[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-samugit83--redamon":3,"tool-samugit83--redamon":64},[4,17,27,35,43,56],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":16},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面,旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点,将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师,还是想要深入探索模型潜力的开发者与研究人员,都能从中获益。其核心亮点在于极高的功能丰富度:不仅支持文生图、图生图、局部重绘(Inpainting)和外绘(Outpainting)等基础模式,还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外,它内置了 GFPGAN 和 CodeFormer 等人脸修复工具,支持多种神经网络放大算法,并允许用户通过插件系统无限扩展能力。即使是显存有限的设备,stable-diffusion-webui 也提供了相应的优化选项,让高质量的 AI 艺术创作变得触手可及。",162132,3,"2026-04-05T11:01:52",[13,14,15],"开发框架","图像","Agent","ready",{"id":18,"name":19,"github_repo":20,"description_zh":21,"stars":22,"difficulty_score":23,"last_commit_at":24,"category_tags":25,"status":16},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手(如 Claude Code、Codex、Cursor 等)打造的高性能优化系统。它不仅仅是一组配置文件,而是一个经过长期实战打磨的完整框架,旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能,everything-claude-code 能显著提升 AI 在复杂任务中的表现,帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略,使得模型响应更快、成本更低,同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库,还是需要 AI 协助进行安全审计与自动化测试,everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目,它融合了多语言支持与丰富的实战钩子(hooks),让 AI 真正成长为懂上",138956,2,"2026-04-05T11:33:21",[13,15,26],"语言模型",{"id":28,"name":29,"github_repo":30,"description_zh":31,"stars":32,"difficulty_score":23,"last_commit_at":33,"category_tags":34,"status":16},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎,专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式,采用直观的节点式流程图界面,让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景,也能自由组合模型、调整参数并实时预览效果,轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性,不仅支持 Windows、macOS 和 Linux 全平台,还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构,并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者,还是追求极致创作自由度的设计师与资深 AI 绘画爱好者,ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能,使其成为当前最灵活、生态最丰富的开源扩散模型工具之一,帮助用户将创意高效转化为现实。",107662,"2026-04-03T11:11:01",[13,14,15],{"id":36,"name":37,"github_repo":38,"description_zh":39,"stars":40,"difficulty_score":23,"last_commit_at":41,"category_tags":42,"status":16},3704,"NextChat","ChatGPTNextWeb\u002FNextChat","NextChat 是一款轻量且极速的 AI 助手,旨在为用户提供流畅、跨平台的大模型交互体验。它完美解决了用户在多设备间切换时难以保持对话连续性,以及面对众多 AI 模型不知如何统一管理的痛点。无论是日常办公、学习辅助还是创意激发,NextChat 都能让用户随时随地通过网页、iOS、Android、Windows、MacOS 或 Linux 端无缝接入智能服务。\n\n这款工具非常适合普通用户、学生、职场人士以及需要私有化部署的企业团队使用。对于开发者而言,它也提供了便捷的自托管方案,支持一键部署到 Vercel 或 Zeabur 等平台。\n\nNextChat 的核心亮点在于其广泛的模型兼容性,原生支持 Claude、DeepSeek、GPT-4 及 Gemini Pro 等主流大模型,让用户在一个界面即可自由切换不同 AI 能力。此外,它还率先支持 MCP(Model Context Protocol)协议,增强了上下文处理能力。针对企业用户,NextChat 提供专业版解决方案,具备品牌定制、细粒度权限控制、内部知识库整合及安全审计等功能,满足公司对数据隐私和个性化管理的高标准要求。",87618,"2026-04-05T07:20:52",[13,26],{"id":44,"name":45,"github_repo":46,"description_zh":47,"stars":48,"difficulty_score":23,"last_commit_at":49,"category_tags":50,"status":16},2268,"ML-For-Beginners","microsoft\u002FML-For-Beginners","ML-For-Beginners 是由微软推出的一套系统化机器学习入门课程,旨在帮助零基础用户轻松掌握经典机器学习知识。这套课程将学习路径规划为 12 周,包含 26 节精炼课程和 52 道配套测验,内容涵盖从基础概念到实际应用的完整流程,有效解决了初学者面对庞大知识体系时无从下手、缺乏结构化指导的痛点。\n\n无论是希望转型的开发者、需要补充算法背景的研究人员,还是对人工智能充满好奇的普通爱好者,都能从中受益。课程不仅提供了清晰的理论讲解,还强调动手实践,让用户在循序渐进中建立扎实的技能基础。其独特的亮点在于强大的多语言支持,通过自动化机制提供了包括简体中文在内的 50 多种语言版本,极大地降低了全球不同背景用户的学习门槛。此外,项目采用开源协作模式,社区活跃且内容持续更新,确保学习者能获取前沿且准确的技术资讯。如果你正寻找一条清晰、友好且专业的机器学习入门之路,ML-For-Beginners 将是理想的起点。",84991,"2026-04-05T10:45:23",[14,51,52,53,15,54,26,13,55],"数据工具","视频","插件","其他","音频",{"id":57,"name":58,"github_repo":59,"description_zh":60,"stars":61,"difficulty_score":10,"last_commit_at":62,"category_tags":63,"status":16},3128,"ragflow","infiniflow\u002Fragflow","RAGFlow 是一款领先的开源检索增强生成(RAG)引擎,旨在为大语言模型构建更精准、可靠的上下文层。它巧妙地将前沿的 RAG 技术与智能体(Agent)能力相结合,不仅支持从各类文档中高效提取知识,还能让模型基于这些知识进行逻辑推理和任务执行。\n\n在大模型应用中,幻觉问题和知识滞后是常见痛点。RAGFlow 通过深度解析复杂文档结构(如表格、图表及混合排版),显著提升了信息检索的准确度,从而有效减少模型“胡编乱造”的现象,确保回答既有据可依又具备时效性。其内置的智能体机制更进一步,使系统不仅能回答问题,还能自主规划步骤解决复杂问题。\n\n这款工具特别适合开发者、企业技术团队以及 AI 研究人员使用。无论是希望快速搭建私有知识库问答系统,还是致力于探索大模型在垂直领域落地的创新者,都能从中受益。RAGFlow 提供了可视化的工作流编排界面和灵活的 API 接口,既降低了非算法背景用户的上手门槛,也满足了专业开发者对系统深度定制的需求。作为基于 Apache 2.0 协议开源的项目,它正成为连接通用大模型与行业专有知识之间的重要桥梁。",77062,"2026-04-04T04:44:48",[15,14,13,26,54],{"id":65,"github_repo":66,"name":67,"description_en":68,"description_zh":69,"ai_summary_zh":69,"readme_en":70,"readme_zh":71,"quickstart_zh":72,"use_case_zh":73,"hero_image_url":74,"owner_login":75,"owner_name":76,"owner_avatar_url":77,"owner_bio":78,"owner_company":79,"owner_location":78,"owner_email":80,"owner_twitter":78,"owner_website":78,"owner_url":81,"languages":82,"stars":111,"forks":112,"last_commit_at":113,"license":114,"difficulty_score":10,"env_os":115,"env_gpu":116,"env_ram":117,"env_deps":118,"category_tags":121,"github_topics":122,"view_count":23,"oss_zip_url":78,"oss_zip_packed_at":78,"status":16,"created_at":133,"updated_at":134,"faqs":135,"releases":156},1777,"samugit83\u002Fredamon","redamon","An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.","RedAmon是一个AI驱动的红队自动化框架,能自主完成从信息收集、漏洞利用到后续渗透的全流程安全测试。它将传统人工操作转化为端到端流水线,自动分析漏洞、修复代码并提交PR(CypherFix模块),关键步骤保留人工审核。内置38+安全工具(如Nmap、Metasploit、SQLMap)、400+AI模型,支持本地部署(Ollama\u002FvLLM),处理185,000+检测规则,生成智能报告。适用于安全研究人员和DevSecOps团队,帮助快速发现并修复系统漏洞,提升安全防护效率。所有操作严格遵循授权范围,确保合规使用。","\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_78416e945667.png\" alt=\"RedAmon Logo\" width=\"120\"\u002F>\n \u003Cbr\u002F>\n \u003Cimg src=\"assets\u002Ftitle.svg\" alt=\"RedAmon\" width=\"340\"\u002F>\n \u003Cbr\u002F>\n \u003Cb>\u003Ci>\u003Cbig>\u003Cbig>Unmask the hidden before the world does\u003C\u002Fbig>\u003C\u002Fbig>\u003C\u002Fi>\u003C\u002Fb>\n\u003C\u002Fp>\n\u003Cp align=\"center\" style=\"font-size: 120%;\">\n An autonomous AI framework that chains reconnaissance, exploitation, and post-exploitation into a single pipeline, then goes further by triaging every finding, implementing code fixes, and opening pull requests on your repository. From first packet to merged patch, with human oversight at every critical step.\n\u003C\u002Fp>\n\n\u003Cbr\u002F>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fstargazers\">\u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsamugit83\u002Fredamon?style=flat&color=2E8B57&label=Stars\" alt=\"GitHub Stars\"\u002F>\u003C\u002Fa>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fv3.2.0-release-2E8B57?style=flat\" alt=\"Version 3.2.0\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWARNING-SECURITY%20TOOL-B22222?style=flat\" alt=\"Security Tool Warning\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLICENSE-MIT-4169A1?style=flat\" alt=\"MIT License\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FEND--TO--END-PIPELINE-A01025?style=flat\" alt=\"End-to-End Pipeline\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI-AUTONOMOUS%20AGENT-6A5ACD?style=flat&logo=openai&logoColor=white\" alt=\"AI Powered\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCONFIGURABLE-AUTONOMY-CC7722?style=flat\" alt=\"Configurable Autonomy\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FKali-Powered-466A7A?style=flat&logo=kalilinux&logoColor=white\" alt=\"Kali Powered\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocker-Compose-1A7EC2?style=flat&logo=docker&logoColor=white\" alt=\"Docker\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FIP%2FCIDR-TARGETING-0D7377?style=flat\" alt=\"IP\u002FCIDR Targeting\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F38+-SECURITY%20TOOLS-CC8F00?style=flat&logo=hack-the-box&logoColor=white\" alt=\"38+ Security Tools\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F185,000+-DETECTION%20RULES-8B1142?style=flat\" alt=\"185,000+ Detection Rules\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F196+-PROJECT%20SETTINGS-00899B?style=flat\" alt=\"196+ Settings\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F400+-AI%20MODELS-04A878?style=flat&logo=huggingface&logoColor=white\" alt=\"400+ AI Models\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F%F0%9F%96%A5%EF%B8%8F_LOCAL%20MODELS-OLLAMA%20%7C%20vLLM%20%7C%20LM%20Studio-B85C00?style=flat\" alt=\"Local Models Support\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMetasploit-Framework-1A6DAA?style=flat\" alt=\"Metasploit Framework\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOpenVAS-Scanner-66B245?style=flat\" alt=\"OpenVAS Scanner\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNmap-Scanner-4682B4?style=flat\" alt=\"Nmap Scanner\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNuclei-Scanner-7B42BC?style=flat\" alt=\"Nuclei Scanner\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSQLMap-Injection-C0392B?style=flat\" alt=\"SQLMap\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHydra-Credential%20Testing-E67E22?style=flat\" alt=\"Hydra Credential Testing\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCypherFix-Auto%20Remediation-00B894?style=flat\" alt=\"CypherFix Auto Remediation\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI-PENTEST%20REPORTS-8B5CF6?style=flat\" alt=\"AI Pentest Reports\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FRoE-Guardrails-3B82F6?style=flat\" alt=\"RoE Guardrails\"\u002F>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\">\u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F📖_WIKI-FULL%20DOCUMENTATION-1A73E8?style=flat\" alt=\"Wiki Documentation\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n> **LEGAL DISCLAIMER**: This tool is intended for **authorized security testing**, **educational purposes**, and **research only**. Never use this system to scan, probe, or attack any system you do not own or have explicit written permission to test. Unauthorized access is **illegal** and punishable by law. By using this tool, you accept **full responsibility** for your actions. **[Read Full Disclaimer](DISCLAIMER.md)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_9120670e7ca6.gif\" alt=\"RedAmon Agent Demo\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FafViJUit0xE\">\u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F▶_WATCH_DEMO-3_Parallel_Agents-FF0000?style=flat&logo=youtube&logoColor=white\" alt=\"Watch Demo\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Cem>Three AI agents test in parallel — one validates credential policies via Hydra, one verifies a CVE exploit path through privilege escalation, one maps XSS vulnerabilities across the frontend.\u003C\u002Fem>\n\u003C\u002Fp>\n\n\u003Cbr\u002F>\n\n\u003Ch1 align=\"center\">\u003Cspan style=\"color:#D48A8A\">Offense\u003C\u002Fspan> meets \u003Cspan style=\"color:#8AAED4\">defense\u003C\u002Fspan> — one pipeline, full visibility.\u003C\u002Fh1>\n\u003Cp align=\"center\">\n\u003Cb>\u003Csamp>\u003Cbig>Reconnaissance ➜ Exploitation ➜ Post-Exploitation ➜ AI Triage ➜ CodeFix Agent ➜ GitHub PR\u003C\u002Fbig>\u003C\u002Fsamp>\u003C\u002Fb>\n\u003Cbr\u002F>\u003Cbr\u002F>\nRedAmon doesn't stop at finding vulnerabilities, it fixes them. The pipeline starts with a 6-phase reconnaissance engine that maps your target's entire attack surface, then hands control to an autonomous AI agent that validates CVE exploitability, tests credential policies, and maps lateral movement paths. Every finding is recorded in a Neo4j knowledge graph. When the offensive phase completes, CypherFix takes over: an AI triage agent correlates hundreds of findings, deduplicates them, and ranks them by exploitability. Then a CodeFix agent clones your repository, navigates the codebase with 11 code-aware tools, implements targeted fixes, and opens a GitHub pull request, ready for review and merge.