RedAmon β AI That Hacks For You, Start to Finish
RedAmon β AI That Hacks For You, Start to Finish
Bug Bounties Just Got Easier β AI Recon + GitHub Secret Hunter
Point it at a target. The AI finds every weakness, breaks in, and writes the report β while you watch.
RedAmon is an AI-powered penetration testing framework that automates the entire hacking workflow. Reconnaissance, vulnerability scanning, exploitation, post-exploitation β all handled by an AI agent that reasons, picks tools, and executes attacks autonomously.
Think of it like hiring a team of ethical hackers, except the βteamβ is an AI brain connected to Metasploit, Nmap, Nuclei, and 20+ security tools β running inside Docker containers, talking to a graph database, and thinking through attack paths like a human pentester would. You give it a target. It maps the entire attack surface, finds the vulnerabilities, exploits them, and extracts credentials β with zero human intervention.
𧩠How It Works β Dumb-Proof Version
The short version: You type a domain name. The AI does everything a $10,000/week penetration tester does.
The longer version:
Imagine hiring a hacker. Theyβd do this:
- Recon β Find every subdomain, IP address, open port, and technology your target uses
- Scan β Check each finding for known vulnerabilities (CVEs, misconfigurations, weak passwords)
- Exploit β Use tools like Metasploit to actually break in through those vulnerabilities
- Post-exploitation β Once inside, extract credentials, escalate privileges, move laterally
- Report β Document everything found
RedAmon does all five steps automatically. Hereβs how:
Phase 1 β Reconnaissance (6 automated stages):
The recon pipeline runs six sequential scans β subdomain discovery, port scanning, HTTP probing, resource enumeration, vulnerability scanning, and MITRE ATT&CK mapping. Everything it finds gets stored in a Neo4j graph database as an interconnected knowledge graph with 17 node types and 20+ relationship types. Think of it as building a living map of the targetβs entire digital footprint.
Phase 2 β The AI Agent takes over:
A LangGraph-based AI agent (powered by Claude, GPT, Llama, Gemini β your choice of 400+ models) reads the graph, reasons about what it found, and picks attack paths:
- CVE Exploit path β Searches Metasploit for matching modules, configures payloads, launches exploits
- Brute Force path β Runs credential attacks against discovered services with configurable wordlists
Phase 3 β You watch in real-time:
The web UI shows the agent thinking, selecting tools, running exploits, and extracting credentials β live. You can steer it with real-time guidance, approve/deny critical actions, or pause and resume at any point.
Everything runs in Docker. Nothing touches your host machine. The Kali sandbox container holds all the offensive tools. The graph database stores findings. The web app gives you the dashboard. One docker compose up and youβre running.
β‘ What's Under the Hood β The Full Stack
| Component | What It Does |
|---|---|
| AI Agent | LangGraph + ReAct pattern β reasons about attack surface, selects tools, executes multi-step attacks |
| Recon Pipeline | 6-phase automated scanning β subdomains, ports, HTTP, resources, vulns, MITRE mapping |
| Neo4j Graph DB | Stores entire attack surface as interconnected graph β 17 node types, 20+ relationships |
| Kali Sandbox | Docker container with all offensive tools β Metasploit, Nmap, Nuclei, SQLMap, etc. |
| MCP Tool Servers | Model Context Protocol bridges connecting the AI to Naabu, Nuclei, Curl, Metasploit |
| GVM/OpenVAS | Full vulnerability management scanner integration |
| GitHub Secret Hunt | Scans targetβs GitHub repos for leaked API keys, passwords, tokens (40+ regex patterns) |
| Guinea Pigs | Built-in vulnerable Docker containers for safe testing β practice without touching real systems |
| Web App | Next.js dashboard β real-time agent timeline, graph visualizer, project settings |
π€ AI Models β Use Any LLM You Want
RedAmon supports 5 providers and 400+ models out of the box:
| Provider | Models | Notes |
|---|---|---|
| Anthropic | Claude Opus 4.6, Sonnet 4.5, Haiku 4.5 | Best reasoning for complex exploits |
| OpenAI | GPT-5.2, GPT-5, GPT-4.1 | Strong general performance |
| OpenRouter | 300+ models β Llama 4, Gemini 3, Mistral, Qwen, DeepSeek | Free models available for testing |
| OpenAI-Compatible | Ollama, vLLM, any local server | Run completely offline with local models |
| Gemini 3 Pro | Via OpenRouter or direct |
Pro tip: Use a free Llama model on OpenRouter for testing, then switch to Claude Opus for real assessments β one dropdown, no code changes.
