A new open-source offensive security platform called RedAmon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written.
RedAmon is a modular, containerized penetration testing framework built on Docker that requires no security tools installed directly on the host system.
The platform is architected around six core pillars: a parallelized Reconnaissance Pipeline, an AI Agent Orchestrator, an Attack Surface Graph, EvoGraph for cross-session intelligence, the CypherFix remediation engine, and a 500+ parameter Project Settings Engine. Its complete kill chain is summarized as:
Reconnaissance → Exploitation → Post-Exploitation → AI Triage → CodeFix Agent → GitHub PR
RedAmon’s recon pipeline launches over 40 industry-standard security tools in parallel, including Subfinder, Amass, Naabu, Masscan, Nuclei, Katana, FFuf, and Arjun inside a Kali Linux container.
Each tool’s output feeds directly into a shared Neo4j knowledge graph with 17 node types and 20+ relationship types, giving the AI agent a structured, fully connected, and queryable attack surface in minutes rather than hours.
A dedicated AI Gauntlet module extends reconnaissance to AI/LLM surfaces, attacking discovered endpoints with four red-team tools — garak, PyRIT, Giskard, and promptfoo to test for prompt injection, jailbreaks, and data leakage, all mapped to OWASP-LLM and MITRE-ATLAS classifications.
At the heart of RedAmon is a LangGraph-based autonomous agent implementing the ReAct (Reasoning + Acting) pattern. The agent progresses through three sequential phases: Informational, Exploitation, and Post-Exploitation, and has access to 14+ security tools via Model Context Protocol (MCP) servers running in a sandboxed Kali environment.
These tools include Metasploit for exploit execution, Hydra for credential brute-forcing, Playwright for browser automation, and a full Kali shell with 70+ pre-installed CLI utilities.
A Fireteam mode enables the root agent to fan out into multiple specialist sub-agents working in parallel, for example, simultaneously validating credential policies via Hydra, verifying a CVE exploit path through privilege escalation, and mapping XSS vulnerabilities across a frontend.
Where most offensive tools stop at discovery, RedAmon goes further with CypherFix, a two-agent automated remediation pipeline. A Triage Agent runs nine hardcoded Cypher queries against the Neo4j graph, correlates hundreds of findings, deduplicates them, and ranks them by exploitability.
A CodeFix Agent then clones the target repository, navigates the codebase using 11 code-aware tools, implements targeted fixes in a ReAct loop, and opens a GitHub pull request ready for human review and merge.
RedAmon is not fully autonomous by design. A Tool Confirmation system provides per-tool human-in-the-loop gates, pausing agent execution before high-impact operations such as Nmap scans, Metasploit exploits, or Hydra brute-force runs, and presenting inline Allow/Deny prompts in the chat timeline.
A Rules of Engagement (RoE) document can be uploaded to auto-configure project-wide constraints, while a Target Guardrail permanently blocks government, military, and educational domains at the framework level.
RedAmon was created and is maintained by Samuele Giampieri, an AWS-certified AI Platform Architect with 15+ years of experience in enterprise AI agentic systems, alongside Ritesh Gohil, a Cyber Security Engineer at Workday with 7+ years in penetration testing and 11 published CVEs.
The framework supports LLM providers, including OpenAI (GPT-5), Anthropic (Claude Opus 4.6), AWS Bedrock, and Ollama-compatible local models, with more than 400 models dynamically selectable per project. It is available on GitHub.
What Features Should AI SOC Have? – Download Free 2026 AI SOC Features Checklist
The post RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation appeared first on Cyber Security News.