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_a49d255041e7.gif\" alt=\"CypherFix demo\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n---\n\n## Roadmap & Community Contributions\n\nWe maintain a public **[Project Board](https:\u002F\u002Fgithub.com\u002Fusers\u002Fsamugit83\u002Fprojects\u002F1)** with upcoming features open for community contributions. Pick a task and submit a PR!\n\n\n> **Want to contribute?** See [CONTRIBUTING.md](CONTRIBUTING.md) for how to get started.\n\n### Maintainers\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd align=\"center\" valign=\"top\" width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_2ac057f20a35.png\" alt=\"Samuele Giampieri\" width=\"120\"\u002F>\u003Cbr\u002F>\n\u003Cb>Samuele Giampieri\u003C\u002Fb> — Creator, Maintainer & AI Platform Architect\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Csmall>AI Platform Architect & Full-Stack Lead with 15+ years of freelancing experience and more than 30 projects shipped to production, including enterprise-scale AI agentic systems. AWS-certified (DevOps Engineer, ML Specialty) and IBM-certified AI Engineer. Designs end-to-end ML solutions spanning deep learning, NLP, Computer Vision, and AI Agent systems with LangChain\u002FLangGraph.\u003C\u002Fsmall>\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fsamuele-giampieri-b1b67597\u002F\">LinkedIn\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\">GitHub\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fwww.devergolabs.com\u002F\">Devergo Labs\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd align=\"center\" valign=\"top\" width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_9ac565a90775.png\" alt=\"Ritesh Gohil\" width=\"120\"\u002F>\u003Cbr\u002F>\n\u003Cb>Ritesh Gohil\u003C\u002Fb> — Maintainer & Lead Security Researcher\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Csmall>Cyber Security Engineer at Workday with over 7 years of experience in Web, API, Mobile, Network, and Cloud penetration testing. Published 11 CVEs in MITRE, with security acknowledgements from Google (4×) and Apple (6×). Secured 200+ web and mobile applications and contributed to Exploit Database, Google Hacking Database, and the AWS Community. Holds AWS Security Specialty, eWPTXv2, eCPPTv2, CRTP, and CEH certifications with expertise in red teaming, cloud security, CVE research, and security architecture review.\u003C\u002Fsmall>\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Friteshgohil25\u002F\">LinkedIn\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FL4stPL4Y3R\">GitHub\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- [Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F) & Docker Compose v2+\n\nThat's it. No Node.js, Python, or security tools needed on your host.\n\n#### Minimum System Requirements\n\n| Resource | Without OpenVAS | With OpenVAS (full stack) |\n|----------|----------------|--------------------------|\n| **CPU** | 2 cores | 4 cores |\n| **RAM** | 4 GB | 8 GB (16 GB recommended) |\n| **Disk** | 20 GB free | 50 GB free |\n\n> **Without OpenVAS** runs 6 containers: webapp, postgres, neo4j, agent, kali-sandbox, recon-orchestrator.\n> **With OpenVAS** adds 4 more runtime containers (gvmd, ospd-openvas, gvm-postgres, gvm-redis) plus ~8 one-shot data-init containers for vulnerability feeds (~170K+ NVTs). First launch takes ~30 minutes for GVM feed synchronization.\n> Dynamic recon and scan containers are spawned on-demand during operations and require additional resources.\n\n### 1. Clone & Install\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon.git\ncd redamon\n\n# Without GVM (lighter, faster startup):\n.\u002Fredamon.sh install\n\n# With GVM \u002F OpenVAS (full stack, ~30 min first run):\n.\u002Fredamon.sh install --gvm\n```\n\nThe script builds all images and starts the services. When done, open **http:\u002F\u002Flocalhost:3000**.\n\n### 2. Configure\n\nOpen **http:\u002F\u002Flocalhost:3000\u002Fsettings** (gear icon in the header) to configure everything. No `.env` file is needed.\n\n- **LLM Providers** -- add API keys for OpenAI, Anthropic, OpenRouter, AWS Bedrock, or any OpenAI-compatible endpoint (Ollama, vLLM, Groq, etc.). Each provider can be tested before saving. The model selector in project settings **dynamically fetches** available models from configured providers.\n- **API Keys** -- Tavily, Shodan, SerpAPI, NVD, Vulners, URLScan, and threat intelligence keys (Censys, FOFA, OTX, Netlas, VirusTotal, ZoomEye, CriminalIP) to enable extended agent capabilities (web search, OSINT, CVE lookups, passive threat intel). **Uncover multi-engine search** keys (Quake, Hunter, PublicWWW, HunterHow, Google, Onyphe, Driftnet) expand target discovery across 13 search engines -- shared keys (Shodan, Censys, FOFA, etc.) are automatically reused. Supports **key rotation** -- configure multiple keys per tool with automatic round-robin rotation to avoid rate limits.\n- **Tunneling** -- configure ngrok or chisel for reverse shell tunneling. Changes apply immediately without container restarts.\n\nAll settings are stored per-user in the database. See the **[AI Model Providers](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Model-Providers)** wiki page for detailed setup instructions.\n\n### 3. Open the Webapp\n\nGo to **http:\u002F\u002Flocalhost:3000** -- create a project, configure your target, and start scanning.\n\n> For a detailed walkthrough of every feature, check the **[Wiki](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)**.\n>\n> Having issues? See the **[Troubleshooting](readmes\u002FTROUBLESHOOTING.md)** guide or the **[Wiki Troubleshooting](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FTroubleshooting)** page.\n\n### Management Commands\n\nAll lifecycle management is handled by a single script:\n\n| Command | Description |\n|---------|-------------|\n| `.\u002Fredamon.sh install` | Build + start without GVM |\n| `.\u002Fredamon.sh install --gvm` | Build + start with GVM\u002FOpenVAS |\n| **`.\u002Fredamon.sh update`** | **Pull latest version, smart-rebuild only changed services** |\n| `.\u002Fredamon.sh up` | Start services (auto-detects GVM mode) |\n| `.\u002Fredamon.sh down` | Stop services (preserves data) |\n| `.\u002Fredamon.sh status` | Show running services, version, GVM mode |\n| `.\u002Fredamon.sh clean` | Remove containers + images, keep data |\n| `.\u002Fredamon.sh purge` | Remove everything including all data |\n\n\n### Updating to a New Version\n\nJust run:\n\n```bash\n.\u002Fredamon.sh update\n```\n\nThe script pulls the latest code from GitHub, detects which Dockerfiles and source files changed, rebuilds only the affected images, and restarts the updated services. Your databases, scan results, and reports are preserved -- volumes are never deleted.\n\nThe webapp also checks for updates automatically and shows a notification in the UI when a new version is available.\n\n### Development Mode\n\nFor contributors and active development with **Next.js fast refresh**:\n\n**Build tool images:**\n```bash\ndocker compose --profile tools build\n```\n\n**Start dev environment (without GVM):**\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.dev.yml up -d postgres neo4j recon-orchestrator kali-sandbox agent webapp\n```\n\n**Start dev environment (with GVM):**\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.dev.yml up -d\n```\n\nThe dev override swaps the production webapp image for a dev container with your source code volume-mounted. Every file save triggers instant hot-reload in the browser.\n\n#### When to Rebuild vs Restart\n\n| What changed | Action needed |\n|-------------|---------------|\n| `webapp\u002Fsrc\u002F` (frontend code) | Nothing -- Next.js hot-reload handles it in dev mode |\n| `agentic\u002F*.py` (agent Python code) | `docker compose restart agent` |\n| `recon_orchestrator\u002F*.py` | `docker compose restart recon-orchestrator` |\n| `mcp\u002Fservers\u002F*.py` (MCP servers) | `docker compose restart kali-sandbox` |\n| `agentic\u002FDockerfile` or `agentic\u002Frequirements.txt` | `docker compose build agent && docker compose up -d agent` |\n| `recon_orchestrator\u002FDockerfile` or its `requirements.txt` | `docker compose build recon-orchestrator && docker compose up -d recon-orchestrator` |\n| `mcp\u002Fkali-sandbox\u002FDockerfile` | `docker compose build kali-sandbox && docker compose up -d kali-sandbox` |\n| `webapp\u002FDockerfile` or `webapp\u002Fpackage.json` | `docker compose build webapp && docker compose up -d webapp` |\n| `recon\u002FDockerfile` | `docker compose --profile tools build recon` |\n| `gvm_scan\u002FDockerfile` | `docker compose --profile tools build vuln-scanner` |\n| `github_secret_hunt\u002FDockerfile` | `docker compose --profile tools build github-secret-hunter` |\n| `trufflehog_scan\u002FDockerfile` | `docker compose --profile tools build trufflehog-scanner` |\n| `docker-compose.yml` | `docker compose up -d` (re-creates affected containers) |\n| `prisma\u002Fschema.prisma` | `docker compose exec webapp npx prisma db push` |\n\n**Rebuild a single service:**\n```bash\ndocker compose build \u003Cservice> # Rebuild one image\ndocker compose up -d --no-deps \u003Cservice> # Restart only that service\n```\n\n**Common dev commands:**\n```bash\ndocker compose ps # Check service status\ndocker compose logs -f \u003Cservice> # Follow logs for a service\ndocker compose down # Stop all (preserves volumes)\ndocker compose --profile tools down --rmi local # Remove built images\ndocker compose --profile tools down --rmi local --volumes --remove-orphans # Full cleanup\n```\n\n> For a complete development reference -- hot-reload rules, common commands, important rules, and AI-assisted coding guidelines -- see the **[Developer Guide](readmes\u002FREADME.DEV.md)**.\n\n---\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"280\" align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRedAmon-HackLab\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_569cbb23daab.png\" alt=\"RedAmon HackLab\" width=\"260\"\u002F>\n \u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n \u003Ch3>Want to see RedAmon think like a real pentester?\u003C\u002Fh3>\n \u003Cp>Explore real-time live attack sessions -- every step, every pivot, every exploit -- across 15 vulnerability categories on a live target. Full session logs, decoded walkthroughs, and video recordings showing the agent autonomously compromising a multi-service server from scratch.\u003C\u002Fp>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRedAmon-HackLab\">\u003Cb>Explore the HackLab →\u003C\u002Fb>\u003C\u002Fa>\n   |  \n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRedAmon-HackLab#community-sessions\">\u003Cb>Submit your own session →\u003C\u002Fb>\u003C\u002Fa>\n \u003Cbr\u002F>\u003Csub>Got an amazing agent session on your own target? Share it with the community -- session log + YouTube video.