Unmask the hidden before the world does
An autonomous AI framework that chains reconnaissance, exploitation, and post-exploitation into a single pipeline, then goes further by triaging every finding, implementing code fixes, and opening pull requests on your repository. From first packet to merged patch, with human oversight at every critical step.
LEGAL DISCLAIMER: This tool is intended for authorized security testing, educational purposes, and research only. Never use this system to scan, probe, or attack any system you do not own or have explicit written permission to test. Unauthorized access is illegal and punishable by law. By using this tool, you accept full responsibility for your actions. Read Full Disclaimer
Three AI agents test in parallel β one validates credential policies via Hydra, one verifies a CVE exploit path through privilege escalation, one maps XSS vulnerabilities across the frontend.
Reconnaissance β Exploitation β Post-Exploitation β AI Triage β CodeFix Agent β GitHub PR
RedAmon doesn't stop at finding vulnerabilities, it fixes them. The pipeline starts with a 6-phase reconnaissance engine that maps your target's entire attack surface, then hands control to an autonomous AI agent that validates CVE exploitability, tests credential policies, and maps lateral movement paths. Every finding is recorded in a Neo4j knowledge graph. When the offensive phase completes, CypherFix takes over: an AI triage agent correlates hundreds of findings, deduplicates them, and ranks them by exploitability. Then a CodeFix agent clones your repository, navigates the codebase with 11 code-aware tools, implements targeted fixes, and opens a GitHub pull request, ready for review and merge.
We maintain a public Project Board with upcoming features open for community contributions. Pick a task and submit a PR!
Want to contribute? See CONTRIBUTING.md for how to get started.
 Samuele Giampieri β Creator, Maintainer & AI Platform Architect AI Platform Architect & Full-Stack Lead with 15+ years of freelancing experience and more than 30 projects shipped to production, including enterprise-scale AI agentic systems. AWS-certified (DevOps Engineer, ML Specialty) and IBM-certified AI Engineer. Designs end-to-end ML solutions spanning deep learning, NLP, Computer Vision, and AI Agent systems with LangChain/LangGraph. LinkedIn Β· GitHub Β· Devergo Labs |
 Ritesh Gohil β Maintainer & Lead Security Researcher Cyber Security Engineer at Workday with over 7 years of experience in Web, API, Mobile, Network, and Cloud penetration testing. Published 11 CVEs in MITRE, with security acknowledgements from Google (4Γ) and Apple (6Γ). Secured 200+ web and mobile applications and contributed to Exploit Database, Google Hacking Database, and the AWS Community. Holds AWS Security Specialty, eWPTXv2, eCPPTv2, CRTP, and CEH certifications with expertise in red teaming, cloud security, CVE research, and security architecture review. LinkedIn Β· GitHub |
- Docker & Docker Compose v2+
That's it. No Node.js, Python, or security tools needed on your host.
| Resource | Without OpenVAS | With OpenVAS (full stack) |
|---|---|---|
| CPU | 2 cores | 4 cores |
| RAM | 4 GB | 8 GB (16 GB recommended) |
| Disk | 20 GB free | 50 GB free |
Without OpenVAS runs 6 containers: webapp, postgres, neo4j, agent, kali-sandbox, recon-orchestrator. With OpenVAS adds 4 more runtime containers (gvmd, ospd-openvas, gvm-postgres, gvm-redis) plus ~8 one-shot data-init containers for vulnerability feeds (~170K+ NVTs). First launch takes ~30 minutes for GVM feed synchronization. Dynamic recon and scan containers are spawned on-demand during operations and require additional resources.
git clone https://github.com/samugit83/redamon.git
cd redamon
# Without GVM (lighter, faster startup):
./redamon.sh install
# With GVM / OpenVAS (full stack, ~30 min first run):
./redamon.sh install --gvmThe script builds all images and starts the services. When done, open http://localhost:3000.
Open http://localhost:3000/settings (gear icon in the header) to configure everything. No .env file is needed.
