RedAmon

Deploy N specialist sub-agents investigating independent attack angles concurrently. Each runs its own ReAct loop and approval queue.

Scatter-Gather ReAct pattern: asyncio fan-out, fan-in to unified context, no recursion, per-agent attribution.

Every tool, finding, exploit and dead-end persists as a queryable graph that survives across sessions. New sessions auto-load prior context.

5-node attack taxonomy, dual-layer in-memory + async Neo4j writes, cross-session learning at session init.

When the agent spots independent tools, it runs them all at once under a single Wave card and merges their analysis.

asyncio batched tool execution, single streaming card, joint output reasoning, slashing wall-clock time by N.

The agent classifies every finding against the active skill registry and routes it to the matching built-in or user-defined attack skill without manual selection.

LLM tags each finding with the closest registered skill slug; phase gate, ROE check, and payload defaults are looked up automatically from the skill's manifest.

At session start, phase transitions and 3+ failure loops the agent pauses for structured Situation / Vectors / Approach / Priority / Risks analysis.

Four trigger conditions, five-section output, injected into all subsequent reasoning. Counts as roughly 1 extra LLM call per engagement.

Keep post-exploit shells open and run lateral movement, privilege escalation and exfil interactively, not as one-shot payloads.

Stateful + stateless modes, persistent session state, 70+ post-exploit commands, Meterpreter-aware routing.

Auto-tunnel reverse shells over ngrok or Chisel. LHOST and LPORT are auto-discovered and payloads are pre-configured for the agent.

Two providers (ngrok TCP single-port, Chisel multi-port bidirectional), auto-started inside Kali sandbox, hidden endpoint config.

Multi-level scope enforcement: LLM ethics gate, 250+ hard-coded .gov / .mil / critical-infra blocklist, RoE parser, stealth mode, phase gating, HITL approvals, tenant-isolated Cypher, sandboxed Kali container.

Soft LLM guardrail, deterministic regex blocklist, three-tier RoE enforcement, stealth-mode tool restrictions, phase-gated tool map, 27-tool confirmation list, phase-transition approval, per-skill OOB toggles, read-only Cypher with user_id+project_id filters, containerized execution.

Human-in-the-loop gates on Metasploit, Hydra, code execution and phase transitions. Flip a switch for fully autonomous mode.

Per-project Agent Behaviour, deterministic dangerous-tool list, stealth mode disables noisy tools and blocks live scanning.

Type a message while the agent is mid-engagement and it gets injected into the next reasoning step. Refocus, redirect or veto without stopping the session.

Examples: 'focus on SSH vulnerabilities', 'skip the web app, look at network services', 'try a different exploit module'. Acknowledged by the agent before the next think iteration.

Run multiple independent agentic conversations per project, each with its own phase, todo list and execution trace. Switch between them without losing state.

Per-conversation checkpointing, days-later resume, agent-running indicators, auto-generated titles, Markdown export. Stop and Resume preserve full context.

Local FAISS + Neo4j RAG index over curated security datasets (GTFOBins, LOLBAS, NVD, ExploitDB, OWASP, Nuclei, MITRE) queried before any external web search.

6-stage pipeline: hybrid retrieval, source boosts, cross-encoder rerank, MMR diversity, sufficiency check. ~250 ms vs 1-3 s Tavily, works offline, falls back automatically when confidence is low.

Ask the agent “show endpoints with injectable params” and it generates the Cypher query, with 3-attempt error recovery.

25+ example patterns, automatic parameter binding, write ops blocked, tenant-filtered to prevent cross-project leakage.

Curate trusted hacking sources (HackTricks, PayloadsAllTheThings). The agent fetches and cites pages mid-attack.

Per-user URL library, auto-fetch during chains, content embedded into reasoning steps with source attribution.

Swap the agent brain across OpenAI, Anthropic, OpenRouter, Google Gemini, DeepSeek, GLM, Kimi, Qwen, xAI Grok, Mistral, AWS Bedrock and any OpenAI-compatible endpoint, per project or per session.

Model-tuned system prompts, hot-swap, dynamic model fetching, OpenAI-compatible bucket covers Ollama, vLLM, LM Studio, Groq, Together AI, Fireworks AI, Deepinfra.

Phase-aware workflows for CVE/MSF, SQLi, XSS, SSRF, RCE, Path Traversal/LFI/RFI, Hydra brute force, phishing simulation and availability testing. Auto-selected by the Intent Router from a single user message.

Per-skill tool routing (sqlmap, dalfox, commix, sstimap, ysoserial, hydra, msfvenom, slowhttptest), OWASP 4-stage rigor, OOB oracles via interactsh, RoE-gated activation.

