Redamon
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
Install / Use
/learn @samugit83/RedamonREADME
<p align="center">
<img src="assets/logo.png" alt="RedAmon Logo" width="120"/>
<br/>
<img src="assets/title.svg" alt="RedAmon" width="340"/>
<br/>
<b><i><big><big>Unmask the hidden before the world does</big></big></i></b>
</p>
<p align="center" style="font-size: 120%;">
An autonomous AI framework that chains reconnaissance, exploitation, and post-exploitation into a single pipeline, then goes further by triaging every finding, implementing code fixes, and opening pull requests on your repository. From first packet to merged patch, with human oversight at every critical step.
</p>
<br/>
<p align="center">
<img height="24" src="https://img.shields.io/badge/v3.0.0-release-2E8B57?style=flat" alt="Version 3.0.0"/>
<img height="24" src="https://img.shields.io/badge/WARNING-SECURITY%20TOOL-B22222?style=flat" alt="Security Tool Warning"/>
<img height="24" src="https://img.shields.io/badge/LICENSE-MIT-4169A1?style=flat" alt="MIT License"/>
<img height="24" src="https://img.shields.io/badge/END--TO--END-PIPELINE-A01025?style=flat" alt="End-to-End Pipeline"/>
<img height="24" src="https://img.shields.io/badge/AI-AUTONOMOUS%20AGENT-6A5ACD?style=flat&logo=openai&logoColor=white" alt="AI Powered"/>
<img height="24" src="https://img.shields.io/badge/CONFIGURABLE-AUTONOMY-CC7722?style=flat" alt="Configurable Autonomy"/>
<img height="24" src="https://img.shields.io/badge/Kali-Powered-466A7A?style=flat&logo=kalilinux&logoColor=white" alt="Kali Powered"/>
<img height="24" src="https://img.shields.io/badge/Docker-Compose-1A7EC2?style=flat&logo=docker&logoColor=white" alt="Docker"/>
<img height="24" src="https://img.shields.io/badge/IP%2FCIDR-TARGETING-0D7377?style=flat" alt="IP/CIDR Targeting"/>
<img height="24" src="https://img.shields.io/badge/31+-SECURITY%20TOOLS-CC8F00?style=flat&logo=hack-the-box&logoColor=white" alt="30+ Security Tools"/>
<img height="24" src="https://img.shields.io/badge/185,000+-DETECTION%20RULES-8B1142?style=flat" alt="185,000+ Detection Rules"/>
<img height="24" src="https://img.shields.io/badge/190+-PROJECT%20SETTINGS-00899B?style=flat" alt="190+ Settings"/>
<img height="24" src="https://img.shields.io/badge/400+-AI%20MODELS-04A878?style=flat&logo=huggingface&logoColor=white" alt="400+ AI Models"/>
<img height="24" src="https://img.shields.io/badge/%F0%9F%96%A5%EF%B8%8F_LOCAL%20MODELS-OLLAMA%20%7C%20vLLM%20%7C%20LM%20Studio-B85C00?style=flat" alt="Local Models Support"/>
<img height="24" src="https://img.shields.io/badge/Metasploit-Framework-1A6DAA?style=flat" alt="Metasploit Framework"/>
<img height="24" src="https://img.shields.io/badge/OpenVAS-Scanner-66B245?style=flat" alt="OpenVAS Scanner"/>
<img height="24" src="https://img.shields.io/badge/Nmap-Scanner-4682B4?style=flat" alt="Nmap Scanner"/>
<img height="24" src="https://img.shields.io/badge/Nuclei-Scanner-7B42BC?style=flat" alt="Nuclei Scanner"/>
<img height="24" src="https://img.shields.io/badge/SQLMap-Injection-C0392B?style=flat" alt="SQLMap"/>
<img height="24" src="https://img.shields.io/badge/Hydra-Credential%20Testing-E67E22?style=flat" alt="Hydra Credential Testing"/>
<img height="24" src="https://img.shields.io/badge/CypherFix-Auto%20Remediation-00B894?style=flat" alt="CypherFix Auto Remediation"/>
<img height="24" src="https://img.shields.io/badge/AI-PENTEST%20REPORTS-8B5CF6?style=flat" alt="AI Pentest Reports"/>
<img height="24" src="https://img.shields.io/badge/RoE-Guardrails-3B82F6?style=flat" alt="RoE Guardrails"/>
<a href="https://github.com/samugit83/redamon/wiki"><img height="24" src="https://img.shields.io/badge/📖_WIKI-FULL%20DOCUMENTATION-1A73E8?style=flat" alt="Wiki Documentation"/></a>
</p>
<p align="center"> <img src="assets/agent.gif" alt="RedAmon Agent Demo" width="100%"/> </p> <p align="center"> <a href="https://youtu.be/afViJUit0xE"><img height="24" src="https://img.shields.io/badge/▶_WATCH_DEMO-3_Parallel_Agents-FF0000?style=flat&logo=youtube&logoColor=white" alt="Watch Demo"/></a> </p> <p align="center"> <em>Three AI agents test in parallel — one validates credential policies via Hydra, one verifies a CVE exploit path through privilege escalation, one maps XSS vulnerabilities across the frontend.</em> </p> <br/> <h1 align="center"><span style="color:#D48A8A">Offense</span> meets <span style="color:#8AAED4">defense</span> — one pipeline, full visibility.</h1> <p align="center"> <b><samp><big>Reconnaissance ➜ Exploitation ➜ Post-Exploitation ➜ AI Triage ➜ CodeFix Agent ➜ GitHub PR</big></samp></b> <br/><br/> RedAmon doesn't stop at finding vulnerabilities, it fixes them. The pipeline starts with a 6-phase reconnaissance engine that maps your target's entire attack surface, then hands control to an autonomous AI agent that validates CVE exploitability, tests credential policies, and maps lateral movement paths. Every finding is recorded in a Neo4j knowledge graph. When the offensive phase completes, CypherFix takes over: an AI triage agent correlates hundreds of findings, deduplicates them, and ranks them by exploitability. Then a CodeFix agent clones your repository, navigates the codebase with 11 code-aware tools, implements targeted fixes, and opens a GitHub pull request, ready for review and merge. </p> <p align="center"> <img src="assets/cypherfix.gif" alt="CypherFix demo" width="100%"/> </p>LEGAL DISCLAIMER: This tool is intended for authorized security testing, educational purposes, and research only. Never use this system to scan, probe, or attack any system you do not own or have explicit written permission to test. Unauthorized access is illegal and punishable by law. By using this tool, you accept full responsibility for your actions. Read Full Disclaimer
Roadmap & Community Contributions
We maintain a public Project Board with upcoming features open for community contributions. Pick a task and submit a PR!