- LLM Providers -- add API keys for OpenAI, Anthropic, OpenRouter, AWS Bedrock, or any OpenAI-compatible endpoint (Ollama, vLLM, Groq, etc.). Each provider can be tested before saving. The model selector in project settings dynamically fetches available models from configured providers.
- API Keys -- Tavily, Shodan, SerpAPI, NVD, Vulners, URLScan, and threat intelligence keys (Censys, FOFA, OTX, Netlas, VirusTotal, ZoomEye, CriminalIP) to enable extended agent capabilities (web search, OSINT, CVE lookups, passive threat intel). Supports key rotation -- configure multiple keys per tool with automatic round-robin rotation to avoid rate limits.
- Tunneling -- configure ngrok or chisel for reverse shell tunneling. Changes apply immediately without container restarts.
All settings are stored per-user in the database. See the AI Model Providers wiki page for detailed setup instructions.
Go to http://localhost:3000 -- create a project, configure your target, and start scanning.
For a detailed walkthrough of every feature, check the Wiki.
Having issues? See the Troubleshooting guide or the Wiki Troubleshooting page.
All lifecycle management is handled by a single script:
| Command | Description |
|---|---|
./redamon.sh install |
Build + start without GVM |
./redamon.sh install --gvm |
Build + start with GVM/OpenVAS |
./redamon.sh update |
Pull latest version, smart-rebuild only changed services |
./redamon.sh up |
Start services (auto-detects GVM mode) |
./redamon.sh down |
Stop services (preserves data) |
./redamon.sh status |
Show running services, version, GVM mode |
./redamon.sh clean |
Remove containers + images, keep data |
./redamon.sh purge |
Remove everything including all data |
Just run:
./redamon.sh updateThe script pulls the latest code from GitHub, detects which Dockerfiles and source files changed, rebuilds only the affected images, and restarts the updated services. Your databases, scan results, and reports are preserved -- volumes are never deleted.
The webapp also checks for updates automatically and shows a notification in the UI when a new version is available.
For contributors and active development with Next.js fast refresh:
Build tool images:
docker compose --profile tools buildStart dev environment (without GVM):
docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d postgres neo4j recon-orchestrator kali-sandbox agent webappStart dev environment (with GVM):
docker compose -f docker-compose.yml -f docker-compose.dev.yml up -dThe dev override swaps the production webapp image for a dev container with your source code volume-mounted. Every file save triggers instant hot-reload in the browser.
| What changed | Action needed |
|---|---|
webapp/src/ (frontend code) |
Nothing -- Next.js hot-reload handles it in dev mode |
agentic/*.py (agent Python code) |
docker compose restart agent |
recon_orchestrator/*.py |
docker compose restart recon-orchestrator |
mcp/servers/*.py (MCP servers) |
docker compose restart kali-sandbox |
agentic/Dockerfile or agentic/requirements.txt |
docker compose build agent && docker compose up -d agent |
recon_orchestrator/Dockerfile or its requirements.txt |
docker compose build recon-orchestrator && docker compose up -d recon-orchestrator |
mcp/kali-sandbox/Dockerfile |
docker compose build kali-sandbox && docker compose up -d kali-sandbox |
webapp/Dockerfile or webapp/package.json |
docker compose build webapp && docker compose up -d webapp |
recon/Dockerfile |
docker compose --profile tools build recon |
gvm_scan/Dockerfile |
docker compose --profile tools build vuln-scanner |
github_secret_hunt/Dockerfile |
docker compose --profile tools build github-secret-hunter |
trufflehog_scan/Dockerfile |
docker compose --profile tools build trufflehog-scanner |
docker-compose.yml |
docker compose up -d (re-creates affected containers) |
prisma/schema.prisma |
docker compose exec webapp npx prisma db push |
Rebuild a single service:
docker compose build <service> # Rebuild one image
docker compose up -d --no-deps <service> # Restart only that serviceCommon dev commands:
docker compose ps # Check service status
docker compose logs -f <service> # Follow logs for a service
docker compose down # Stop all (preserves volumes)
docker compose --profile tools down --rmi local # Remove built images
docker compose --profile tools down --rmi local --volumes --remove-orphans # Full cleanupFor a complete development reference -- hot-reload rules, common commands, important rules, and AI-assisted coding guidelines -- see the Developer Guide.
