RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation

HomeCyber Security RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation By Guru Baran June 29, 2026 A new open-source offensive security platform called RedAmon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written. RedAmon is a modular, containerized penetration testing framework built on Docker that requires no security tools installed directly on the host system. The platform is architected around six core pillars: a parallelized Reconnaissance Pipeline, an AI Agent Orchestrator, an Attack Surface Graph, EvoGraph for cross-session intelligence, the CypherFix remediation engine, and a 500+ parameter Project Settings Engine. Its complete kill chain is summarized as: Reconnaissance → Exploitation → Post-Exploitation → AI Triage → CodeFix Agent → GitHub PR RedAmon’s recon pipeline launches over 40 industry-standard security tools in parallel, including Subfinder, Amass, Naabu, Masscan, Nuclei, Katana, FFuf, and Arjun inside a Kali Linux container. Each tool’s output feeds directly into a shared Neo4j knowledge graph with 17 node types and 20+ relationship types, giving the AI agent a structured, fully connected, and queryable attack surface in minutes rather than hours. A dedicated AI Gauntlet module extends reconnaissance to AI/LLM surfaces, attacking discovered endpoints with four red-team tools — garak, PyRIT, Giskard, and promptfoo to test for prompt injection, jailbreaks, and data leakage, all mapped to OWASP-LLM and MITRE-ATLAS classifications. At the heart of RedAmon is a LangGraph-based autonomous agent implementing the ReAct (Reasoning + Acting) pattern. The agent progresses through three sequential phases: Informational, Exploitation, and Post-Exploitation, and has access to 14+ security tools via Model Context Protocol (MCP) servers running in a sandboxed Kali environment. These tools include Metasploit for exploit execution, Hydra for credential brute-forcing, Playwright for browser automation, and a full Kali shell with 70+ pre-installed CLI utilities. A Fireteam mode enables the root agent to fan out into multiple specialist sub-agents working in parallel, for example, simultaneously validating credential policies via Hydra, verifying a CVE exploit path through privilege escalation, and mapping XSS vulnerabilities across a frontend. Where most offensive tools stop at discovery, RedAmon goes further with CypherFix, a two-agent automated remediation pipeline. A Triage Agent runs nine hardcoded Cypher queries against the Neo4j graph, correlates hundreds of findings, deduplicates them, and ranks them by exploitability. A CodeFix Agent then clones the target repository, navigates the codebase using 11 code-aware tools, implements targeted fixes in a ReAct loop, and opens a GitHub pull request ready for human review and merge. RedAmon is not fully autonomous by design. A Tool Confirmation system provides per-tool human-in-the-loop gates, pausing agent execution before high-impact operations such as Nmap scans, Metasploit exploits, or Hydra brute-force runs, and presenting inline Allow/Deny prompts in the chat timeline. A Rules of Engagement (RoE) document can be uploaded to auto-configure project-wide constraints, while a Target Guardrail permanently blocks government, military, and educational domains at the framework level. RedAmon was created and is maintained by Samuele Giampieri, an AWS-certified AI Platform Architect with 15+ years of experience in enterprise AI agentic systems, alongside Ritesh Gohil, a Cyber Security Engineer at Workday with 7+ years in penetration testing and 11 published CVEs. The framework supports LLM providers, including OpenAI (GPT-5), Anthropic (Claude Opus 4.6), AWS Bedrock, and Ollama-compatible local models, with more than 400 models dynamically selectable per project. It is available on GitHub. What Features Should AI SOC Have? – Download Free 2026 AI SOC Features Checklist Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News AiTM Phishing Kits Steal Console Credentials and MFA Codes from AWS Environments Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers Cordyceps Supply Chain Flaw Impacting Code Repositories at thousands of Organizations Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers Latest News Cyber Security Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations Cyber Security New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage Cyber Security New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets Cyber Security Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments Cyber Security New Linux pedit COW Exploit Allows Attackers to Gain System Root Access