis (/codeql), AFL++ binary fuzzing (/fuzz), crash root cause analysis (/crash-analysis), PoC generation (/exploit), and patch writing (/patch). Integrates Z3 SMT solver for data-flow pre-filtering and one-gadget constraint analysis, significantly reducing wasted analysis on unreachable paths. The Fast-tier mechanism leverages cheaper same-vendor sub-models for pre-filter short-circuiting, with false negative risk controlled via Wilson confidence intervals. Supports multi-model collaboration (Anthropic/OpenAI/Gemini/Mistral/Ollama) with analysis-layer models assigned roles of analysis/code/consensus/aggregate/fallback. Semgrep rule packs are locally cached, enabling fully offline/air-gapped scanning. Available via Devcontainer (~6 GB) or manual installation, with per-run budget control via the RAPTOR_MAX_COST environment variable. Authored by Gadi Evron, Daniel Cuthbert, Thomas Dullien (Halvar Flake), Michael Bargury, and John Cartwright. Current version v3.0.0, licensed under MIT (note: CodeQL has a separate non-commercial license).