\u003C\u002Fsub>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n---\n\n## Table of Contents\n\n- [Full Wiki Documentation](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)\n- [Overview](#overview)\n- [Feature Highlights](#feature-highlights)\n- [System Architecture](#system-architecture)\n- [Components](#components)\n- [Documentation](#documentation)\n- [Troubleshooting](#troubleshooting)\n- [Community Showcase](#community-showcase)\n- [Legal](#legal)\n\n---\n\n## Overview\n\nRedAmon is a modular, containerized penetration testing framework that chains automated reconnaissance, AI-driven exploitation, and graph-powered intelligence into a single, end-to-end offensive security pipeline. Every component runs inside Docker — no tools installed on your host — and communicates through well-defined APIs so each layer can evolve independently.\n\nThe platform is built around six pillars:\n\n| Pillar | What it does |\n|--------|-------------|\n| **Reconnaissance Pipeline** | A **parallelized fan-out \u002F fan-in** scanning pipeline that maps your target's entire attack surface — starting from a domain **or IP addresses \u002F CIDR ranges** — from subdomain discovery (5 concurrent tools) through port scanning, Nmap service detection and NSE vulnerability scripts, HTTP probing, resource enumeration, and vulnerability detection. Independent modules run concurrently via `ThreadPoolExecutor`, graph DB updates happen in a background thread, and results are stored as a rich, queryable graph. Complemented by standalone GVM network scanning, GitHub secret hunting, and TruffleHog deep secret scanning modules. |\n| **AI Agent Orchestrator** | A LangGraph-based autonomous agent that reasons about the graph, selects security tools via MCP, transitions through informational \u002F exploitation \u002F post-exploitation phases, and can be steered in real-time via chat. |\n| **Attack Surface Graph** | A Neo4j knowledge graph with 17 node types and 20+ relationship types that serves as the single source of truth for every finding — and the primary data source the AI agent queries before every decision. |\n| **EvoGraph** | A persistent, evolutionary attack chain graph in Neo4j that tracks every step, finding, decision, and failure across the attack lifecycle — bridging the recon graph and enabling cross-session intelligence accumulation. |\n| **CypherFix** | Automated vulnerability remediation pipeline — an AI triage agent correlates and prioritizes findings from the graph, then a CodeFix agent clones the target repository, implements fixes using a ReAct loop with 11 code tools, and opens a GitHub pull request. |\n| **Project Settings Engine** | 196+ per-project parameters — exposed through the webapp UI — that control every tool's behavior, from Naabu thread counts to Nuclei severity filters to agent approval gates. |\n\n---\n\n## Feature Highlights\n\n### Reconnaissance Pipeline\n\nA fully automated, **parallelized** scanning engine running inside a Kali Linux container. Given a root domain, subdomain list, or IP\u002FCIDR ranges, it maps the complete external attack surface using a **fan-out \u002F fan-in** pipeline architecture: subdomain discovery (crt.sh, HackerTarget, Subfinder, Amass, Knockpy — all 5 tools run concurrently), **puredns wildcard filtering** (validates subdomains against public DNS resolvers and removes wildcard\u002Fpoisoned entries), parallel DNS resolution (20 workers), Shodan + port scanning (Masscan \u002F Naabu — both run in parallel), passive threat intelligence enrichment (7 tools: Censys, FOFA, OTX, Netlas, VirusTotal, ZoomEye, CriminalIP — all run in parallel with port scanning) in parallel, Nmap service version detection and NSE vulnerability scripts on discovered ports, HTTP probing with technology fingerprinting (httpx + Wappalyzer), resource enumeration (Katana, Hakrawler, GAU, ParamSpider, Kiterunner — internally parallel, followed by jsluice JavaScript analysis, FFuf directory fuzzing with custom wordlist support, and Arjun hidden parameter discovery with multi-method parallel execution), and vulnerability scanning (Nuclei with 9,000+ templates + DAST fuzzing). Neo4j graph updates run in a dedicated background thread so the main pipeline is never blocked. Results are stored as JSON and imported into the Neo4j graph.\n\n> **[Wiki: Running Reconnaissance](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRunning-Reconnaissance)** | **[Technical: README.RECON.md](readmes\u002FREADME.RECON.md)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_09bbfbed8a2d.gif\" alt=\"RedAmon Reconnaissance Pipeline\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n#### Recon Pipeline Tool Matrix\n\n| Settings Tab | Phase | Tools | Type | Execution |\n|:-----:|-------|-------|:----:|-----------|\n| **Discovery & OSINT** | **Subdomain Discovery** | crt.sh, HackerTarget, Subfinder, Amass, Knockpy | Passive* | 5 tools parallel |\n| | **Wildcard Filtering** | Puredns | Active | Sequential |\n| | **WHOIS + URLScan** | python-whois, URLScan.io API | Passive | Parallel |\n| | **DNS Resolution** | dnspython | Passive | 20 parallel workers |\n| | **OSINT Enrichment** | Shodan \u002F InternetDB | Passive | Parallel with port scan |\n| | **Uncover Expansion** | ProjectDiscovery Uncover (13 engines: Shodan, Censys, FOFA, ZoomEye, Netlas, CriminalIP, Quake, Hunter, PublicWWW, HunterHow, Google, Onyphe, Driftnet) | Passive | Before port scan (GROUP 2b) |\n| | **Threat Intel Enrichment** | Censys, FOFA, OTX (AlienVault), Netlas, VirusTotal, ZoomEye, CriminalIP | Passive | 7 tools parallel (GROUP 3b) |\n| **Port Scanning** | **Port Scanning** | Masscan, Naabu | Active | Both parallel |\n| **Nmap Service Detection** | **Service Version Detection** | Nmap (-sV, --script vuln) | Active | Sequential per target |\n| **HTTP Probing** | **HTTP Probing** | httpx | Active | Internal parallel |\n| | **Tech Detection** | Wappalyzer | Passive | Sequential (post-probe) |\n| | **Banner Grabbing** | Custom (Python sockets: SSH, FTP, SMTP, MySQL, etc.) | Active | Parallel workers |\n| **Resource Enum** | **Web Crawling** | Katana, Hakrawler | Active | Parallel |\n| | **Archive Discovery** | GAU (Wayback, CommonCrawl, OTX) | Passive | Parallel with crawlers |\n| | **Parameter Mining** | ParamSpider (Wayback CDX) | Passive | Parallel with crawlers |\n| | **JS Analysis** | jsluice | Passive | Sequential (post-crawl) |\n| | **Directory Fuzzing** | FFuf | Active | Sequential (post-jsluice) |\n| | **Parameter Discovery** | Arjun | Active | Methods parallel (GET\u002FPOST\u002FJSON\u002FXML) |\n| | **API Discovery** | Kiterunner | Active | Sequential per wordlist |\n| **Vulnerability Scanning** | **Vulnerability Scanning** | Nuclei (9,000+ templates + DAST + custom template upload) | Active | Internal parallel |\n| **Security Checks** | **Security Checks** | WAF bypass, direct IP access, TLS expiry, missing headers, cache-control | Active | Parallel workers |\n| **CVE & MITRE** | **CVE Enrichment** | NVD API, Vulners API | Passive | Sequential |\n| | **MITRE Enrichment** | CWE \u002F CAPEC mapping | Passive | Sequential |\n\n\u003Csub>*Amass can run in active mode when configured. Knockpy performs active DNS probing.\u003C\u002Fsub>\n\n### GVM Vulnerability Scanner\n\n**GVM\u002FOpenVAS** performs deep network-level vulnerability assessment with 170,000+ NVTs — probing services at the protocol layer for misconfigurations, outdated software, default credentials, and known CVEs. Complements Nuclei's web-layer findings. Seven pre-configured scan profiles from quick host discovery (~2 min) to exhaustive deep scanning (~8 hours). Findings are stored as Vulnerability nodes in Neo4j alongside the recon graph.\n\n> **[Wiki: GVM Vulnerability Scanning](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FGVM-Vulnerability-Scanning)** | **[Technical: README.GVM.md](readmes\u002FREADME.GVM.md)**\n\n### AI Agent Orchestrator\n\nA **LangGraph-based autonomous agent** implementing the ReAct pattern. It progresses through three phases — **Informational** (intelligence gathering, graph queries, Shodan, Google dorking), **Exploitation** (Metasploit, Hydra credential testing, social engineering simulation), and **Post-Exploitation** (enumeration, lateral movement). The agent executes 14 security tools via MCP servers inside a Kali sandbox, supports parallel tool execution via **Wave Runner**, and provides real-time chat interaction with guidance, stop\u002Fresume, and approval workflows. **Deep Think** mode enables structured strategic analysis before acting.\n\n> **[Wiki: AI Agent Guide](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Agent-Guide)** | **[Technical: README.PENTEST_AGENT.md](readmes\u002FREADME.PENTEST_AGENT.md)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_98005cbf2e4d.gif\" alt=\"RedAmon Exploitation Demo\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n#### Agent Tool Arsenal\n\n| Category | Tool | Description | Phases | MCP Server |\n|:-----:|-------|-------------|:------:|:----------:|\n| **Intelligence** | **query_graph** | Neo4j graph queries -- primary source of truth for recon data | All | -- |\n| | **web_search** | Internet search via Tavily for CVE details, exploit PoCs, advisories | All | -- |\n| | **shodan** | Shodan OSINT -- host details, reverse DNS, device search | Info, Exploit | -- |\n| | **google_dork** | Google dorking via SerpAPI -- exposed files, admin panels, directory listings | Info | -- |\n| **Scanning** | **execute_naabu** | Fast port scanning and verification | Info, Exploit | network_recon :8000 |\n| | **execute_nmap** | Deep service detection (-sV), OS fingerprint, NSE scripts | All | nmap :8004 |\n| | **execute_nuclei** | CVE verification and exploitation with 9,000+ templates + custom uploads | Info, Exploit | nuclei :8002 |\n| **Web & HTTP** | **execute_curl** | HTTP requests -- reachability, headers, status codes, banners | All | network_recon :8000 |\n| | **execute_playwright** | Headless Chromium browser automation -- JS-rendered content extraction and interactive scripting for SPAs, form testing, XSS verification | All | playwright :8005 |\n| **Exploitation** | **metasploit_console** | Persistent msfconsole -- exploit execution, session management, post-exploitation | Exploit, Post | metasploit :8003 |\n| | **msf_restart** | Full Metasploit reset -- kills all sessions, clears module state | Exploit, Post | metasploit :8003 |\n| | **execute_hydra** | THC Hydra brute force -- 50+ protocols (SSH, FTP, RDP, SMB, HTTP, MySQL, etc.) | Exploit, Post | network_recon :8000 |\n| **Code Execution** | **kali_shell** | Full Kali Linux shell -- netcat, sqlmap, smbclient, msfvenom, searchsploit, and 30+ CLI tools | All | network_recon :8000 |\n| | **execute_code** | Write and run code files (Python, bash, Ruby, Perl, C, C++) -- no shell escaping | Exploit, Post | network_recon :8000 |\n\n\u003Csub>All MCP tools run inside a Kali Linux sandbox container. Tools marked as dangerous require manual confirmation before execution. Stealth mode restricts active tools to passive-only or single-target operations.