Drop-in Markdown attack workflows from the community: XXE, BFLA, IDOR/BOLA, SSTI, insecure deserialization, mass assignment, subdomain takeover, insecure file uploads, advanced API/SQLi/XSS exploitation.

Each skill is a single .md file with phased steps and a description for classification, injected verbatim across all three phases. Upload your own from Global Settings, toggled per project.

Reference library for tool flags, vulnerability theory and framework quirks. Inject any of them mid-conversation with /skill ffuf, /skill nextjs, /skill jwt, etc.

Categories cover Active Directory, Cloud, Post-Exploitation, Tooling, Protocols, API Security, Technologies, Frameworks, Vulnerabilities. Persist across messages, swap on demand, no impact on classification.

The modules are not isolated scanners. Each tool's output is the next tool's input: subdomains feed port scans, ports feed HTTP probes, URLs feed crawlers, JS bundles feed secret detectors. Every finding lands in the graph as a node, every dependency as a relationship.

Producer / consumer mapping locks every stage to the next, MERGE-based writes deduplicate across runs, and the resulting graph becomes the structured knowledge the agent reasons over via query_graph and Cypher.

Independent modules running concurrently end-to-end: subdomain discovery, OSINT enrichment, port scanning, HTTP probing, web crawling, JS analysis, GraphQL testing, vhost discovery, takeover detection, vulnerability scanning, secret hunting and security configuration checks.

ThreadPoolExecutor fan-out, MERGE-based graph writes, RoE-aware tool gating, partial recon to re-run any single tool without redoing the pipeline.

Battle-tested CLI tools, APIs and detector libraries shipped across the modules: Subfinder, Amass, Nuclei, Httpx, Naabu, Masscan, Nmap, Katana, FFuf, jsluice, GVM, TruffleHog, Subjack, BadDNS, vulnx and 60+ more.

Full ProjectDiscovery suite, OWASP Amass, OpenVAS NVT corpus, vulnx + NVD + KEV + EPSS + MITRE ATT&CK / CWE / CAPEC, 7 passive OSINT sources, 90+ JS secret patterns, 700+ TruffleHog detectors, 40+ takeover provider fingerprints.

Every recon stage feeds a single Neo4j knowledge graph the agent reasons over: Domain → Subdomain → IP → Port → Service → CVE → Endpoint → Vuln.

32 node types, 50+ relationships, multi-tenant scoped (user_id + project_id on every node), EvoGraph bridges to attack chains.

Extract API endpoints, cloud keys, JWT secrets, source maps and dependency confusion vectors from JavaScript bundles.

jsluice + 90+ regex patterns (AWS, GCP, Stripe, Twilio), framework fingerprinting, graph-indexed for agent reuse.

Each module exposes its full parameter surface in the project settings UI: thread counts, rate limits, scan profiles, wordlists, severity filters, custom flags. UI fields become the tool's CLI arguments at scan time.

169+ project settings across dedicated per-tool forms, sensible defaults, validated input, immutable post-apply for reproducible scans, free-form custom-args field for power users.

Real network-level GVM/OpenVAS scans against live IPs (not just DAST) with QoD scoring and CVSS-rated findings.

Parallel container, configurable scan profiles (Full+fast, Full+slow), CVE/Vulnerability node feeds linked to IP/Port/Service.

Scan repos for 700+ secret patterns and live-verify they actually authenticate against the issuing API.

Regex + entropy detection, optional API verification, verified flag on Secret nodes, supports private repos.

Mine GitHub search, repos and commit history for hardcoded credentials with 40+ entropy-validated patterns.

Public + private repos, full commit history, PDCP-compatible, results merged into the graph as Secret nodes.

Find admin panels, staging sites and k8s ingress backends hidden behind reverse proxies via L7 Host + L4 SNI probing.

Per IP×subdomain pair, separate BaseURL nodes, detection method tagged, exposes Cloudflare routing inconsistencies.

One-click profiles for API, web, internal, cloud or IoT. Or ask the AI to generate a custom preset for your target.

328+ pipeline parameters, immutable post-apply for reproducible scans, AI generation via LLM on demand.

Visual 11-stage pipeline diagram with animated edges and amber/red warnings when tool dependencies are starved.

Three-band layout (data / tools / data), click-through tool config modal, Tab/Workflow toggle, real-time edge animation.

Re-run any tool (Nuclei, Naabu, Katana) on custom inputs without redoing the full pipeline. Results MERGE into the graph with no duplicates.

Per-tool play button, custom-targets modal, MERGE logic with orphan UserInput cleanup, saved tool settings honoured.

AI layered over the deterministic recon boosts and tunes every tool execution against the live response fingerprint, dropping wasted probes and sharpening coverage on modern targets.

Optional per-tool hooks, master toggle in Target tab, fail-safe fallback to static config on any LLM error.