Want to contribute? See CONTRIBUTING.md for how to get started.
Maintainers
<table> <tr> <td align="center" valign="top" width="50%"> <img src="assets/samuele.png" alt="Samuele Giampieri" width="120"/><br/> <b>Samuele Giampieri</b> — Creator, Maintainer & AI Platform Architect<br/><br/> <small>AI Platform Architect & Full-Stack Lead with 15+ years of freelancing experience and more than 30 projects shipped to production, including enterprise-scale AI agentic systems. AWS-certified (DevOps Engineer, ML Specialty) and IBM-certified AI Engineer. Designs end-to-end ML solutions spanning deep learning, NLP, Computer Vision, and AI Agent systems with LangChain/LangGraph.</small><br/><br/> <a href="https://www.linkedin.com/in/samuele-giampieri-b1b67597/">LinkedIn</a> · <a href="https://github.com/samugit83">GitHub</a> · <a href="https://www.devergolabs.com/">Devergo Labs</a> </td> <td align="center" valign="top" width="50%"> <img src="assets/ritesh.png" alt="Ritesh Gohil" width="120"/><br/> <b>Ritesh Gohil</b> — Maintainer & Lead Security Researcher<br/><br/> <small>Cyber Security Engineer at Workday with over 7 years of experience in Web, API, Mobile, Network, and Cloud penetration testing. Published 11 CVEs in MITRE, with security acknowledgements from Google (4×) and Apple (6×). Secured 200+ web and mobile applications and contributed to Exploit Database, Google Hacking Database, and the AWS Community. Holds AWS Security Specialty, eWPTXv2, eCPPTv2, CRTP, and CEH certifications with expertise in red teaming, cloud security, CVE research, and security architecture review.</small><br/><br/> <a href="https://www.linkedin.com/in/riteshgohil25/">LinkedIn</a> · <a href="https://github.com/L4stPL4Y3R">GitHub</a> </td> </tr> </table>Quick Start
Prerequisites
- Docker & Docker Compose v2+
That's it. No Node.js, Python, or security tools needed on your host.
Minimum System Requirements
| Resource | Without OpenVAS | With OpenVAS (full stack) | |----------|----------------|--------------------------| | CPU | 2 cores | 4 cores | | RAM | 4 GB | 8 GB (16 GB recommended) | | Disk | 20 GB free | 50 GB free |
Without OpenVAS runs 6 containers: webapp, postgres, neo4j, agent, kali-sandbox, recon-orchestrator. With OpenVAS adds 4 more runtime containers (gvmd, ospd-openvas, gvm-postgres, gvm-redis) plus ~8 one-shot data-init containers for vulnerability feeds (~170K+ NVTs). First launch takes ~30 minutes for GVM feed synchronization. Dynamic recon and scan containers are spawned on-demand during operations and require additional resources.
1. Clone & Configure
git clone https://github.com/samugit83/redamon.git
cd redamon
After starting the stack, open http://localhost:3000/settings (gear icon in the header) to configure everything. No .env file is needed — all configuration is done from the UI.
- LLM Providers — add API keys for OpenAI, Anthropic, OpenRouter, AWS Bedrock, or any OpenAI-compatible endpoint (Ollama, vLLM, Groq, etc.). Each provider can be tested before saving. The model selector in project settings dynamically fetches available models from configured providers.
- API Keys — Tavily, Shodan, SerpAPI, NVD, Vulners, and URLScan keys to enable extended agent capabilities (web search, OSINT, CVE lookups). Supports key rotation — configure multiple keys per tool with automatic round-robin rotation to avoid rate limits.
- Tunneling — configure ngrok or chisel for reverse shell tunneling. Changes apply immediately without container restarts.
All settings are stored per-user in the database. See the AI Model Providers wiki page for detailed setup instructions.
2. Build & Start
Without GVM (lighter, faster startup):
docker compose --profile tools build # Build all images
docker compo