\u003C\u002Fsub>\n\n### AI Model Providers\n\nSupports **5 providers** and **400+ models**: OpenAI (GPT-5.2, GPT-5, GPT-4.1), Anthropic (Claude Opus 4.6, Sonnet 4.5), OpenRouter (300+ models), AWS Bedrock, and any **OpenAI-compatible endpoint** (Ollama, vLLM, LM Studio, Groq, etc.). Models are dynamically fetched — no hardcoded lists.\n\n> **[Wiki: AI Model Providers](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Model-Providers)**\n\n### Attack Surface Graph\n\nA **Neo4j knowledge graph** with 17 node types and 20+ relationship types — the single source of truth for the target's attack surface. The agent queries it before every decision via natural language → Cypher translation.\n\n> **[Wiki: Attack Surface Graph](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAttack-Surface-Graph)** | **[Technical: GRAPH.SCHEMA.md](readmes\u002FGRAPH.SCHEMA.md)**\n\n### EvoGraph — Attack Chain Evolution\n\nA persistent, evolutionary graph tracking everything the AI agent does — tool executions, discoveries, failures, and strategic decisions. Structured chain context replaces flat execution traces, improving agent efficiency by 25%+. Cross-session memory means the agent never starts from zero.\n\n> **[Wiki: EvoGraph](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FEvoGraph-Attack-Chain-Evolution)** | **[Technical: README.PENTEST_AGENT.md](readmes\u002FREADME.PENTEST_AGENT.md#evograph--evolutive-attack-chain-graph)**\n\n### Multi-Session Parallel Attack Chains\n\nLaunch **multiple concurrent agent sessions** against the same project. Each session creates its own AttackChain in EvoGraph. New sessions automatically load findings and failure lessons from all prior sessions, avoiding redundant work.\n\n> **[Wiki: AI Agent Guide](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Agent-Guide)**\n\n### Reverse Shells\n\nUnified view of active sessions — meterpreter, reverse\u002Fbind shells, and listeners. Built-in terminal with a **Command Whisperer** that translates plain English into shell commands.\n\n> **[Wiki: Reverse Shells](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FReverse-Shells)**\n\n### RedAmon Terminal\n\nFull interactive **PTY shell access** to the Kali sandbox container directly from the graph page via **xterm.js**. Access all pre-installed pentesting tools (Metasploit, Nmap, Nuclei, Hydra, sqlmap) without leaving the browser. Features dark terminal theme, connection status indicator, auto-reconnect with exponential backoff, fullscreen mode, and browser-side keepalive.\n\n> **[Wiki: The Graph Dashboard](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FThe-Graph-Dashboard#redamon-terminal)**\n\n### CypherFix — Automated Vulnerability Remediation\n\nTwo-agent pipeline: a **Triage Agent** runs 9 hardcoded Cypher queries then uses an LLM to correlate, deduplicate, and prioritize findings. A **CodeFix Agent** clones the target repo, explores the codebase with 11 tools, implements fixes, and opens a GitHub PR — replicating Claude Code's agentic design.\n\n> **[Wiki: CypherFix](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FCypherFix-Automated-Remediation)** | **[Technical: README.CYPHERFIX_AGENTS.md](readmes\u002FREADME.CYPHERFIX_AGENTS.md)**\n\n### Agent Skills\n\nAn **LLM-powered Intent Router** classifies user requests into agent skills: CVE (MSF), SQL Injection, Credential Testing, Social Engineering, Availability Testing, or custom user-defined skills uploaded as Markdown files. Ready-to-use **[community skills](agentic\u002Fcommunity-skills\u002F)** are available for API testing, XSS, SQLi, and SSRF -- download the `.md` file and upload it via **Global Settings > Agent Skills** to activate it for your user. You can also [contribute your own](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAgent-Skills#share-your-skills-with-the-community) by opening a PR.\n\n> **[Wiki: Agent Skills](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAgent-Skills)** | **[Community Skills](agentic\u002Fcommunity-skills\u002F)**\n\n### GitHub Secret Hunter\n\nScans GitHub repositories, gists, and commit history for exposed secrets using **40+ regex patterns** and Shannon entropy analysis.\n\n> **[Wiki: GitHub Secret Hunting](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FGitHub-Secret-Hunting)**\n\n### TruffleHog Deep Secret Scanner\n\nScans GitHub repositories for leaked credentials using **700+ detectors** with automatic verification of whether discovered secrets are still active. Powered by the TruffleHog engine (`trufflesecurity\u002Ftrufflehog`), it detects API keys, passwords, tokens, certificates, and more across full commit history. Results are stored as `TrufflehogScan → TrufflehogRepository → TrufflehogFinding` nodes in the Neo4j graph. Both GitHub Hunt and TruffleHog are accessible from the **\"Other Scans\" modal** in the graph toolbar.\n\n### Project Settings\n\n**196+ configurable parameters** across 14 tabs controlling every tool's behavior — from scan modules to agent approval gates. Managed through the webapp UI.\n\n> **[Wiki: Project Settings Reference](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FProject-Settings-Reference)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_85e8d4228c01.gif\" alt=\"RedAmon Project Settings\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n### Rules of Engagement (RoE)\n\nUpload a RoE document (PDF, TXT, MD, DOCX) to auto-configure project settings and enforce engagement constraints. Enforcement at both the recon pipeline (excluded hosts, rate limits, time windows) and AI agent (prompt injection, severity phase cap, tool restrictions) layers.\n\n> **[Wiki: Rules of Engagement](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRules-of-Engagement)**\n\n### Insights Dashboard\n\n30+ interactive charts across 4 sections — attack chains & exploits, attack surface, vulnerabilities & CVE intelligence, and graph overview. All data pulled live from Neo4j and PostgreSQL.\n\n> **[Wiki: Insights Dashboard](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FInsights-Dashboard)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_5cc1db4d110e.gif\" alt=\"RedAmon Insights Dashboard\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n### Target Guardrail\n\nLLM-based guardrail preventing targeting of unauthorized domains — blocks government sites, major tech companies, financial institutions, and social media platforms. Operates at both project creation and agent initialization. Government, military, educational, and international organization domains (`.gov`, `.mil`, `.edu`, `.int`) are permanently blocked by a deterministic hard guardrail that cannot be disabled.\n\n> **[Wiki: Creating a Project](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FCreating-a-Project)**\n\n### Tool Confirmation\n\nPer-tool human-in-the-loop gate for dangerous operations. When enabled, the agent pauses before executing high-impact tools (Nmap, Nuclei, Metasploit, Hydra, Kali shell, code execution) and presents an inline **Allow \u002F Deny** prompt in the chat timeline. Supports both single-tool and parallel-wave (plan) confirmation modes. Users can approve, reject, or modify tool arguments before execution proceeds. Disabled via the `Require Tool Confirmation` toggle in Project Settings.\n\n> **[Wiki: Pentest Agent — Tool Confirmation](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FPentest-Agent#tool-confirmation-gate)**\n\n### Pentest Reports\n\nProfessional, client-ready HTML reports with 11 sections. When an AI model is configured, 6 sections receive **LLM-generated narratives** including executive summary, risk analysis, and prioritized remediation triage. **[View example report](https:\u002F\u002Fhtmlpreview.github.io\u002F?https:\u002F\u002Fraw.githubusercontent.com\u002Fwiki\u002Fsamugit83\u002Fredamon\u002Fdocs\u002FPentest%20Report%20%E2%80%94%20devergolabs.com.html)**.\n\n> **[Wiki: Pentest Reports](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FPentest-Reports)**\n\n### Data Export & Import\n\nFull project backup and restore through the web interface — settings, conversations, graph data, recon\u002FGVM\u002FGitHub hunt results as a portable ZIP archive.\n\n> **[Wiki: Data Export & Import](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FData-Export-and-Import)**\n\n---\n\n## System Architecture\n\n```mermaid\nflowchart TB\n subgraph User[\"👤 User Layer\"]\n Browser[Web Browser]\n CLI[Terminal\u002FCLI]\n end\n\n subgraph Frontend[\"🖥️ Frontend Layer\"]\n Webapp[Next.js Webapp\u003Cbr\u002F>:3000]\n end\n\n subgraph Backend[\"⚙️ Backend Layer\"]\n Agent[AI Agent Orchestrator\u003Cbr\u002F>FastAPI + LangGraph\u003Cbr\u002F>:8090]\n ReconOrch[Recon Orchestrator\u003Cbr\u002F>FastAPI + Docker SDK\u003Cbr\u002F>:8010]\n end\n\n subgraph Tools[\"🔧 MCP Tools Layer\"]\n NetworkRecon[Network Recon Server\u003Cbr\u002F>Curl + Naabu\u003Cbr\u002F>:8000]\n Nuclei[Nuclei Server\u003Cbr\u002F>:8002]\n Metasploit[Metasploit Server\u003Cbr\u002F>:8003]\n Nmap[Nmap Server\u003Cbr\u002F>:8004]\n end\n\n subgraph Scanning[\"🔍 Scanning Layer\"]\n Recon[Recon Pipeline\u003Cbr\u002F>Docker Container]\n GVM[GVM\u002FOpenVAS Scanner\u003Cbr\u002F>Network Vuln Assessment]\n GHHunt[GitHub Secret Hunter\u003Cbr\u002F>Credential Scanning]\n TruffleHog[TruffleHog Scanner\u003Cbr\u002F>700+ Secret Detectors]\n end\n\n subgraph Data[\"💾 Data Layer\"]\n Neo4j[(Neo4j Graph DB\u003Cbr\u002F>:7474\u002F:7687)]\n Postgres[(PostgreSQL\u003Cbr\u002F>Project Settings\u003Cbr\u002F>:5432)]\n end\n\n subgraph LLMProviders[\"🧠 LLM Providers\"]\n OpenAI[OpenAI]\n Anthropic[Anthropic]\n LocalLLM[Local Models\u003Cbr\u002F>Ollama · vLLM · LM Studio]\n OpenRouter[OpenRouter\u003Cbr\u002F>300+ Models]\n Bedrock[AWS Bedrock]\n end\n\n subgraph External[\"🌐 External APIs\"]\n GitHubAPI[GitHub API\u003Cbr\u002F>Repos & Code Search]\n end\n\n subgraph Targets[\"🎯 Target Layer\"]\n Target[Target Systems]\n GuineaPigs[Guinea Pigs\u003Cbr\u002F>Test VMs]\n end\n\n Browser --> Webapp\n CLI --> Recon\n Webapp \u003C-->|WebSocket| Agent\n Webapp -->|REST + SSE| ReconOrch\n Webapp --> Neo4j\n Webapp --> Postgres\n ReconOrch -->|Docker SDK| Recon\n ReconOrch -->|Docker SDK| GVM\n ReconOrch -->|Docker SDK| GHHunt\n ReconOrch -->|Docker SDK| TruffleHog\n Recon -->|Fetch Settings| Webapp\n GHHunt -->|GitHub API| GitHubAPI\n TruffleHog -->|GitHub API| GitHubAPI\n TruffleHog --> Neo4j\n Agent -->|API| OpenAI\n Agent -->|API| Anthropic\n Agent -->|API| LocalLLM\n Agent -->|API| OpenRouter\n Agent -->|API| Bedrock\n Agent --> Neo4j\n Agent -->|MCP Protocol| NetworkRecon\n Agent -->|MCP Protocol| Nuclei\n Agent -->|MCP Protocol| Metasploit\n Agent -->|MCP Protocol| Nmap\n Recon --> Neo4j\n GVM -->|Reads Recon Output| Recon\n GVM --> Neo4j\n GVM --> Target\n GVM --> GuineaPigs\n NetworkRecon --> Target\n Nuclei --> Target\n Metasploit --> Target\n Nmap --> Target\n NetworkRecon --> GuineaPigs\n Nuclei --> GuineaPigs\n Metasploit --> GuineaPigs\n Nmap --> GuineaPigs\n```\n\n> **Full architecture diagrams** (data flow, Docker containers, recon pipeline, agent workflow, MCP integration): **[ARCHITECTURE.md](readmes\u002FARCHITECTURE.md)**\n>\n> **Technology stack** (70+ technologies across frontend, backend, AI, databases, security