Skip to content

RAPTOR v3.0.0

Latest
Latest

Choose a tag to compare

View all tags
@danielcuthbert danielcuthbert released this 23 Apr 22:47
· 1858 commits to main since this release
v3.0.0
5b20fd8

RAPTOR v3.0.0 -- first versioned release

This is the first tagged release. Rather than a commit-by-commit list, here is what the framework can do.

Core capabilities

  • /agentic -- full autonomous workflow: Semgrep + CodeQL scan, finding deduplication, LLM-powered validation (Stages A-D), exploit PoC generation, patch generation, cross-finding group analysis
  • /understand -- adversarial code comprehension: map entry points, trust boundaries and sinks; trace data flows; hunt for vulnerability variants
  • /validate -- standalone exploitability validation pipeline (Stages 0-F) with mechanical inventory and LLM analysis stages
  • /scan -- Semgrep + CodeQL static analysis with parallel execution and SARIF output
  • /codeql -- CodeQL-only deep analysis with Z3 SMT dataflow pre-screening
  • /fuzz -- binary fuzzing with AFL++ and integrated crash analysis
  • /crash-analysis -- autonomous root-cause analysis for C/C++ crashes using rr and GDB
  • /oss-forensics -- evidence-backed GitHub repository investigation via GH Archive, GitHub API, and Wayback Machine
  • /project -- named workspaces for organising runs, merging findings, tracking coverage, and diffing between runs

Z3 SMT integration

Two-layer Z3 solver integration (optional, pip install z3-solver):

  • CodeQL path constraints checked for satisfiability before any LLM call -- unreachable paths dropped, reachable paths get concrete candidate inputs injected into the prompt
  • One-gadget register/memory constraints checked against concrete crash state during binary feasibility assessment

Multi-LLM support

Analysis dispatch layer supports Anthropic, OpenAI, Gemini, Mistral, and Ollama. Configure via ~/.config/raptor/models.json or environment variables. Model roles (analysis, code, consensus, fallback) let you assign different models to different tasks.

Offline and air-gapped support

All Semgrep registry packs shipped in the repo under engine/semgrep/rules/registry-cache/. No network calls required for scanning once the repo is cloned.

OWASP ASVS V11 crypto rules

39 Semgrep rules covering ASVS V11 (Cryptography): weak hashes, weak ciphers, ECB mode, PKCS#1 v1.5 padding, insecure IV/nonce, weak KDF parameters, password hashing with general-purpose functions, non-cryptographic RNG -- across Java, Python, JavaScript, Go, Ruby, PHP, Rust, and C.

Other

  • CVSS v3.1 scoring integrated into validation pipeline
  • Coverage tracking: which source files the LLM read during analysis
  • Devcontainer with all dependencies pre-installed (Semgrep, CodeQL, AFL++, rr, GDB, Playwright)
  • Python CLI (python3 raptor.py) for CI/CD integration without Claude Code
Assets 5
Loading