|
Explore real-time live attack sessions -- every step, every pivot, every exploit -- across 15 vulnerability categories on a live target. Full session logs, decoded walkthroughs, and video recordings showing the agent autonomously compromising a multi-service server from scratch. Explore the HackLab β Β Β |Β Β Submit your own session βGot an amazing agent session on your own target? Share it with the community -- session log + YouTube video. |
- Full Wiki Documentation
- Overview
- Feature Highlights
- System Architecture
- Components
- Documentation
- Troubleshooting
- Community Showcase
- Legal
RedAmon is a modular, containerized penetration testing framework that chains automated reconnaissance, AI-driven exploitation, and graph-powered intelligence into a single, end-to-end offensive security pipeline. Every component runs inside Docker β no tools installed on your host β and communicates through well-defined APIs so each layer can evolve independently.
The platform is built around six pillars:
| Pillar | What it does |
|---|---|
| Reconnaissance Pipeline | A parallelized fan-out / fan-in scanning pipeline that maps your target's entire attack surface β starting from a domain or IP addresses / CIDR ranges β from subdomain discovery (5 concurrent tools) through port scanning, Nmap service detection and NSE vulnerability scripts, HTTP probing, resource enumeration, and vulnerability detection. Independent modules run concurrently via ThreadPoolExecutor, graph DB updates happen in a background thread, and results are stored as a rich, queryable graph. Complemented by standalone GVM network scanning, GitHub secret hunting, and TruffleHog deep secret scanning modules. |
| AI Agent Orchestrator | A LangGraph-based autonomous agent that reasons about the graph, selects security tools via MCP, transitions through informational / exploitation / post-exploitation phases, and can be steered in real-time via chat. |
| Attack Surface Graph | A Neo4j knowledge graph with 17 node types and 20+ relationship types that serves as the single source of truth for every finding β and the primary data source the AI agent queries before every decision. |
| EvoGraph | A persistent, evolutionary attack chain graph in Neo4j that tracks every step, finding, decision, and failure across the attack lifecycle β bridging the recon graph and enabling cross-session intelligence accumulation. |
| CypherFix | Automated vulnerability remediation pipeline β an AI triage agent correlates and prioritizes findings from the graph, then a CodeFix agent clones the target repository, implements fixes using a ReAct loop with 11 code tools, and opens a GitHub pull request. |
| Project Settings Engine | 196+ per-project parameters β exposed through the webapp UI β that control every tool's behavior, from Naabu thread counts to Nuclei severity filters to agent approval gates. |
A fully automated, parallelized scanning engine running inside a Kali Linux container. Given a root domain, subdomain list, or IP/CIDR ranges, it maps the complete external attack surface using a fan-out / fan-in pipeline architecture: subdomain discovery (crt.sh, HackerTarget, Subfinder, Amass, Knockpy β all 5 tools run concurrently), puredns wildcard filtering (validates subdomains against public DNS resolvers and removes wildcard/poisoned entries), parallel DNS resolution (20 workers), Shodan + port scanning (Masscan / Naabu β both run in parallel), passive threat intelligence enrichment (7 tools: Censys, FOFA, OTX, Netlas, VirusTotal, ZoomEye, CriminalIP β all run in parallel with port scanning) in parallel, Nmap service version detection and NSE vulnerability scripts on discovered ports, HTTP probing with technology fingerprinting (httpx + Wappalyzer), resource enumeration (Katana, Hakrawler, GAU, ParamSpider, Kiterunner β internally parallel, followed by jsluice JavaScript analysis, FFuf directory fuzzing with custom wordlist support, and Arjun hidden parameter discovery with multi-method parallel execution), and vulnerability scanning (Nuclei with 9,000+ templates + DAST fuzzing). Neo4j graph updates run in a dedicated background thread so the main pipeline is never blocked. Results are stored as JSON and imported into the Neo4j graph.