tools): **[TECH_STACK.md](readmes\u002FTECH_STACK.md)**\n\n---\n\n## Components\n\n| Component | Description | Documentation |\n|-----------|-------------|---------------|\n| **Reconnaissance Pipeline** | Parallelized fan-out\u002Ffan-in OSINT and vulnerability scanning pipeline | [README.RECON.md](readmes\u002FREADME.RECON.md) |\n| **Recon Orchestrator** | Container lifecycle management via Docker SDK | [README.RECON_ORCHESTRATOR.md](readmes\u002FREADME.RECON_ORCHESTRATOR.md) |\n| **Graph Database** | Neo4j attack surface mapping with multi-tenant support | [README.GRAPH_DB.md](readmes\u002FREADME.GRAPH_DB.md) · [GRAPH.SCHEMA.md](readmes\u002FGRAPH.SCHEMA.md) |\n| **MCP Tool Servers** | Security tools via Model Context Protocol (Kali sandbox) | [README.MCP.md](readmes\u002FREADME.MCP.md) |\n| **AI Agent Orchestrator** | LangGraph-based autonomous agent with ReAct pattern | [README.PENTEST_AGENT.md](readmes\u002FREADME.PENTEST_AGENT.md) |\n| **CypherFix Agents** | Automated triage + code fix + GitHub PR | [README.CYPHERFIX_AGENTS.md](readmes\u002FREADME.CYPHERFIX_AGENTS.md) |\n| **Web Application** | Next.js dashboard for visualization and AI interaction | [README.WEBAPP.md](readmes\u002FREADME.WEBAPP.md) |\n| **GVM Scanner** | Greenbone\u002FOpenVAS network vulnerability scanner (170K+ NVTs) | [README.GVM.md](readmes\u002FREADME.GVM.md) |\n| **TruffleHog Scanner** | Deep secret scanning with 700+ detectors and credential verification | — |\n| **PostgreSQL Database** | Project settings, user accounts, configuration data | [README.POSTGRES.md](readmes\u002FREADME.POSTGRES.md) |\n| **Test Environments** | Intentionally vulnerable Docker containers for safe testing | [README.GPIGS.md](readmes\u002FREADME.GPIGS.md) |\n\n---\n\n## Documentation\n\n| Resource | Link |\n|----------|------|\n| **Full Wiki** (user guide) | **[github.com\u002Fsamugit83\u002Fredamon\u002Fwiki](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)** |\n| AI-Assisted Development | **[Wiki: Ship Perfect PRs with AI](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Assisted-Development)** |\n| Developer Guide | [readmes\u002FREADME.DEV.md](readmes\u002FREADME.DEV.md) |\n| Architecture Diagrams | [readmes\u002FARCHITECTURE.md](readmes\u002FARCHITECTURE.md) |\n| Technology Stack | [readmes\u002FTECH_STACK.md](readmes\u002FTECH_STACK.md) |\n| Troubleshooting | [readmes\u002FTROUBLESHOOTING.md](readmes\u002FTROUBLESHOOTING.md) |\n| Changelog | [CHANGELOG.md](CHANGELOG.md) |\n| Full Disclaimer | [DISCLAIMER.md](DISCLAIMER.md) |\n| Third-Party Licenses | [THIRD-PARTY-LICENSES.md](THIRD-PARTY-LICENSES.md) |\n| License | [LICENSE](LICENSE) |\n\n---\n\n## Troubleshooting\n\nRedAmon is fully Dockerized and runs on any OS with Docker Compose v2+. For OS-specific fixes (Linux, Windows, macOS), see **[Troubleshooting Guide](readmes\u002FTROUBLESHOOTING.md)** or the **[Wiki](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FTroubleshooting)**.\n\n---\n\n## Community Showcase\n\nVideos, writeups, and real-world experiences from security professionals using RedAmon in the field. Want to be featured? See the [Content Creator](CONTRIBUTING.md#content-creator) track in CONTRIBUTING.md.\n\n### Videos\n\n| Title | Link |\n|-------|------|\n| RedAmon v2.2.0 — Social Engineering Test: Payload Delivery to Shell Access | [Watch](https:\u002F\u002Fyoutu.be\u002FkVjV9K_eks4) |\n| AI Agent CVE Validation — Beyond Standard Tooling | [Watch](https:\u002F\u002Fyoutu.be\u002FrypmP1SJon8) |\n| RedAmon 2.0 — From 0 to 1000 GitHub Stars in 10 Days: Multi-Agent Parallel Attacks | [Watch](https:\u002F\u002Fyoutu.be\u002FafViJUit0xE) |\n| Build an Autonomous AI Red Team Agent from Scratch — LangGraph + Metasploit + Neo4j Full Tutorial | [Watch](https:\u002F\u002Fyoutu.be\u002FmO5CCkYlY94) |\n\n### Real-World Case Studies\n\n| Who | What | Link |\n|-----|------|------|\n| Nipun Dinudaya | Deployed RedAmon on a company website — identified a critical SQL injection vulnerability that could have caused significant data exposure | [Read on LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fposts\u002Fnipun-dinudaya-6159b32bb_redamon-cybersecurity-penetrationtesting-ugcPost-7431233870253166592-aLvb) |\n| Venkata Bhargav CH S | Used RedAmon during an internship at Ascent e-Digit Solutions — hands-on reconnaissance, DNS analysis, and attack surface mapping | [Read on LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fposts\u002Fvenkata-bhargav-cybersecurity_cybersecurity-ethicalhacking-redteam-share-7434940660803182592-e9En) |\n\n### Community Guides\n\n| Who | What | Link |\n|-----|------|------|\n| MrGood | Mastering Redamon: A Comprehensive Guide to Installation on Kali Linux — addressing Kali-specific Docker challenges and security posture | [Read on Medium](https:\u002F\u002Fcyberaccoon.medium.com\u002Fmastering-redamon-a-comprehensive-guide-to-installation-on-kali-linux-ea544e6f5b9f) |\n| Bogdan Caraman | How to Install RedAmon on Debian 13 (Trixie) with OpenRouter — step-by-step guide with Docker setup, static IP, and systemd automation | [Read on Blog](https:\u002F\u002Fblog.bogdancaraman.com\u002Finstall-redamon-debian-13-openrouter\u002F) |\n\n---\n\n## Contributing\n\nContributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to get started, code style conventions, and the pull request process.\n\n---\n\n## Maintainers\n\n**Samuele Giampieri** — creator, maintainer & AI platform architect · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fsamuele-giampieri-b1b67597\u002F) · [GitHub](https:\u002F\u002Fgithub.com\u002Fsamugit83) · [Devergo Labs](https:\u002F\u002Fwww.devergolabs.com\u002F)\n\n**Ritesh Gohil** — maintainer & lead security researcher · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Friteshgohil25\u002F) · [GitHub](https:\u002F\u002Fgithub.com\u002FL4stPL4Y3R)\n\n---\n\n## Contact\n\nFor questions, feedback, or collaboration inquiries: **devergo.sam@gmail.com**\n\n---\n\n## Legal\n\nThis project is released under the [MIT License](LICENSE).\n\nRedAmon integrates several third-party tools under their own licenses (AGPL-3.0, GPL, BSD, and others). Source code for all AGPL-licensed components is available at their upstream repositories. See [THIRD-PARTY-LICENSES.md](THIRD-PARTY-LICENSES.md) for the complete list.\n\nSee [DISCLAIMER.md](DISCLAIMER.md) for full terms of use, acceptable use policy, and legal compliance requirements.\n\n---\n\n\u003Cp align=\"center\">\n \u003Cstrong>Use responsibly. Test ethically. Defend better.\u003C\u002Fstrong>\n\u003C\u002Fp>\n","\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_78416e945667.png\" alt=\"RedAmon Logo\" width=\"120\"\u002F>\n \u003Cbr\u002F>\n \u003Cimg src=\"assets\u002Ftitle.svg\" alt=\"RedAmon\" width=\"340\"\u002F>\n \u003Cbr\u002F>\n \u003Cb>\u003Ci>\u003Cbig>\u003Cbig>在世界发现之前,揭开隐藏的真相\u003C\u002Fbig>\u003C\u002Fbig>\u003C\u002Fi>\u003C\u002Fb>\n\u003C\u002Fp>\n\u003Cp align=\"center\" style=\"font-size: 120%;\">\n 一个自主AI框架,将侦察、利用和后利用阶段串联成一条完整流水线,更进一步地对每项发现进行分类,实施代码修复,并在你的仓库中发起拉取请求。从首个数据包到补丁合并,每个关键步骤都由人工监督。\n\u003C\u002Fp>\n\n\u003Cbr\u002F>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fstargazers\">\u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsamugit83\u002Fredamon?style=flat&color=2E8B57&label=Stars\" alt=\"GitHub Stars\"\u002F>\u003C\u002Fa>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fv3.2.0-release-2E8B57?style=flat\" alt=\"Version 3.2.0\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWARNING-SECURITY%20TOOL-B22222?style=flat\" alt=\"Security Tool Warning\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLICENSE-MIT-4169A1?style=flat\" alt=\"MIT License\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FEND--TO--END-PIPELINE-A01025?style=flat\" alt=\"End-to-End Pipeline\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI-AUTONOMOUS%20AGENT-6A5ACD?style=flat&logo=openai&logoColor=white\" alt=\"AI Powered\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCONFIGURABLE-AUTONOMY-CC7722?style=flat\" alt=\"Configurable Autonomy\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FKali-Powered-466A7A?style=flat&logo=kalilinux&logoColor=white\" alt=\"Kali Powered\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocker-Compose-1A7EC2?style=flat&logo=docker&logoColor=white\" alt=\"Docker\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FIP%2FCIDR-TARGETING-0D7377?style=flat\" alt=\"IP\u002FCIDR Targeting\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F38+-SECURITY%20TOOLS-CC8F00?style=flat&logo=hack-the-box&logoColor=white\" alt=\"38+ Security Tools\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F185,000+-DETECTION%20RULES-8B1142?style=flat\" alt=\"185,000+ Detection Rules\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F196+-PROJECT%20SETTINGS-00899B?style=flat\" alt=\"196+ Settings\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F400+-AI%20MODELS-04A878?style=flat&logo=huggingface&logoColor=white\" alt=\"400+ AI Models\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F%F0%9F%96%A5%EF%B8%8F_LOCAL%20MODELS-OLLAMA%20%7C%20vLLM%20%7C%20LM%20Studio-B85C00?style=flat\" alt=\"Local Models Support\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMetasploit-Framework-1A6DAA?style=flat\" alt=\"Metasploit Framework\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOpenVAS-Scanner-66B245?style=flat\" alt=\"OpenVAS Scanner\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNmap-Scanner-4682B4?style=flat\" alt=\"Nmap Scanner\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNuclei-Scanner-7B42BC?style=flat\" alt=\"Nuclei Scanner\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSQLMap-Injection-C0392B?style=flat\" alt=\"SQLMap\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHydra-Credential%20Testing-E67E22?style=flat\" alt=\"Hydra Credential Testing\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCypherFix-Auto%20Remediation-00B894?style=flat\" alt=\"CypherFix Auto Remediation\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI-PENTEST%20REPORTS-8B5CF6?style=flat\" alt=\"AI Pentest Reports\"\u002F>\n \u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FRoE-Guardrails-3B82F6?style=flat\" alt=\"RoE Guardrails\"\u002F>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\">\u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F📖_WIKI-FULL%20DOCUMENTATION-1A73E8?style=flat\" alt=\"Wiki Documentation\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n> **法律声明**:本工具仅用于**授权的安全测试**、**教育目的**和**研究用途**。切勿使用本系统扫描、探测或攻击任何您不拥有或未获得明确书面许可的系统。未经授权的访问是**非法行为**,将依法受到惩处。使用本工具即表示您接受对自身行为承担**全部责任**。**[阅读完整声明](DISCLAIMER.md)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_9120670e7ca6.gif\" alt=\"RedAmon Agent Demo\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FafViJUit0xE\">\u003Cimg height=\"24\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F▶_WATCH_DEMO-3_Parallel_Agents-FF0000?style=flat&logo=youtube&logoColor=white\" alt=\"Watch Demo\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Cem>三个AI代理并行测试——一个通过Hydra验证凭证策略,一个通过提权验证CVE利用路径,一个映射前端的XSS漏洞。\u003C\u002Fem>\n\u003C\u002Fp>\n\n\u003Cbr\u002F>\n\n\u003Ch1 align=\"center\">\u003Cspan style=\"color:#D48A8A\">进攻\u003C\u002Fspan>与\u003Cspan style=\"color:#8AAED4\">防御\u003C\u002Fspan>相遇——一条流水线,全面可见。