π° Why This Is a Big Deal β Real Use Cases
For learning:
- Set up the built-in βguinea pigβ vulnerable containers and watch an AI hack them step by step β better than any course because you see the full attack chain in real-time
- The graph database visualization shows HOW attacks connect β subdomain β IP β port β service β vulnerability β exploit β credentials. You see the chain, not just the result
For bug bounty hunters:
- RedAmon automates the boring recon phase that eats 80% of your time β subdomain enumeration, port scanning, tech fingerprinting, vulnerability scanning
- The GitHub secret hunter alone can find leaked API keys worth $500-5,000+ in bounties
- The graph database means you never lose findings across sessions β everything is queryable and interconnected
For freelance pentesters / security consultants:
- A solo pentester charging $150-300/hour now has an AI co-pilot doing the heavy lifting
- The Neo4j graph gives you instant, visual reports β clients pay premium for clear attack path visualizations
- 180+ configurable parameters per project means you can fine-tune scans to match engagement scope exactly
- Distributed agent architecture β deploy scanner nodes at client sites, aggregate data centrally
For companies doing internal security:
- Run continuous security assessments against your own infrastructure β not once a year, but whenever you push code
- The GitHub secret hunt catches leaked credentials in your orgβs repos before attackers do
- GVM/OpenVAS integration provides compliance-grade vulnerability reports
The money angle: Professional penetration testing firms charge $5,000-50,000+ per engagement. This tool automates the bulk of the workflow. Whether youβre a solo consultant or building a security practice, RedAmon is the difference between doing 2 engagements a month and doing 10.
βοΈ Setup β One Command, Everything Runs
Requirements: Docker + Docker Compose + at least one AI API key.
git clone https://github.com/samugit83/redamon.git
cd redamon
cp .env.example .env
# Edit .env β add at least one AI provider key (Anthropic, OpenAI, or OpenRouter)
docker compose up -d
Open http://localhost:3000 in your browser. Thatβs it.
What gets deployed (all Docker containers):
- Web app (Next.js dashboard)
- AI Agent (LangGraph orchestrator)
- Recon Orchestrator (scan pipeline manager)
- Kali Sandbox (offensive tools)
- Neo4j (graph database)
- PostgreSQL (project/user data)
- Redis (caching)
- GVM Scanner (optional β vulnerability management)
For safe testing (no real targets needed):
docker compose -f docker-compose.guinea-pigs.yml up -d
This launches intentionally vulnerable containers that the AI can discover, scan, and exploit in a closed lab.
π Real-Time Control β You're Always in Charge
This isnβt a βfire and forgetβ tool. You have full oversight:
| Feature | What It Does |
|---|---|
| Phase Approval | AI asks permission before transitioning from recon β exploitation β post-exploitation |
| Real-Time Guidance | Send steering messages while the agent works β injected into its reasoning |
| Stop & Resume | Pause at any point, inspect findings, then resume from the exact checkpoint |
| Tool Transparency | See every tool call, every argument, every output in the live timeline |
| Chat Interface | Talk to the agent like a colleague β ask questions, redirect focus, request deeper analysis |
Quick Hits
| Want | Do |
|---|---|
| Learn pentesting |
β Deploy guinea pigs, watch the AI hack them |
 Bug bounties |
β Point recon at targets, let GitHub hunt find secrets |
 Audit your company |
β Full pipeline against your own infra |
 Use free AI |
β OpenRouter + Llama for $0 testing |
GitHub: https://github.com/samugit83/redamon
An AI that thinks like a hacker. Open source. One command to deploy.
!