| Settings Tab | Phase | Tools | Type | Execution |
|---|---|---|---|---|
| Discovery & OSINT | Subdomain Discovery | crt.sh, HackerTarget, Subfinder, Amass, Knockpy | Passive* | 5 tools parallel |
| Wildcard Filtering | Puredns | Active | Sequential | |
| WHOIS + URLScan | python-whois, URLScan.io API | Passive | Parallel | |
| DNS Resolution | dnspython | Passive | 20 parallel workers | |
| OSINT Enrichment | Shodan / InternetDB | Passive | Parallel with port scan | |
| Threat Intel Enrichment | Censys, FOFA, OTX (AlienVault), Netlas, VirusTotal, ZoomEye, CriminalIP | Passive | 7 tools parallel (GROUP 3b) | |
| Port Scanning | Port Scanning | Masscan, Naabu | Active | Both parallel |
| Nmap Service Detection | Service Version Detection | Nmap (-sV, --script vuln) | Active | Sequential per target |
| HTTP Probing | HTTP Probing | httpx | Active | Internal parallel |
| Tech Detection | Wappalyzer | Passive | Sequential (post-probe) | |
| Banner Grabbing | Custom (Python sockets: SSH, FTP, SMTP, MySQL, etc.) | Active | Parallel workers | |
| Resource Enum | Web Crawling | Katana, Hakrawler | Active | Parallel |
| Archive Discovery | GAU (Wayback, CommonCrawl, OTX) | Passive | Parallel with crawlers | |
| Parameter Mining | ParamSpider (Wayback CDX) | Passive | Parallel with crawlers | |
| JS Analysis | jsluice | Passive | Sequential (post-crawl) | |
| Directory Fuzzing | FFuf | Active | Sequential (post-jsluice) | |
| Parameter Discovery | Arjun | Active | Methods parallel (GET/POST/JSON/XML) | |
| API Discovery | Kiterunner | Active | Sequential per wordlist | |
| Vulnerability Scanning | Vulnerability Scanning | Nuclei (9,000+ templates + DAST + custom template upload) | Active | Internal parallel |
| Security Checks | Security Checks | WAF bypass, direct IP access, TLS expiry, missing headers, cache-control | Active | Parallel workers |
| CVE & MITRE | CVE Enrichment | NVD API, Vulners API | Passive | Sequential |
| MITRE Enrichment | CWE / CAPEC mapping | Passive | Sequential |
*Amass can run in active mode when configured. Knockpy performs active DNS probing.
GVM/OpenVAS performs deep network-level vulnerability assessment with 170,000+ NVTs β probing services at the protocol layer for misconfigurations, outdated software, default credentials, and known CVEs. Complements Nuclei's web-layer findings. Seven pre-configured scan profiles from quick host discovery (~2 min) to exhaustive deep scanning (~8 hours). Findings are stored as Vulnerability nodes in Neo4j alongside the recon graph.
A LangGraph-based autonomous agent implementing the ReAct pattern. It progresses through three phases β Informational (intelligence gathering, graph queries, Shodan, Google dorking), Exploitation (Metasploit, Hydra credential testing, social engineering simulation), and Post-Exploitation (enumeration, lateral movement). The agent executes 13 security tools via MCP servers inside a Kali sandbox, supports parallel tool execution via Wave Runner, and provides real-time chat interaction with guidance, stop/resume, and approval workflows. Deep Think mode enables structured strategic analysis before acting.
Supports 5 providers and 400+ models: OpenAI (GPT-5.2, GPT-5, GPT-4.1), Anthropic (Claude Opus 4.6, Sonnet 4.5), OpenRouter (300+ models), AWS Bedrock, and any OpenAI-compatible endpoint (Ollama, vLLM, LM Studio, Groq, etc.). Models are dynamically fetched β no hardcoded lists.