\u003C\u002Fh1>\n\u003Cp align=\"center\">\n\u003Cb>\u003Csamp>\u003Cbig>侦察 ➜ 利用 ➜ 后利用 ➜ AI分类 ➜ 代码修复代理 ➜ GitHub PR\u003C\u002Fbig>\u003C\u002Fsamp>\u003C\u002Fb>\n\u003Cbr\u002F>\u003Cbr\u002F>\nRedAmon不仅发现漏洞,还会修复它们。这条流水线始于一个六阶段的侦察引擎,全面映射目标的整个攻击面,然后将控制权交给一个自主AI代理,它验证CVE可利用性,测试凭证策略,并映射横向移动路径。每项发现都会记录在Neo4j知识图谱中。当进攻阶段完成后,CypherFix接管:一个AI分类代理会关联数百项发现,去重并按可利用性排序。随后,一个代码修复代理会克隆你的仓库,用11个懂代码的工具导航代码库,实施针对性修复,并在GitHub上发起拉取请求,等待审核和合并。\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_a49d255041e7.gif\" alt=\"CypherFix demo\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n---\n\n## 路线图与社区贡献\n\n我们维护着一个公开的**[项目板](https:\u002F\u002Fgithub.com\u002Fusers\u002Fsamugit83\u002Fprojects\u002F1)**,未来功能向社区开放,欢迎大家一起贡献!挑选一项任务,提交PR吧!\n\n\n> **想参与贡献?** 请查看[CONTRIBUTING.md](CONTRIBUTING.md)了解如何开始。\n\n### 维护者\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd align=\"center\" valign=\"top\" width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_2ac057f20a35.png\" alt=\"Samuele Giampieri\" width=\"120\"\u002F>\u003Cbr\u002F>\n\u003Cb>Samuele Giampieri\u003C\u002Fb> — 创建者、维护者及人工智能平台架构师\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Csmall>拥有超过15年自由职业经验的人工智能平台架构师与全栈负责人,已交付30多个项目至生产环境,包括企业级AI代理系统。AWS认证(DevOps工程师、ML专项)及IBM认证AI工程师。设计端到端的机器学习解决方案,涵盖深度学习、自然语言处理、计算机视觉和基于LangChain\u002FLangGraph的人工智能代理系统。\u003C\u002Fsmall>\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fsamuele-giampieri-b1b67597\u002F\">领英\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\">GitHub\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fwww.devergolabs.com\u002F\">Devergo Labs\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd align=\"center\" valign=\"top\" width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_9ac565a90775.png\" alt=\"Ritesh Gohil\" width=\"120\"\u002F>\u003Cbr\u002F>\n\u003Cb>Ritesh Gohil\u003C\u002Fb> — 维护者及首席安全研究员\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Csmall>Workday网络安全工程师,拥有7年以上Web、API、移动、网络和云渗透测试经验。在MITRE发表11个CVE,获得谷歌(4次)和苹果(6次)的安全认可。保护了200多个Web和移动应用,为Exploit Database、Google Hacking Database以及AWS社区做出贡献。持有AWS安全专项认证、eWPTXv2、eCPPTv2、CRTP和CEH认证,擅长红队攻击、云安全、CVE研究和安全架构评审。\u003C\u002Fsmall>\u003Cbr\u002F>\u003Cbr\u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Friteshgohil25\u002F\">领英\u003C\u002Fa> · \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FL4stPL4Y3R\">GitHub\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n---\n\n## 快速入门\n\n### 先决条件\n\n- [Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F) 和 Docker Compose v2+\n\n仅此而已。您的主机无需安装Node.js、Python或任何安全工具。\n\n#### 最低系统要求\n\n| 资源 | 不含OpenVAS | 含OpenVAS(完整堆栈) |\n|----------|----------------|--------------------------|\n| **CPU** | 2核 | 4核 |\n| **RAM** | 4 GB | 8 GB(推荐16 GB) |\n| **磁盘** | 20 GB可用 | 50 GB可用 |\n\n> **不含OpenVAS**运行6个容器:webapp、postgres、neo4j、agent、kali-sandbox、recon-orchestrator。\n> **含OpenVAS**额外增加4个运行时容器(gvmd、ospd-openvas、gvm-postgres、gvm-redis),以及约8个一次性数据初始化容器,用于漏洞库(包含超过17万条NVT)。首次启动需约30分钟完成GVM库同步。\n> 动态侦察和扫描容器按需生成,运行时需要额外资源。\n\n### 1. 克隆与安装\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon.git\ncd redamon\n\n# 不含GVM(更轻量、启动更快):\n.\u002Fredamon.sh install\n\n# 含GVM \u002F OpenVAS(完整堆栈,首次运行约30分钟):\n.\u002Fredamon.sh install --gvm\n```\n\n该脚本会构建所有镜像并启动服务。完成后,打开**http:\u002F\u002Flocalhost:3000**。\n\n### 2. 配置\n\n打开**http:\u002F\u002Flocalhost:3000\u002Fsettings**(页眉中的齿轮图标)进行配置。无需`.env`文件。\n\n- **大模型提供商** — 添加OpenAI、Anthropic、OpenRouter、AWS Bedrock或任何兼容OpenAI的端点(Ollama、vLLM、Groq等)的API密钥。每个提供商可在保存前进行测试。项目设置中的模型选择器会**动态获取**所配置提供商的可用模型。\n- **API密钥** — Tavily、Shodan、SerpAPI、NVD、Vulners、URLScan以及威胁情报密钥(Censys、FOFA、OTX、Netlas、VirusTotal、ZoomEye、CriminalIP),以启用扩展代理功能(网页搜索、OSINT、CVE查询、被动威胁情报)。**多引擎搜索密钥**(Quake、Hunter、PublicWWW、HunterHow、Google、Onyphe、Driftnet)可跨13个搜索引擎扩展目标发现——共享密钥(Shodan、Censys、FOFA等)会自动复用。支持**密钥轮换**—为每个工具配置多个密钥,并自动轮转避免速率限制。\n- **隧道** — 配置ngrok或chisel实现反向Shell隧道。更改立即生效,无需重启容器。\n\n所有设置均存储于数据库中,按用户分隔。详细设置说明请参阅**[AI模型提供商](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Model-Providers)**维基页面。\n\n### 3. 打开Web应用\n\n前往**http:\u002F\u002Flocalhost:3000** — 创建项目、配置目标并开始扫描。\n\n> 如需详细了解各项功能,请查看**[维基](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)**。\n>\n> 遇到问题?请参阅**[故障排除](readmes\u002FTROUBLESHOOTING.md)**指南或**[维基故障排除](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FTroubleshooting)**页面。\n\n### 管理命令\n\n所有生命周期管理均由单个脚本处理:\n\n| 命令 | 描述 |\n|---------|-------------|\n| `.\u002Fredamon.sh install` | 构建+启动,不含GVM |\n| `.\u002Fredamon.sh install --gvm` | 构建+启动,含GVM\u002FOpenVAS |\n| **`.\u002Fredamon.sh update`** | **拉取最新版本,仅智能重建变更的服务** |\n| `.\u002Fredamon.sh up` | 启动服务(自动检测GVM模式) |\n| `.\u002Fredamon.sh down` | 停止服务(保留数据) |\n| `.\u002Fredamon.sh status` | 显示运行中的服务、版本、GVM模式 |\n| `.\u002Fredamon.sh clean` | 删除容器+镜像,保留数据 |\n| `.\u002Fredamon.sh purge` | 删除所有内容,包括全部数据 |\n\n\n### 更新到新版本\n\n只需运行:\n\n```bash\n.\u002Fredamon.sh update\n```\n\n该脚本会从GitHub拉取最新代码,检测哪些Dockerfile和源文件发生了变化,仅重新构建受影响的镜像,并重启更新后的服务。您的数据库、扫描结果和报告都会保留——卷不会被删除。\n\nWeb应用还会自动检查更新,并在有新版本时在界面上显示通知。\n\n### 开发模式\n\n针对贡献者和使用 **Next.js 快速刷新** 进行活跃开发:\n\n**构建工具镜像:**\n```bash\ndocker compose --profile tools build\n```\n\n**启动开发环境(不使用 GVM):**\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.dev.yml up -d postgres neo4j recon-orchestrator kali-sandbox agent webapp\n```\n\n**启动开发环境(使用 GVM):**\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.dev.yml up -d\n```\n\n开发覆盖会将生产环境的 webapp 镜像替换为一个挂载了源代码卷的开发容器。每次保存文件都会触发浏览器中的即时热重载。\n\n#### 何时需要重建 vs 重启\n\n| 更改内容 | 需要采取的行动 |\n|-------------|---------------|\n| `webapp\u002Fsrc\u002F`(前端代码) | 无需操作——Next.js 在开发模式下会自动处理热重载 |\n| `agentic\u002F*.py`(代理 Python 代码) | `docker compose restart agent` |\n| `recon_orchestrator\u002F*.py` | `docker compose restart recon-orchestrator` |\n| `mcp\u002Fservers\u002F*.py`(MCP 服务器) | `docker compose restart kali-sandbox` |\n| `agentic\u002FDockerfile` 或 `agentic\u002Frequirements.txt` | `docker compose build agent && docker compose up -d agent` |\n| `recon_orchestrator\u002FDockerfile` 或其 `requirements.txt` | `docker compose build recon-orchestrator && docker compose up -d recon-orchestrator` |\n| `mcp\u002Fkali-sandbox\u002FDockerfile` | `docker compose build kali-sandbox && docker compose up -d kali-sandbox` |\n| `webapp\u002FDockerfile` 或 `webapp\u002Fpackage.json` | `docker compose build webapp && docker compose up -d webapp` |\n| `recon\u002FDockerfile` | `docker compose --profile tools build recon` |\n| `gvm_scan\u002FDockerfile` | `docker compose --profile tools build vuln-scanner` |\n| `github_secret_hunt\u002FDockerfile` | `docker compose --profile tools build github-secret-hunter` |\n| `trufflehog_scan\u002FDockerfile` | `docker compose --profile tools build trufflehog-scanner` |\n| `docker-compose.yml` | `docker compose up -d`(重新创建受影响的容器) |\n| `prisma\u002Fschema.prisma` | `docker compose exec webapp npx prisma db push` |\n\n**重建单个服务:**\n```bash\ndocker compose build \u003Cservice> # 重建一个镜像\ndocker compose up -d --no-deps \u003Cservice> # 只重启该服务\n```\n\n**常用开发命令:**\n```bash\ndocker compose ps # 查看服务状态\ndocker compose logs -f \u003Cservice> # 跟踪服务日志\ndocker compose down # 停止所有服务(保留卷)\ndocker compose --profile tools down --rmi local # 删除已构建的镜像\ndocker compose --profile tools down --rmi local --volumes --remove-orphans # 完全清理\n```\n\n> 如需完整的开发参考——热重载规则、常用命令、重要规则以及 AI 辅助编码指南——请查看 **[开发者指南](readmes\u002FREADME.DEV.md)**。\n\n---\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"280\" align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRedAmon-HackLab\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_569cbb23daab.png\" alt=\"RedAmon HackLab\" width=\"260\"\u002F>\n \u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n \u003Ch3>想看看 RedAmon 如同真正的渗透测试人员般思考吗?\u003C\u002Fh3>\n \u003Cp>探索实时的现场攻击会话——每一步、每个突破点、每种漏洞利用——涵盖 15 种漏洞类别,目标靶机全程在线。完整会话日志、解析后的操作指南,以及视频记录展示了代理从零开始自主攻陷多服务服务器的过程。\u003C\u002Fp>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRedAmon-HackLab\">\u003Cb>探索 HackLab →\u003C\u002Fb>\u003C\u002Fa>\n   |  \n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRedAmon-HackLab#community-sessions\">\u003Cb>提交你自己的会话 →\u003C\u002Fb>\u003C\u002Fa>\n \u003Cbr\u002F>\u003Csub>在你的目标上有了超棒的代理会话?分享给社区——包括会话日志 + YouTube 视频。\u003C\u002Fsub>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n---\n\n## 目录\n\n- [完整 Wiki 文档](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)\n- [概述](#overview)\n- [功能亮点](#feature-highlights)\n- [系统架构](#system-architecture)\n- [组件](#components)\n- [文档](#documentation)\n- [故障排除](#troubleshooting)\n- [社区展示](#community-showcase)\n- [法律](#legal)\n\n---\n\n## 概述\n\nRedAmon 是一个模块化、容器化的渗透测试框架,将自动化侦察、AI 驱动的漏洞利用和图驱动的情报整合到一条端到端的进攻性安全流水线中。每个组件都运行在 Docker 内——无需在宿主机上安装任何工具——并通过定义良好的 API 进行通信,以便各层能够独立演进。\n\n该平台围绕六大支柱构建:\n\n| 支柱 | 功能 |\n|--------|-------------|\n| **侦察流水线** | 一种并行化的扇出 \u002F 扇入扫描流水线,可映射目标的整个攻击面——从域名或 IP 地址 \u002F CIDR 范围开始——从子域名发现(5 个并发工具)到端口扫描、Nmap 服务检测与 NSE 漏洞脚本、HTTP 探测、资源枚举和漏洞检测。独立模块通过 `ThreadPoolExecutor` 并发运行,图数据库更新在后台线程中进行,结果以丰富且可查询的图形式存储。此外还配备了独立的 GVM 网络扫描、GitHub 密钥狩猎和 TruffleHog 深度密钥扫描模块。 |\n| **AI 代理编排器** | 基于 LangGraph 的自主代理,可对图进行推理,通过 MCP 选择安全工具,经历信息收集 \u002F 漏洞利用 \u002F 后利用阶段,并可通过聊天实时控制。 |\n| **攻击面图** | 一个 Neo4j 知识图谱,包含 17 种节点类型和 20 多种关系类型,作为所有发现的单一事实来源——也是 AI 代理在每次决策前查询的主要数据源。 |\n| **EvoGraph** | 一个持久化的进化型攻击链图,存储在 Neo4j 中,追踪攻击生命周期中的每一步、发现、决策和失败——连接侦察图,支持跨会话的情报积累。 |\n| **CypherFix** | 自动化漏洞修复流水线——AI 分诊代理关联并优先处理图中的发现,然后 CodeFix 代理克隆目标仓库,使用 ReAct 循环结合 11 种代码工具实施修复,并在 GitHub 上发起 Pull 请求。 |\n| **项目设置引擎** | 196+ 项针对每个项目的参数——通过 webapp UI 暴露——控制每个工具的行为,从 Naabu 线程数到 Nuclei 严重性过滤器再到代理审批门限。 |\n\n---\n\n## 功能亮点\n\n### 侦察流水线\n\n一个完全自动化、**并行化**的扫描引擎,运行于Kali Linux容器内。给定根域名、子域名列表或IP\u002FCIDR范围,它采用**扇出\u002F扇入**的流水线架构,映射完整的外部攻击面:子域名发现(crt.sh、HackerTarget、Subfinder、Amass、Knockpy——这5个工具同时运行)、**puredns通配符过滤**(针对公共DNS解析器验证子域名,并移除通配符\u002F中毒条目)、并行DNS解析(20个工作进程)、Shodan + 端口扫描(Masscan \u002F Naabu——两者并行运行)、被动威胁情报丰富(7个工具:Censys、FOFA、OTX、Netlas、VirusTotal、ZoomEye、CriminalIP——均与端口扫描并行执行)、Nmap服务版本检测及NSE漏洞脚本在已发现端口上运行、带有技术指纹识别的HTTP探测(httpx + Wappalyzer)、资源枚举(Katana、Hakrawler、GAU、ParamSpider、Kiterunner——内部并行,随后进行jsluice JavaScript分析、支持自定义词典的FFuf目录模糊测试,以及采用多方法并行执行的Arjun隐藏参数发现)、漏洞扫描(Nuclei,包含9,000多个模板 + DAST模糊测试)。Neo4j图更新在专用后台线程中运行,确保主流水线不会被阻塞。结果以JSON格式存储,并导入Neo4j图中。\n\n> **[Wiki: 运行侦察](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRunning-Reconnaissance)** | **[技术:README.RECON.md](readmes\u002FREADME.RECON.md)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_09bbfbed8a2d.gif\" alt=\"RedAmon侦察流水线\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n#### 侦察流水线工具矩阵\n\n| 设置选项卡 | 阶段 | 工具 | 类型 | 执行 |\n|:-----:|-------|-------|:----:|-----------|\n| **发现与OSINT** | **子域名发现** | crt.sh、HackerTarget、Subfinder、Amass、Knockpy | 被动* | 5个工具并行 |\n| | **通配符过滤** | Puredns | 主动 | 顺序 |\n| | **WHOIS + URLScan** | python-whois、URLScan.io API | 被动 | 并行 |\n| | **DNS解析** | dnspython | 被动 | 20个并行工作进程 |\n| | **OSINT丰富** | Shodan \u002F InternetDB | 被动 | 与端口扫描并行 |\n| | **Uncover扩展** | ProjectDiscovery Uncover(13个引擎:Shodan、Censys、FOFA、ZoomEye、Netlas、CriminalIP、Quake、Hunter、PublicWWW、HunterHow、Google、Onyphe、Driftnet) | 被动 | 在端口扫描之前(GROUP 2b) |\n| | **威胁情报丰富** | Censys、FOFA、OTX(AlienVault)、Netlas、VirusTotal、ZoomEye、CriminalIP | 被动 | 7个工具并行(GROUP 3b) |\n| **端口扫描** | **端口扫描** | Masscan、Naabu | 主动 | 两者并行 |\n| **Nmap服务检测** | **服务版本检测** | Nmap(-sV、--script vuln) | 主动 | 按目标顺序 |\n| **HTTP探测** | **HTTP探测** | httpx | 主动 | 内部并行 |\n| | **技术检测** | Wappalyzer | 被动 | 顺序(探测后) |\n| | **Banner抓取** | 自定义(Python套接字:SSH、FTP、SMTP、MySQL等) | 主动 | 并行工作进程 |\n| **资源枚举** | **网页爬虫** | Katana、Hakrawler | 主动 | 并行 |\n| | **存档发现** | GAU(Wayback、CommonCrawl、OTX) | 被动 | 与爬虫并行 |\n| | **参数挖掘** | ParamSpider(Wayback CDX) | 被动 | 与爬虫并行 |\n| | **JS分析** | jsluice | 被动 | 顺序(爬虫后) |\n| | **目录模糊测试** | FFuf | 主动 | 顺序(jsluice后) |\n| | **参数发现** | Arjun | 主动 | 方法并行(GET\u002FPOST\u002FJSON\u002FXML) |\n| | **API发现** | Kiterunner | 主动 | 按词典顺序 |\n| **漏洞扫描** | **漏洞扫描** | Nuclei(9,000+模板 + DAST + 自定义模板上传) | 主动 | 内部并行 |\n| **安全检查** | **安全检查** | WAF绕过、直接IP访问、TLS过期、缺失头信息、cache-control | 主动 | 并行工作进程 |\n| **CVE与MITRE** | **CVE丰富** | NVD API、Vulners API | 被动 | 顺序 |\n| | **MITRE丰富** | CWE \u002F CAPEC映射 | 被动 | 顺序 |\n\n\u003Csub>*Amass在配置后可运行主动模式。