RedAmon is an AI-powered agentic red team framework automating offensive security operations from reconnaissance to post-exploitation with zero human intervention. It targets security professionals and researchers, offering an end-to-end, autonomous pipeline for comprehensive security assessments.

How It Works

This modular, containerized framework orchestrates automated reconnaissance, AI-driven exploitation, and graph-powered intelligence. Its core comprises a multi-phase Reconnaissance Pipeline, a LangGraph-based AI Agent Orchestrator that reasons over a Neo4j Attack Surface Graph, and a Project Settings Engine. This approach enables autonomous decision-making and tool execution via the Model Context Protocol (MCP), creating a unified offensive security workflow.

Quick Start & Requirements

• Primary Install/Run: Requires Docker and Docker Compose v2+.
  1. Clone the repository.
  2. Copy .env.example to .env and add an AI provider API key (Anthropic or OpenAI). Optional keys for Tavily and NVD can also be added.
  3. Build images with docker compose --profile tools build.
  4. Start services with docker compose up -d.
• Prerequisites: Docker, Docker Compose v2+, AI provider API keys.
• Links: Webapp: http://localhost:3000, Neo4j Browser: http://localhost:7474.

Highlighted Details

• Automated Reconnaissance Pipeline: A six-phase process (Domain Discovery, Port Scanning, HTTP Probing, Resource Enumeration, Vulnerability Scanning, MITRE/GitHub Secret Hunting) utilizing tools like crt.sh, Knockpy, Naabu, Httpx, Wappalyzer, and Nuclei.
• AI Agent Orchestrator: Employs the ReAct pattern via LangGraph, progressing through Informational, Exploitation, and Post-Exploitation phases. Features chat-based graph interaction (text-to-Cypher) and real-time steering capabilities.
• Attack Surface Graph: A Neo4j knowledge graph with 17 node types and 20+ relationship types, serving as the central source of truth for all findings and the AI agent's primary data source.
• MCP Tool Integration: The AI agent interacts with security tools (Naabu, Curl, Nuclei, Metasploit) through the Model Context Protocol (MCP) for seamless execution.

Maintenance & Community

The project is maintained by Samuele Giampieri. No specific community channels or sponsorships are detailed in the README.

Licensing & Compatibility

Released under the MIT License, which is permissive for commercial use and integration into closed-source projects.

Limitations & Caveats

Features such as the GVM Scanner, GitHub Secret Hunting, and the Guinea Pig test environments are marked as "Under Development" and are not yet fully integrated or production-ready. The framework's functionality is dependent on valid API keys from supported AI providers.