{"id":13938,"date":"2026-06-29T10:03:34","date_gmt":"2026-06-29T10:03:34","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/29\/redamon-ai-tool-that-chains-reconnaissance-exploitation-and-post-exploitation\/"},"modified":"2026-06-29T10:03:34","modified_gmt":"2026-06-29T10:03:34","slug":"redamon-ai-tool-that-chains-reconnaissance-exploitation-and-post-exploitation","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/29\/redamon-ai-tool-that-chains-reconnaissance-exploitation-and-post-exploitation\/","title":{"rendered":"RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation"},"content":{"rendered":"<p>    RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">A new open-source offensive security platform called RedAmon is redefining <a href=\"https:\/\/cybersecuritynews.com\/autopentestx-penetration-testing-toolkit\/\" target=\"_blank\" rel=\"noreferrer noopener\">automated penetration testing<\/a> by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written.<\/p>\n<p class=\"wp-block-paragraph\">RedAmon is a modular, containerized <a href=\"https:\/\/cybersecuritynews.com\/darkmoon-penetration-testing-platform\/\" target=\"_blank\" rel=\"noreferrer noopener\">penetration testing framework<\/a> built on Docker that requires no security tools installed directly on the host system.<\/p>\n<p class=\"wp-block-paragraph\">The platform is architected around six core pillars: a parallelized Reconnaissance Pipeline, an AI Agent Orchestrator, an Attack Surface Graph, EvoGraph for cross-session intelligence, the CypherFix remediation engine, and a 500+ parameter Project Settings Engine. Its complete kill chain is summarized as:<\/p>\n<p class=\"wp-block-paragraph\">Reconnaissance \u2192 Exploitation \u2192 Post-Exploitation \u2192 AI Triage \u2192 CodeFix Agent \u2192 GitHub PR<\/p>\n<p class=\"wp-block-paragraph\">RedAmon\u2019s recon pipeline launches over 40 industry-standard security tools in parallel, including Subfinder, Amass, Naabu, Masscan, Nuclei, Katana, FFuf, and Arjun inside a Kali Linux container.<\/p>\n<p class=\"wp-block-paragraph\">Each tool\u2019s output feeds directly into a shared Neo4j knowledge graph with 17 node types and 20+ relationship types, giving the AI agent a structured, fully connected, and queryable attack surface in minutes rather than hours.<\/p>\n<p class=\"wp-block-paragraph\">A dedicated AI Gauntlet module extends reconnaissance to AI\/LLM surfaces, attacking discovered endpoints with four red-team tools \u2014 garak, PyRIT, Giskard, and promptfoo to test for prompt injection, jailbreaks, and data leakage, all mapped to OWASP-LLM and MITRE-ATLAS classifications.<\/p>\n<p class=\"wp-block-paragraph\">At the heart of RedAmon is a LangGraph-based autonomous agent implementing the ReAct (Reasoning + Acting) pattern. The agent progresses through three sequential phases: Informational, Exploitation, and Post-Exploitation, and has access to 14+ security tools via <a href=\"https:\/\/cybersecuritynews.com\/best-model-context-protocol-mcp-servers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Model Context Protocol (MCP) servers<\/a> running in a sandboxed Kali environment.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"\ud83d\udd34 RedAmon 2.0: From 0 to 1000 Github Stars in 10 Days \u2014 Now With Multi-Agent Parallel Attacks\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/afViJUit0xE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div>\n<\/figure>\n<p class=\"wp-block-paragraph\">These tools include Metasploit for exploit execution, Hydra for credential brute-forcing, Playwright for browser automation, and a full Kali shell with 70+ pre-installed CLI utilities.<\/p>\n<p class=\"wp-block-paragraph\">A Fireteam mode enables the root agent to fan out into multiple specialist sub-agents working in parallel, for example, simultaneously validating credential policies via Hydra, verifying a CVE exploit path through privilege escalation, and mapping XSS vulnerabilities across a frontend.<\/p>\n<p class=\"wp-block-paragraph\">Where most offensive tools stop at discovery, RedAmon goes further with CypherFix, a two-agent automated remediation pipeline. A Triage Agent runs nine hardcoded Cypher queries against the Neo4j graph, correlates hundreds of findings, deduplicates them, and ranks them by exploitability.<\/p>\n<p class=\"wp-block-paragraph\">A CodeFix Agent then clones the target repository, navigates the codebase using 11 code-aware tools, implements targeted fixes in a ReAct loop, and opens a GitHub pull request ready for human review and merge.<\/p>\n<p class=\"wp-block-paragraph\">RedAmon is not fully autonomous by design. A Tool Confirmation system provides per-tool human-in-the-loop gates, pausing agent execution before high-impact <a href=\"https:\/\/cybersecuritynews.com\/28-years-of-nmap\/\" target=\"_blank\" rel=\"noreferrer noopener\">operations such as Nmap scans<\/a>, Metasploit exploits, or Hydra brute-force runs, and presenting inline Allow\/Deny prompts in the chat timeline.<\/p>\n<p class=\"wp-block-paragraph\">A Rules of Engagement (RoE) document can be uploaded to auto-configure project-wide constraints, while a Target Guardrail permanently blocks government, military, and educational domains at the framework level.<\/p>\n<p class=\"wp-block-paragraph\">RedAmon was created and is maintained by Samuele Giampieri, an AWS-certified AI Platform Architect with 15+ years of experience in enterprise AI agentic systems, alongside Ritesh Gohil, a Cyber Security Engineer at Workday with 7+ years in penetration testing and 11 published CVEs.<\/p>\n<p class=\"wp-block-paragraph\">The framework supports LLM providers, including OpenAI (GPT-5), Anthropic (Claude Opus 4.6), AWS Bedrock, and Ollama-compatible local models, with more than 400 models dynamically selectable per project. It is <a href=\"https:\/\/github.com\/samugit83\/redamon\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">available on GitHub<\/a>.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong><strong><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/1f512.png?ssl=1\" alt=\"\ud83d\udd12\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> CISO \/ Security Leader: Your Next Breach May Not Have a Face: Join the \u201c<a href=\"https:\/\/www.isc2.org\/professional-development\/webinars\/apac-webinars?commid=668913&amp;utm_source=sponsor-news\" type=\"link\" id=\"https:\/\/www.isc2.org\/professional-development\/webinars\/apac-webinars?commid=668913&amp;utm_source=sponsor-news\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Ghost in the Machine<\/a>\u201d LIVE webinar with ISC2<\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/redamon-ai-tool\/\">RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/redamon-ai-tool\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation A new open-source offensive security platform called RedAmon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written. RedAmon is a modular, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,1709],"tags":[130],"class_list":["post-13938","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-cyberpedia","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13938"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13938"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13938\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}