A Neo4j knowledge graph with 17 node types and 20+ relationship types β the single source of truth for the target's attack surface. The agent queries it before every decision via natural language β Cypher translation.
A persistent, evolutionary graph tracking everything the AI agent does β tool executions, discoveries, failures, and strategic decisions. Structured chain context replaces flat execution traces, improving agent efficiency by 25%+. Cross-session memory means the agent never starts from zero.
Launch multiple concurrent agent sessions against the same project. Each session creates its own AttackChain in EvoGraph. New sessions automatically load findings and failure lessons from all prior sessions, avoiding redundant work.
Unified view of active sessions β meterpreter, reverse/bind shells, and listeners. Built-in terminal with a Command Whisperer that translates plain English into shell commands.
Full interactive PTY shell access to the Kali sandbox container directly from the graph page via xterm.js. Access all pre-installed pentesting tools (Metasploit, Nmap, Nuclei, Hydra, sqlmap) without leaving the browser. Features dark terminal theme, connection status indicator, auto-reconnect with exponential backoff, fullscreen mode, and browser-side keepalive.
Two-agent pipeline: a Triage Agent runs 9 hardcoded Cypher queries then uses an LLM to correlate, deduplicate, and prioritize findings. A CodeFix Agent clones the target repo, explores the codebase with 11 tools, implements fixes, and opens a GitHub PR β replicating Claude Code's agentic design.
An LLM-powered Intent Router classifies user requests into agent skills: CVE (MSF), SQL Injection, Credential Testing, Social Engineering, Availability Testing, or custom user-defined skills uploaded as Markdown files. Ready-to-use community skills are available for API testing, XSS, SQLi, and SSRF -- download the .md file and upload it via Global Settings > Agent Skills to activate it for your user. You can also contribute your own by opening a PR.
Scans GitHub repositories, gists, and commit history for exposed secrets using 40+ regex patterns and Shannon entropy analysis.
Scans GitHub repositories for leaked credentials using 700+ detectors with automatic verification of whether discovered secrets are still active. Powered by the TruffleHog engine (trufflesecurity/trufflehog), it detects API keys, passwords, tokens, certificates, and more across full commit history. Results are stored as TrufflehogScan β TrufflehogRepository β TrufflehogFinding nodes in the Neo4j graph. Both GitHub Hunt and TruffleHog are accessible from the "Other Scans" modal in the graph toolbar.
196+ configurable parameters across 14 tabs controlling every tool's behavior β from scan modules to agent approval gates. Managed through the webapp UI.
Upload a RoE document (PDF, TXT, MD, DOCX) to auto-configure project settings and enforce engagement constraints. Enforcement at both the recon pipeline (excluded hosts, rate limits, time windows) and AI agent (prompt injection, severity phase cap, tool restrictions) layers.
30+ interactive charts across 4 sections β attack chains & exploits, attack surface, vulnerabilities & CVE intelligence, and graph overview. All data pulled live from Neo4j and PostgreSQL.
LLM-based guardrail preventing targeting of unauthorized domains β blocks government sites, major tech companies, financial institutions, and social media platforms. Operates at both project creation and agent initialization. Government, military, educational, and international organization domains (.gov, .mil, .edu, .int) are permanently blocked by a deterministic hard guardrail that cannot be disabled.
Per-tool human-in-the-loop gate for dangerous operations. When enabled, the agent pauses before executing high-impact tools (Nmap, Nuclei, Metasploit, Hydra, Kali shell, code execution) and presents an inline Allow / Deny prompt in the chat timeline. Supports both single-tool and parallel-wave (plan) confirmation modes. Users can approve, reject, or modify tool arguments before execution proceeds. Disabled via the Require Tool Confirmation toggle in Project Settings.
Professional, client-ready HTML reports with 11 sections. When an AI model is configured, 6 sections receive LLM-generated narratives including executive summary, risk analysis, and prioritized remediation triage. View example report.