Knockpy执行主动DNS探测。\u003C\u002Fsub>\n\n### GVM漏洞扫描器\n\n**GVM\u002FOpenVAS**通过170,000多个NVTs进行深度网络级漏洞评估——在协议层探测服务的配置错误、过时软件、默认凭据和已知CVE。补充Nuclei的Web层发现结果。预设7种扫描配置文件,从快速主机发现(约2分钟)到详尽深度扫描(约8小时)。发现结果以漏洞节点形式存储于Neo4j中,与侦察图一同保存。\n\n> **[Wiki: GVM漏洞扫描](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FGVM-Vulnerability-Scanning)** | **[技术:README.GVM.md](readmes\u002FREADME.GVM.md)**\n\n### AI智能体编排器\n\n一个基于LangGraph的自主智能体,采用ReAct模式。它分为三个阶段——**情报收集**(情报搜集、图查询、Shodan、Google高级搜索)、**漏洞利用**(Metasploit、Hydra凭证测试、社会工程模拟)和**后渗透**(枚举、横向移动)。该智能体通过Kali沙箱内的MCP服务器执行14种安全工具,支持通过**Wave Runner**并行执行工具,并提供实时聊天交互,包括指导、暂停\u002F恢复以及审批工作流。**深度思考**模式可在行动前进行结构化战略分析。\n\n> **[Wiki:AI智能体指南](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Agent-Guide)** | **[技术:README.PENTEST_AGENT.md](readmes\u002FREADME.PENTEST_AGENT.md)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_98005cbf2e4d.gif\" alt=\"RedAmon 漏洞利用演示\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n#### 智能体工具库\n\n| 类别 | 工具 | 描述 | 阶段 | MCP服务器 |\n|:-----:|-------|-------------|:------:|:----------:|\n| **情报收集** | **query_graph** | Neo4j图查询——侦察数据的主要来源 | 全部 | -- |\n| | **web_search** | 通过Tavily进行互联网搜索,获取CVE详情、漏洞利用PoC、安全公告 | 全部 | -- |\n| | **shodan** | Shodan OSINT——主机详细信息、反向DNS、设备搜索 | 情报、漏洞利用 | -- |\n| | **google_dork** | 通过SerpAPI进行Google高级搜索——暴露文件、管理面板、目录列表 | 情报 | -- |\n| **扫描** | **execute_naabu** | 快速端口扫描与验证 | 情报、漏洞利用 | network_recon :8000 |\n| | **execute_nmap** | 深度服务检测(-sV)、操作系统指纹、NSE脚本 | 全部 | nmap :8004 |\n| | **execute_nuclei** | CVE验证与漏洞利用,内置9,000+模板及自定义上传 | 情报、漏洞利用 | nuclei :8002 |\n| **Web与HTTP** | **execute_curl** | HTTP请求——可达性、头部信息、状态码、Banner | 全部 | network_recon :8000 |\n| | **execute_playwright** | 无头Chromium浏览器自动化——提取JS渲染内容、SPA交互式脚本、表单测试、XSS验证 | 全部 | playwright :8005 |\n| **漏洞利用** | **metasploit_console** | 持久化msfconsole——漏洞利用执行、会话管理、后渗透 | 漏洞利用、后渗透 | metasploit :8003 |\n| | **msf_restart** | Metasploit完全重置——终止所有会话、清除模块状态 | 漏洞利用、后渗透 | metasploit :8003 |\n| | **execute_hydra** | THC Hydra暴力破解——支持50+协议(SSH、FTP、RDP、SMB、HTTP、MySQL等) | 漏洞利用、后渗透 | network_recon :8000 |\n| **代码执行** | **kali_shell** | 完整Kali Linux Shell——netcat、sqlmap、smbclient、msfvenom、searchsploit及30+命令行工具 | 全部 | network_recon :8000 |\n| | **execute_code** | 编写并运行代码文件(Python、Bash、Ruby、Perl、C、C++)——无需Shell转义 | 漏洞利用、后渗透 | network_recon :8000 |\n\n\u003Csub>所有MCP工具均在Kali Linux沙箱容器内运行。标记为危险的工具需手动确认后方可执行。隐身模式将活跃工具限制为仅被动操作或单目标操作。\u003C\u002Fsub>\n\n### AI模型提供商\n\n支持**5家提供商**和**400+模型**:OpenAI(GPT-5.2、GPT-5、GPT-4.1)、Anthropic(Claude Opus 4.6、Sonnet 4.5)、OpenRouter(300+模型)、AWS Bedrock,以及任何**兼容OpenAI的端点**(Ollama、vLLM、LM Studio、Groq等)。模型动态获取——无需硬编码列表。\n\n> **[Wiki:AI模型提供商](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Model-Providers)**\n\n### 攻击面图\n\n一个包含17种节点类型和20+关系类型的**Neo4j知识图谱**——目标攻击面的单一真相来源。智能体在每次决策前通过自然语言→Cypher翻译对其进行查询。\n\n> **[Wiki:攻击面图](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAttack-Surface-Graph)** | **[技术:GRAPH.SCHEMA.md](readmes\u002FGRAPH.SCHEMA.md)**\n\n### EvoGraph——攻击链演化\n\n一个持久化的进化图谱,追踪AI智能体所做的一切——工具执行、发现、失败及战略决策。结构化的链上下文取代了扁平的执行轨迹,使智能体效率提升25%以上。跨会话记忆意味着智能体不会从零开始。\n\n> **[Wiki:EvoGraph](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FEvoGraph-Attack-Chain-Evolution)** | **[技术:README.PENTEST_AGENT.md#evograph--evolutive-attack-chain-graph](readmes\u002FREADME.PENTEST_AGENT.md#evograph--evolutive-attack-chain-graph)**\n\n### 多会话并行攻击链\n\n针对同一项目启动**多个并发智能体会话**。每个会话在EvoGraph中创建自己的AttackChain。新会话会自动加载所有先前会话的发现与失败经验,避免重复劳动。\n\n> **[Wiki:AI智能体指南](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Agent-Guide)**\n\n### 反向Shell\n\n活跃会话的统一视图——meterpreter、反向\u002F绑定Shell及监听器。内置终端配备**命令低语者**,可将纯英文翻译成Shell命令。\n\n> **[Wiki:反向Shell](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FReverse-Shells)**\n\n### RedAmon终端\n\n通过**xterm.js**直接从图页面获得对Kali沙箱容器的完整交互式**PTY Shell访问**。无需离开浏览器即可访问所有预装的渗透测试工具(Metasploit、Nmap、Nuclei、Hydra、sqlmap)。具备深色终端主题、连接状态指示器、指数退避自动重连、全屏模式及浏览器端保活功能。\n\n> **[Wiki:图仪表板](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FThe-Graph-Dashboard#redamon-terminal)**\n\n### CypherFix——自动化漏洞修复\n\n双智能体流水线:一个**分类智能体**运行9个硬编码Cypher查询,然后使用LLM关联、去重并优先处理发现结果。一个**代码修复智能体**克隆目标仓库,用11种工具探索代码库,实施修复并打开GitHub PR——复刻Claude Code的代理式设计。\n\n> **[Wiki:CypherFix](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FCypherFix-Automated-Remediation)** | **[技术:README.CYPHERFIX_AGENTS.md](readmes\u002FREADME.CYPHERFIX_AGENTS.md)**\n\n### 智能体技能\n\n一个由LLM驱动的**意图路由器**,将用户请求分类为智能体技能:CVE(MSF)、SQL注入、凭证测试、社会工程、可用性测试,或用户自定义的Markdown文件上传技能。现成的**社区技能**可用于API测试、XSS、SQLi、SSRF——下载`.md`文件并通过**全局设置 > 智能体技能**上传激活,供你使用。你也可以通过提交PR【贡献你自己的技能】(https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAgent-Skills#share-your-skills-with-the-community)。\n\n> **[Wiki:智能体技能](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAgent-Skills)** | **[社区技能](agentic\u002Fcommunity-skills\u002F)**\n\n### GitHub Secret Hunter\n\n使用**40多种正则表达式模式**和香农熵分析,扫描GitHub仓库、gist及提交历史,查找暴露的密钥。\n\n> **[维基:GitHub Secret Hunting](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FGitHub-Secret-Hunting)**\n\n### TruffleHog 深度密钥扫描器\n\n使用**700多个检测器**扫描GitHub仓库中的泄露凭证,并自动验证发现的密钥是否仍然有效。该工具基于TruffleHog引擎(`trufflesecurity\u002Ftrufflehog`),可检测API密钥、密码、令牌、证书等,覆盖完整的提交历史。结果以`TrufflehogScan → TrufflehogRepository → TrufflehogFinding`节点的形式存储在Neo4j图中。GitHub Hunt和TruffleHog均可通过图工具栏中的**“其他扫描”模态**访问。\n\n### 项目设置\n\n涵盖14个选项卡的**196多个可配置参数**,控制每个工具的行为——从扫描模块到代理审批门限。可通过Web应用UI进行管理。\n\n> **[维基:项目设置参考](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FProject-Settings-Reference)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_85e8d4228c01.gif\" alt=\"RedAmon项目设置\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n### 行动规则(RoE)\n\n上传RoE文档(PDF、TXT、MD、DOCX),自动配置项目设置并实施参与约束。约束范围涵盖侦察管道(排除主机、速率限制、时间窗口)和AI代理(提示注入、严重性阶段上限、工具限制)两个层面。\n\n> **[维基:行动规则](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FRules-of-Engagement)**\n\n### 情报仪表板\n\n包含4个板块的30多个交互式图表——攻击链与漏洞利用、攻击面、漏洞与CVE情报,以及图概览。所有数据实时从Neo4j和PostgreSQL拉取。\n\n> **[维基:情报仪表板](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FInsights-Dashboard)**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_readme_5cc1db4d110e.gif\" alt=\"RedAmon情报仪表板\" width=\"100%\"\u002F>\n\u003C\u002Fp>\n\n### 目标防护墙\n\n基于大语言模型的防护墙,防止针对未授权域名的攻击——拦截政府网站、大型科技公司、金融机构和社交媒体平台。在项目创建和代理初始化时均生效。政府、军事、教育和国际组织域名(`.gov`、`.mil`、`.edu`、`.int`)由确定性的硬防护墙永久屏蔽,且不可禁用。\n\n> **[维基:创建项目](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FCreating-a-Project)**\n\n### 工具确认\n\n针对危险操作的每工具人工介入门限。启用后,代理会在执行高影响工具(Nmap、Nuclei、Metasploit、Hydra、Kali shell、代码执行)前暂停,并在聊天时间线中弹出**允许\u002F拒绝**提示。支持单工具和并行波次(计划)确认模式。用户可在工具执行前批准、拒绝或修改工具参数。可通过项目设置中的`要求工具确认`开关禁用。\n\n> **[维基:渗透测试代理—工具确认](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FPentest-Agent#tool-confirmation-gate)**\n\n### 渗透测试报告\n\n专业级、客户可用的HTML报告,包含11个章节。当配置了AI模型时,其中6个章节会获得**大语言模型生成的叙述**,包括执行摘要、风险分析和优先修复分类。**[查看示例报告](https:\u002F\u002Fhtmlpreview.github.io\u002F?https:\u002F\u002Fraw.githubusercontent.com\u002Fwiki\u002Fsamugit83\u002Fredamon\u002Fdocs\u002FPentest%20Report%20%E2%80%94%20devergolabs.com.html)**。\n\n> **[维基:渗透测试报告](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FPentest-Reports)**\n\n### 数据导出与导入\n\n通过Web界面实现项目的完整备份与恢复——包括设置、对话、图数据、侦察\u002FGVM\u002FGitHub扫描结果,打包为可移植的ZIP归档。\n\n> **[维基:数据导出与导入](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FData-Export-and-Import)**\n\n---\n\n## 系统架构\n\n```mermaid\nflowchart TB\n subgraph 用户[\"👤 用户层\"]\n 浏览器[Web浏览器]\n CLI[终端\u002FCLI]\n end\n\n subgraph 前端[\"🖥️ 前端层\"]\n Webapp[Next.js Web应用\u003Cbr\u002F>:3000]\n end\n\n subgraph 后端[\"⚙️ 后端层\"]\n 代理[AI代理编排器\u003Cbr\u002F>FastAPI + LangGraph\u003Cbr\u002F>:8090]\n 侦察编排[侦察编排器\u003Cbr\u002F>FastAPI + Docker SDK\u003Cbr\u002F>:8010]\n end\n\n subgraph 工具[\"🔧 MCP工具层\"]\n 网络侦察[网络侦察服务器\u003Cbr\u002F>Curl + Naabu\u003Cbr\u002F>:8000]\n Nuclei[Nuclei服务器\u003Cbr\u002F>:8002]\n Metasploit[Metasploit服务器\u003Cbr\u002F>:8003]\n Nmap[Nmap服务器\u003Cbr\u002F>:8004]\n end\n\n subgraph 扫描[\"🔍 扫描层\"]\n 侦察[侦察管道\u003Cbr\u002F>Docker容器]\n GVM[GVM\u002FOpenVAS扫描器\u003Cbr\u002F>网络漏洞评估]\n GHHunt[GitHub Secret Hunter\u003Cbr\u002F>凭证扫描]\n TruffleHog[TruffleHog扫描器\u003Cbr\u002F>700+密钥检测器]\n end\n\n subgraph 数据[\"💾 数据层\"]\n Neo4j[(Neo4j图数据库\u003Cbr\u002F>:7474\u002F:7687)]\n Postgres[(PostgreSQL\u003Cbr\u002F>项目设置\u003Cbr\u002F>:5432)]\n end\n\n subgraph LLM提供商[\"🧠 LLM提供商\"]\n OpenAI[OpenAI]\n Anthropic[Anthropic]\n 本地LLM[本地模型\u003Cbr\u002F>Ollama · vLLM · LM Studio]\n OpenRouter[OpenRouter\u003Cbr\u002F>300+模型]\n Bedrock[AWS Bedrock]\n end\n\n subgraph 外部[\"🌐 外部API\"]\n GitHubAPI[GitHub API\u003Cbr\u002F>仓库与代码搜索]\n end\n\n subgraph 目标[\"🎯 目标层\"]\n 目标[目标系统]\n 试验机[试验机\u003Cbr\u002F>测试虚拟机]\n end\n\n 浏览器 --> Webapp\n CLI --> 侦察\n Webapp \u003C-->|WebSocket| 代理\n Webapp -->|REST + SSE| 侦察编排\n Webapp --> Neo4j\n Webapp --> Postgres\n 侦察编排 -->|Docker SDK| 侦察\n 侦察编排 -->|Docker SDK| GVM\n 侦察编排 -->|Docker SDK| GHHunt\n 侦察编排 -->|Docker SDK| TruffleHog\n 侦察 -->|获取设置| Webapp\n GHHunt -->|GitHub API| GitHubAPI\n TruffleHog -->|GitHub API| GitHubAPI\n TruffleHog --> Neo4j\n 代理 -->|API| OpenAI\n 代理 -->|API| Anthropic\n 代理 -->|API| 本地LLM\n 代理 -->|API| OpenRouter\n 代理 -->|API| Bedrock\n 代理 --> Neo4j\n 代理 -->|MCP协议| 网络侦察\n 代理 -->|MCP协议| Nuclei\n 代理 -->|MCP协议| Metasploit\n 代理 -->|MCP协议| Nmap\n 侦察 --> Neo4j\n GVM -->|读取侦察输出| 侦察\n GVM --> Neo4j\n GVM --> 目标\n GVM --> 试验机\n 网络侦察 --> 目标\n Nuclei --> 目标\n Metasploit --> 目标\n Nmap --> 目标\n 网络侦察 --> 试验机\n Nuclei --> 试验机\n Metasploit --> 试验机\n Nmap --> 试验机\n```\n\n> **完整架构图**(数据流、Docker容器、侦察管道、代理工作流程、MCP集成):**[ARCHITECTURE.md](readmes\u002FARCHITECTURE.md)**\n>\n> **技术栈**(前端、后端、AI、数据库、安全工具等70多种技术):**[TECH_STACK.md](readmes\u002FTECH_STACK.md)**\n\n---\n\n## 组件\n\n| 组件 | 描述 | 文档 |\n|-----------|-------------|---------------|\n| **侦察流水线** | 并行化的扇出\u002F扇入OSINT和漏洞扫描流水线 | [README.RECON.md](readmes\u002FREADME.RECON.md) |\n| **侦察编排器** | 通过Docker SDK进行容器生命周期管理 | [README.RECON_ORCHESTRATOR.md](readmes\u002FREADME.RECON_ORCHESTRATOR.md) |\n| **图数据库** | 带多租户支持的Neo4j攻击面映射 | [README.GRAPH_DB.md](readmes\u002FREADME.GRAPH_DB.md) · [GRAPH.SCHEMA.md](readmes\u002FGRAPH.SCHEMA.md) |\n| **MCP工具服务器** | 通过模型上下文协议(Kali沙箱)提供的安全工具 | [README.MCP.md](readmes\u002FREADME.MCP.md) |\n| **AI智能体编排器** | 基于LangGraph的自主智能体,采用ReAct模式 | [README.PENTEST_AGENT.md](readmes\u002FREADME.PENTEST_AGENT.md) |\n| **CypherFix智能体** | 自动化分类+代码修复+GitHub PR | [README.CYPHERFIX_AGENTS.md](readmes\u002FREADME.CYPHERFIX_AGENTS.md) |\n| **Web应用** | Next.js仪表板,用于可视化和AI交互 | [README.WEBAPP.md](readmes\u002FREADME.WEBAPP.md) |\n| **GVM扫描器** | Greenbone\u002FOpenVAS网络漏洞扫描器(17万+NVT) | [README.GVM.md](readmes\u002FREADME.GVM.md) |\n| **TruffleHog扫描器** | 深度秘密扫描,含700+检测器及凭证验证 | — |\n| **PostgreSQL数据库** | 项目设置、用户账户、配置数据 | [README.POSTGRES.md](readmes\u002FREADME.POSTGRES.md) |\n| **测试环境** | 专为安全测试设计的故意易受攻击的Docker容器 | [README.GPIGS.md](readmes\u002FREADME.GPIGS.md) |\n\n---\n\n## 文档\n\n| 资源 | 链接 |\n|----------|------|\n| **完整Wiki**(用户指南) | **[github.com\u002Fsamugit83\u002Fredamon\u002Fwiki](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)** |\n| AI辅助开发 | **[Wiki: 用AI生成完美PR](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FAI-Assisted-Development)** |\n| 开发者指南 | [readmes\u002FREADME.DEV.md](readmes\u002FREADME.DEV.md) |\n| 架构图 | [readmes\u002FARCHITECTURE.md](readmes\u002FARCHITECTURE.md) |\n| 技术栈 | [readmes\u002FTECH_STACK.md](readmes\u002FTECH_STACK.md) |\n| 排障指南 | [readmes\u002FTROUBLESHOOTING.md](readmes\u002FTROUBLESHOOTING.md) |\n| 更改日志 | [CHANGELOG.md](CHANGELOG.md) |\n| 完整免责声明 | [DISCLAIMER.md](DISCLAIMER.md) |\n| 第三方许可证 | [THIRD-PARTY-LICENSES.md](THIRD-PARTY-LICENSES.md) |\n| 许可证 | [LICENSE](LICENSE) |\n\n---\n\n## 排障指南\n\nRedAmon完全基于Docker,可在任何支持Docker Compose v2+的操作系统上运行。