npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, πŸ‘‹, I’m Ryan HefnerΒ  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you πŸ™

Β© 2026 – Pkg Stats / Ryan Hefner

drogonclaw

v1.0.2

Published

πŸ‰πŸ”₯ DrogonClaw β€” Autonomous AI Penetration Testing Framework

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

drogonclawdrogonclaw

Keywords

pentestingsecurityaiautomationctfhackingpenetration-testingautonomous-agent

Readme

DrogonClaw πŸ‰πŸ”₯

AI-Driven Offensive Security Framework Developed by 0xP4X 🌐 Official Website: drogonclaw.xyz

DrogonClaw is a next-generation cyber operations platform. Rather than acting as a simple wrapper for Kali tools, DrogonClaw operates as a Command-and-Control (C2) Brain. It understands objectives, plans attack workflows, adapts to new discoveries, and orchestrates a swarm of specialized autonomous agents through a unified intelligence core.

DrogonClaw focuses on high-confidence autonomous workflows, explainable findings, and reproducible evidence, avoiding the hallucinations common in early AI security tools.

[!WARNING] Linux Only DrogonClaw is strictly designed and optimized for Linux-based operating systems (such as Kali Linux, Ubuntu, or Debian). It relies heavily on Linux-specific networking APIs, native filesystem permissions, and process management. It will not function on Windows or macOS.

πŸ›οΈ Architectural Pillars

flowchart TD
    subgraph UI ["User Interfaces"]
        CLI["πŸ’» CLI Terminal"]
        TG["πŸ“± Telegram C2 Gateway"]
    end

    subgraph Core ["🧠 DrogonClaw Engine"]
        Orchestrator["LangChain ReAct Orchestrator"]
        LootDB[("LootDB (SQLite)")]
        OPSEC["OPSEC Cleanup Registry"]
    end

    subgraph Execution ["Isolated Execution Environment"]
        Docker["🐳 Ephemeral Docker Sandbox"]
        Tools["Nmap, Metasploit, Custom Exploits"]
    end

    Target((("🎯 Target Network")))

    UI -->|Natural Language Instructions| Orchestrator
    Orchestrator <-->|Decoupled Memory| LootDB
    Orchestrator -->|Registers Processes| OPSEC
    Orchestrator -->|Deploys Payloads| Docker
    Docker --- Tools
    Tools -->|Exploits & Recon| Target
    
    OPSEC -.->|LIFO Kill Signal| Execution

The platform revolves around three major pillars:

1. The Orchestration Core

  • Mission Planner: Breaks down objectives, reasons about paths, and delegates to specialized agents.
  • Intelligence Graph: A persistent, graph-based memory system that maps out discovered assets, vulnerabilities, and context across engagements.
  • Evidence Validator: An AI validation layer that demands reproducible evidence, scoring confidence from 0-100% and rejecting hallucinations.

2. The Skill Ecosystem

A modular plugin architecture allowing seamless integration of:

  • OSINT modules
  • Network reconnaissance scanners
  • Browser automation packs
  • Exploit validators

3. Autonomous Execution Layer

DrogonClaw isolates operational risk through:

  • Sandboxed Tool Execution: Running command-line tools (Nmap, Metasploit, etc.) in isolated Docker environments.
  • Safety Monitors: Enforcing rate limits, scope boundaries, and timeout constraints.

πŸš€ Quick Start & Setup Guide

DrogonClaw operates through multiple interconnected modules. You can run it locally from source, or install it globally as a standalone CLI tool.

1. Global Installation (Recommended)

DrogonClaw is published on NPM and can be installed globally:

npm install -g drogonclaw

Once installed, simply run drogonclaw from anywhere on your system to launch the setup wizard and enter the AI.

2. Local Installation (For Developers)

git clone https://github.com/0xP4X/DrogoClaw.git
cd drogonclaw
npm install
npm run build
npm run cli

3. Initialization Wizard

Upon the first launch of drogonclaw, the DrogonClaw Configuration Wizard will guide you through setting up your neural pathways:

  • You will be prompted to select an AI Provider (OpenAI, Anthropic, OpenRouter, or local Ollama).
  • You will securely enter your API keys.
  • You can optionally configure a Telegram Gateway for remote mobile C2 operations.

If you ever need to reconfigure your setup, run drogonclaw setup or type /setup inside the interactive terminal.

4. Interactive Terminal & Dynamic Execution

Inside the drogon> prompt, you can converse with the AI naturally or use specific slash commands:

  • /skills - List all loaded penetration testing modules
  • /setup - Relaunch the configuration wizard
  • /clear - Wipe the terminal screen

Graceful Action Abortion: If DrogonClaw is running a long scan or executing an exploit and you want to steer it in a different direction, simply press Ctrl+C. This will instantly sever the active thread, halt all sandboxed executions, and drop you back to the prompt, preserving the session memory so you can inject new instructions.

πŸ“± Telegram Gateway

Allows you to text instructions to your agent from your phone:

npm run gateway

Security Note: You must provide your TELEGRAM_CHAT_ID during initialization to whitelist your account, otherwise the agent will reject all commands.

πŸ› οΈ Modularity & Swarm Intelligence

DrogonClaw is designed to scale into collaborative agent swarms. You can inject new specialized agents (e.g., a "Web Fuzzer Agent" or an "Active Directory Hound") without modifying the core orchestrator.

πŸ‘¨β€πŸ’» Author

0xP4X

⚠️ Disclaimer

DrogonClaw is designed for authorized security testing only. Always ensure you have explicit permission before testing any system. Unauthorized access to computer systems is illegal.

πŸ“„ License

MIT

🌟 Star History

Star History Chart