Full project backup and restore through the web interface β settings, conversations, graph data, recon/GVM/GitHub hunt results as a portable ZIP archive.
flowchart TB
subgraph User["π€ User Layer"]
Browser[Web Browser]
CLI[Terminal/CLI]
end
subgraph Frontend["π₯οΈ Frontend Layer"]
Webapp[Next.js Webapp<br/>:3000]
end
subgraph Backend["βοΈ Backend Layer"]
Agent[AI Agent Orchestrator<br/>FastAPI + LangGraph<br/>:8090]
ReconOrch[Recon Orchestrator<br/>FastAPI + Docker SDK<br/>:8010]
end
subgraph Tools["π§ MCP Tools Layer"]
NetworkRecon[Network Recon Server<br/>Curl + Naabu<br/>:8000]
Nuclei[Nuclei Server<br/>:8002]
Metasploit[Metasploit Server<br/>:8003]
Nmap[Nmap Server<br/>:8004]
end
subgraph Scanning["π Scanning Layer"]
Recon[Recon Pipeline<br/>Docker Container]
GVM[GVM/OpenVAS Scanner<br/>Network Vuln Assessment]
GHHunt[GitHub Secret Hunter<br/>Credential Scanning]
TruffleHog[TruffleHog Scanner<br/>700+ Secret Detectors]
end
subgraph Data["πΎ Data Layer"]
Neo4j[(Neo4j Graph DB<br/>:7474/:7687)]
Postgres[(PostgreSQL<br/>Project Settings<br/>:5432)]
end
subgraph LLMProviders["π§ LLM Providers"]
OpenAI[OpenAI]
Anthropic[Anthropic]
LocalLLM[Local Models<br/>Ollama Β· vLLM Β· LM Studio]
OpenRouter[OpenRouter<br/>300+ Models]
Bedrock[AWS Bedrock]
end
subgraph External["π External APIs"]
GitHubAPI[GitHub API<br/>Repos & Code Search]
end
subgraph Targets["π― Target Layer"]
Target[Target Systems]
GuineaPigs[Guinea Pigs<br/>Test VMs]
end
Browser --> Webapp
CLI --> Recon
Webapp <-->|WebSocket| Agent
Webapp -->|REST + SSE| ReconOrch
Webapp --> Neo4j
Webapp --> Postgres
ReconOrch -->|Docker SDK| Recon
ReconOrch -->|Docker SDK| GVM
ReconOrch -->|Docker SDK| GHHunt
ReconOrch -->|Docker SDK| TruffleHog
Recon -->|Fetch Settings| Webapp
GHHunt -->|GitHub API| GitHubAPI
TruffleHog -->|GitHub API| GitHubAPI
TruffleHog --> Neo4j
Agent -->|API| OpenAI
Agent -->|API| Anthropic
Agent -->|API| LocalLLM
Agent -->|API| OpenRouter
Agent -->|API| Bedrock
Agent --> Neo4j
Agent -->|MCP Protocol| NetworkRecon
Agent -->|MCP Protocol| Nuclei
Agent -->|MCP Protocol| Metasploit
Agent -->|MCP Protocol| Nmap
Recon --> Neo4j
GVM -->|Reads Recon Output| Recon
GVM --> Neo4j
GVM --> Target
GVM --> GuineaPigs
NetworkRecon --> Target
Nuclei --> Target
Metasploit --> Target
Nmap --> Target
NetworkRecon --> GuineaPigs
Nuclei --> GuineaPigs
Metasploit --> GuineaPigs
Nmap --> GuineaPigs
Full architecture diagrams (data flow, Docker containers, recon pipeline, agent workflow, MCP integration): ARCHITECTURE.md
Technology stack (70+ technologies across frontend, backend, AI, databases, security tools): TECH_STACK.md
| Component | Description | Documentation |
|---|---|---|
| Reconnaissance Pipeline | Parallelized fan-out/fan-in OSINT and vulnerability scanning pipeline | README.RECON.md |
| Recon Orchestrator | Container lifecycle management via Docker SDK | README.RECON_ORCHESTRATOR.md |
| Graph Database | Neo4j attack surface mapping with multi-tenant support | README.GRAPH_DB.md Β· GRAPH.SCHEMA.md |
| MCP Tool Servers | Security tools via Model Context Protocol (Kali sandbox) | README.MCP.md |
| AI Agent Orchestrator | LangGraph-based autonomous agent with ReAct pattern | README.PENTEST_AGENT.md |
| CypherFix Agents | Automated triage + code fix + GitHub PR | README.CYPHERFIX_AGENTS.md |
