Clearwing is an autonomous offensive security tool built on LangGraph, designed to emulate advanced vulnerability scanning capabilities using accessible AI models. It functions as a dual-mode system featuring a network pentest agent for live target scanning and service detection, alongside a source-code hunter that utilizes agent-driven pipelines to identify, verify, and potentially patch vulnerabilities in codebases.
Key features include:
* Dual-mode operation covering both network penetration testing and source-code analysis.
* A ReAct-loop network agent equipped with 63 bind-tools for scanning and exploitation attempts.
* An automated source-code hunter that uses adversarial verification and sanitizer crashes as ground truth.
* Comprehensive reporting capabilities including SARIF, markdown, and JSON formats.
* Support for various AI providers such as Anthropic, OpenAI, and local LLM endpoints via OpenRouter or Ollama.
Key features include:
* Dual-mode operation covering both network penetration testing and source-code analysis.
* A ReAct-loop network agent equipped with 63 bind-tools for scanning and exploitation attempts.
* An automated source-code hunter that uses adversarial verification and sanitizer crashes as ground truth.
* Comprehensive reporting capabilities including SARIF, markdown, and JSON formats.
* Support for various AI providers such as Anthropic, OpenAI, and local LLM endpoints via OpenRouter or Ollama.