| Web Application | Next.js dashboard for visualization and AI interaction | README.WEBAPP.md |
| GVM Scanner | Greenbone/OpenVAS network vulnerability scanner (170K+ NVTs) | README.GVM.md |
| TruffleHog Scanner | Deep secret scanning with 700+ detectors and credential verification | β |
| PostgreSQL Database | Project settings, user accounts, configuration data | README.POSTGRES.md |
| Test Environments | Intentionally vulnerable Docker containers for safe testing | README.GPIGS.md |
| Resource | Link |
|---|---|
| Full Wiki (user guide) | github.com/samugit83/redamon/wiki |
| AI-Assisted Development | Wiki: Ship Perfect PRs with AI |
| Developer Guide | readmes/README.DEV.md |
| Architecture Diagrams | readmes/ARCHITECTURE.md |
| Technology Stack | readmes/TECH_STACK.md |
| Troubleshooting | readmes/TROUBLESHOOTING.md |
| Changelog | CHANGELOG.md |
| Full Disclaimer | DISCLAIMER.md |
| Third-Party Licenses | THIRD-PARTY-LICENSES.md |
| License | LICENSE |
RedAmon is fully Dockerized and runs on any OS with Docker Compose v2+. For OS-specific fixes (Linux, Windows, macOS), see Troubleshooting Guide or the Wiki.
Videos, writeups, and real-world experiences from security professionals using RedAmon in the field. Want to be featured? See the Content Creator track in CONTRIBUTING.md.
| Title | Link |
|---|---|
| RedAmon v2.2.0 β Social Engineering Test: Payload Delivery to Shell Access | Watch |
| AI Agent CVE Validation β Beyond Standard Tooling | Watch |
| RedAmon 2.0 β From 0 to 1000 GitHub Stars in 10 Days: Multi-Agent Parallel Attacks | Watch |
| Build an Autonomous AI Red Team Agent from Scratch β LangGraph + Metasploit + Neo4j Full Tutorial | Watch |
| Who | What | Link |
|---|---|---|
| Nipun Dinudaya | Deployed RedAmon on a company website β identified a critical SQL injection vulnerability that could have caused significant data exposure | Read on LinkedIn |
| Venkata Bhargav CH S | Used RedAmon during an internship at Ascent e-Digit Solutions β hands-on reconnaissance, DNS analysis, and attack surface mapping | Read on LinkedIn |
| Who | What | Link |
|---|---|---|
| MrGood | Mastering Redamon: A Comprehensive Guide to Installation on Kali Linux β addressing Kali-specific Docker challenges and security posture | Read on Medium |
| Bogdan Caraman | How to Install RedAmon on Debian 13 (Trixie) with OpenRouter β step-by-step guide with Docker setup, static IP, and systemd automation | Read on Blog |
Contributions are welcome! Please read CONTRIBUTING.md for guidelines on how to get started, code style conventions, and the pull request process.
Samuele Giampieri β creator, maintainer & AI platform architect Β· LinkedIn Β· GitHub Β· Devergo Labs
Ritesh Gohil β maintainer & lead security researcher Β· LinkedIn Β· GitHub
For questions, feedback, or collaboration inquiries: devergo.sam@gmail.com
This project is released under the MIT License.
RedAmon integrates several third-party tools under their own licenses (AGPL-3.0, GPL, BSD, and others). Source code for all AGPL-licensed components is available at their upstream repositories. See THIRD-PARTY-LICENSES.md for the complete list.
See DISCLAIMER.md for full terms of use, acceptable use policy, and legal compliance requirements.
Use responsibly. Test ethically. Defend better.