针对特定操作系统的修复方法(Linux、Windows、macOS),请参阅**[排障指南](readmes\u002FTROUBLESHOOTING.md)**或**[Wiki](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki\u002FTroubleshooting)**。\n\n---\n\n## 社区展示\n\n来自安全专业人士在实际工作中使用RedAmon的视频、文章和真实案例。想被收录?请查看CONTRIBUTING.md中的【内容创作者】板块。\n\n### 视频\n\n| 标题 | 链接 |\n|-------|------|\n| RedAmon v2.2.0 — 社交工程测试:Payload投递至Shell访问 | [观看](https:\u002F\u002Fyoutu.be\u002FkVjV9K_eks4) |\n| AI智能体CVE验证 — 超越标准工具 | [观看](https:\u002F\u002Fyoutu.be\u002FrypmP1SJon8) |\n| RedAmon 2.0 — 10天内从0到1000个GitHub星标:多智能体并行攻击 | [观看](https:\u002F\u002Fyoutu.be\u002FafViJUit0xE) |\n| 从零开始构建自主AI红队智能体 — LangGraph + Metasploit + Neo4j完整教程 | [观看](https:\u002F\u002Fyoutu.be\u002FmO5CCkYlY94) |\n\n### 真实案例\n\n| 人物 | 内容 | 链接 |\n|-----|------|------|\n| Nipun Dinudaya | 在公司网站上部署RedAmon — 发现了一个关键的SQL注入漏洞,可能导致重大数据泄露 | [阅读LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fposts\u002Fnipun-dinudaya-6159b32bb_redamon-cybersecurity-penetrationtesting-ugcPost-7431233870253166592-aLvb) |\n| Venkata Bhargav CH S | 在Ascent e-Digit Solutions实习期间使用RedAmon — 实践侦察、DNS分析和攻击面映射 | [阅读LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fposts\u002Fvenkata-bhargav-cybersecurity_cybersecurity-ethicalhacking-redteam-share-7434940660803182592-e9En) |\n\n### 社区指南\n\n| 人物 | 内容 | 链接 |\n|-----|------|------|\n| MrGood | 掌握RedAmon:Kali Linux安装全面指南 — 解决Kali专用Docker挑战与安全态势 | [阅读Medium](https:\u002F\u002Fcyberaccoon.medium.com\u002Fmastering-redamon-a-comprehensive-guide-to-installation-on-kali-linux-ea544e6f5b9f) |\n| Bogdan Caraman | 如何在Debian 13 (Trixie)上安装RedAmon与OpenRouter — Docker设置、静态IP和systemd自动化分步指南 | [阅读博客](https:\u002F\u002Fblog.bogdancaraman.com\u002Finstall-redamon-debian-13-openrouter\u002F) |\n\n---\n\n## 贡献\n\n欢迎贡献!请阅读[CONTRIBUTING.md](CONTRIBUTING.md),了解如何入门、代码风格规范以及拉取请求流程。\n\n---\n\n## 维护者\n\n**Samuele Giampieri** — 创作者、维护者与AI平台架构师 · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fsamuele-giampieri-b1b67597\u002F) · [GitHub](https:\u002F\u002Fgithub.com\u002Fsamugit83) · [Devergo Labs](https:\u002F\u002Fwww.devergolabs.com\u002F)\n\n**Ritesh Gohil** — 维护者与首席安全研究员 · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Friteshgohil25\u002F) · [GitHub](https:\u002F\u002Fgithub.com\u002FL4stPL4Y3R)\n\n---\n\n## 联系方式\n\n如有疑问、反馈或合作意向,请联系:**devergo.sam@gmail.com**\n\n---\n\n## 法律声明\n\n本项目采用[MIT许可证](LICENSE)发布。\n\nRedAmon集成了若干第三方工具,这些工具各自拥有不同的许可证(AGPL-3.0、GPL、BSD等)。所有AGPL许可组件的源代码均在其上游仓库中提供。完整列表请参阅[THIRD-PARTY-LICENSES.md](THIRD-PARTY-LICENSES.md)。\n\n完整使用条款、可接受使用政策及法律合规要求,请参阅[DISCLAIMER.md](DISCLAIMER.md)。\n\n---\n\n\u003Cp align=\"center\">\n \u003Cstrong>请负责任地使用。以道德的方式测试。更好地保护自己。\u003C\u002Fstrong>\n\u003C\u002Fp>","## 环境准备\n\n### 系统要求\n| 资源 | 无 OpenVAS | 含 OpenVAS(完整栈) |\n|------|------------|----------------------|\n| CPU | 2 核 | 4 核 |\n| 内存 | 4 GB | 8 GB(推荐 16 GB) |\n| 磁盘 | 20 GB 空闲 | 50 GB 空闲 |\n\n> 无 OpenVAS 模式运行 6 个容器;含 OpenVAS 会额外启动 4 个运行时容器和约 17 个数据初始化容器,首次启动需同步漏洞数据(约 30 分钟)。\n\n### 前置依赖\n- [Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F) 和 Docker Compose v2+\n- **国内用户建议配置 Docker 镜像加速器**(例如阿里云加速器 `https:\u002F\u002F\u003Cyour_id>.mirror.aliyuncs.com` 或中科大镜像 `https:\u002F\u002Fdocker.mirrors.ustc.edu.cn`),以加快镜像下载速度。\n\n## 安装步骤\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon.git\ncd redamon\n\n# 轻量级安装(无 OpenVAS)\n.\u002Fredamon.sh install\n\n# 完整安装(含 OpenVAS,首次运行约 30 分钟)\n.\u002Fredamon.sh install --gvm\n```\n\n安装完成后,服务自动启动。\n\n## 基本使用\n\n1. 访问 `http:\u002F\u002Flocalhost:3000`,点击页面右上角齿轮图标进入设置页面。\n2. 配置 LLM 提供商(如 OpenAI、Anthropic 等 API 密钥)及各类安全工具的 API 密钥(如 Shodan、Tavily、Vulners 等)。\n3. 创建新项目,设置目标 IP 或域名,启动扫描。系统将自动执行漏洞检测、修复并生成 GitHub PR。\n\n> 注意:配置 API 密钥前请确保已注册相关服务并获取有效密钥。详细配置指南请参考 [Wiki 文档](https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fwiki)。","某金融科技公司开发团队在部署新移动银行应用前需48小时内完成渗透测试,传统手动流程导致上线严重延迟。\n\n### 没有 redamon 时\n- 手动运行 Nmap、Metasploit、Nuclei 等 38+ 安全工具,结果分散在不同文件,人工整合分析需 2 天\n- 发现 SQL 注入漏洞后,安全专家需编写详细报告,开发人员手动修改代码并测试,耗时 1 天\n- 修复后需人工重新扫描验证,易遗漏高危漏洞,存在安全风险\n- 跨团队沟通频繁,测试周期长达 5 天,导致应用上线延期\n\n### 使用 redamon 后\n- 自动执行全栈扫描,整合所有工具结果,1 小时内生成完整漏洞报告\n- 自动识别漏洞并调用 CypherFix 生成修复代码,直接提交 PR,开发团队仅需审核,节省 1 天人工修复时间\n- 修复后自动触发二次扫描验证,实时确认漏洞关闭,无需人工干预\n- AI 优先级排序高危漏洞,确保关键问题优先处理,风险显著降低\n- 从扫描到修复验证全程自动化,总耗时压缩至 4 小时,准时上线\n\nredamon 将传统渗透测试流程从 5 天缩短至 4 小时,实现安全漏洞的自动化发现、修复与验证,显著提升安全效率与系统可靠性。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsamugit83_redamon_26c9498a.png","samugit83","Samuele Giampieri","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fsamugit83_1d88e9a2.png",null,"www.devergolabs.com","devergo.sam@gmail.com","https:\u002F\u002Fgithub.com\u002Fsamugit83",[83,87,91,95,99,103,107],{"name":84,"color":85,"percentage":86},"Python","#3572A5",59.4,{"name":88,"color":89,"percentage":90},"TypeScript","#3178c6",32.8,{"name":92,"color":93,"percentage":94},"CSS","#663399",6.2,{"name":96,"color":97,"percentage":98},"Shell","#89e051",0.8,{"name":100,"color":101,"percentage":102},"Dockerfile","#384d54",0.4,{"name":104,"color":105,"percentage":106},"HTML","#e34c26",0.3,{"name":108,"color":109,"percentage":110},"JavaScript","#f1e05a",0.1,1707,357,"2026-04-05T09:12:33","MIT","Linux, macOS","未说明","16GB+",{"notes":119,"python":116,"dependencies":120},"宿主无需安装Node.js、Python或安全工具;首次运行需约30分钟同步GVM漏洞数据;运行时动态生成容器需额外资源;详细配置请参考Wiki。",[],[15,13,14],[123,124,125,126,127,128,129,130,131,132],"agentic-ai","cybersecurity","ethical-hacking","ethical-hacking-tools","metasploit","osint","penetration-testing","red-team","ai","exploitation","2026-03-27T02:49:30.150509","2026-04-06T06:45:47.803141",[136,141,146,151],{"id":137,"question_zh":138,"answer_zh":139,"source_url":140},8857,"点击Start Recon按钮时出现错误","根原因是recon工具镜像未构建。运行命令:docker compose --profile tools build 构建镜像,然后验证镜像存在:docker images | grep redamon,应看到redamon-recon:latest、redamon-vuln-scanner:latest和redamon-github-hunter:latest。之后点击Start Recon应正常工作。","https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fissues\u002F31",{"id":142,"question_zh":143,"answer_zh":144,"source_url":145},8858,"Kali-sandbox构建失败,出现403 Forbidden错误","kali.download被Cloudflare阻止。在Dockerfile中修改镜像源,例如:RUN echo \"deb http:\u002F\u002Fftp.halifax.rwth-aachen.de\u002Fkali kali-rolling main contrib non-free non-free-firmware\" > \u002Fetc\u002Fapt\u002Fsources.list,然后运行apt-get update。官方镜像列表见https:\u002F\u002Fhttp.kali.org\u002FREADME.mirrorlist。","https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fissues\u002F19",{"id":147,"question_zh":148,"answer_zh":149,"source_url":150},8859,"点击报告按钮时显示错误","修复原因是\u002Fdata\u002Freports目录权限问题。运行以下命令:git pull, docker compose down, docker volume rm redamon_report_data, docker compose build webapp, docker compose up -d。这将重建卷并修复权限。","https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fissues\u002F56",{"id":152,"question_zh":153,"answer_zh":154,"source_url":155},8860,"redamon-kali镜像无法启动,错误:exec \u002Fopt\u002Fentrypoint.sh: no such file or directory","问题在Windows上,Git自动转换行尾。运行命令:git pull, docker compose -f mcp\u002Fdocker-compose.yml build --no-cache kali-sandbox 以修复行尾问题。","https:\u002F\u002Fgithub.com\u002Fsamugit83\u002Fredamon\u002Fissues\u002F32",[157,162,167,172,177,182,187,192],{"id":158,"version":159,"summary_zh":160,"released_at":161},106246,"v3.2.0","### Added\n\n- **Uncover Multi-Engine Target Expansion** -- ProjectDiscovery's [uncover](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Funcover) integrated as GROUP 2b in the recon pipeline, running before Shodan and port scanning to expand the target surface. Queries up to 13 search engines simultaneously (Shodan, Censys, FOFA, ZoomEye, Netlas, CriminalIP, Quake, Hunter, PublicWWW, HunterHow, Google Custom Search, Onyphe, Driftnet) to discover exposed hosts, IPs, and endpoints associated with the target domain:\n - **Smart key reuse:** automatically picks up API keys already configured for standalone OSINT enrichment modules -- no extra configuration needed if you already have Shodan\u002FCensys\u002FFOFA\u002Fetc. keys\n - **Docker-in-Docker:** runs `projectdiscovery\u002Funcover:latest` container with a dynamically generated `provider-config.yaml` containing only engines with valid credentials\n - **Engine-aware parsing:** handles per-engine quirks -- Google URL-in-IP field, PublicWWW host-only results (no IP), Censys URL endpoints -- preventing silent data loss\n - **URL discovery:** captures in-scope URLs from engines that populate the `url` field (Censys, PublicWWW, Google), stored as Endpoint nodes in Neo4j\n - **Pipeline merge:** discovered subdomains injected into DNS structures so all downstream modules (port scan, HTTP probe, OSINT enrichment) process them automatically\n - **Neo4j graph:** Subdomain, IP, Port, and Endpoint nodes with source tracking (uncover_sources, source_counts, total_raw, total_deduped)\n - **Frontend:** embedded in OsintEnrichmentSection with enable\u002Fdisable toggle and max results. Settings page groups uncover-specific keys under \"Uncover (Multi-Engine Search)\" with `Standalone + Uncover` badges on shared keys\n - **Tests:** 80 unit tests across 3 test files\n\n- **Centralized IP Filtering (`ip_filter.py`)** -- shared module replacing duplicate inline filtering across all OSINT enrichment modules. Filters RFC 1918 private, loopback, link-local, CGNAT, multicast, reserved ranges and CDN IPs (detected by Naabu\u002Fhttpx). Used by all 9 enrichment modules before making external API calls\n\n- **Censys Platform API v3 Migration** -- migrated from deprecated Basic Auth (API_ID\u002FAPI_SECRET) to Bearer token auth (CENSYS_API_TOKEN + CENSYS_ORG_ID). Both recon pipeline and AI agent tool updated\n\n- **CriminalIP Agent Tool** -- added `criminalip_lookup` to the AI agent tool registry for interactive IP threat intelligence queries\n\n### Fixed\n\n- Silent data loss in uncover (Google\u002FPublicWWW results dropped)\n- Graph data loss (sources\u002Fsource_counts metadata not written to Neo4j)\n- Logging format violations (logger.* instead of print with pipeline prefix)\n- Missing uncoverDockerImage Prisma schema field\n- Missing Uncover entries in nodeMapping (SECTION_INPUT_MAP \u002F SECTION_NODE_MAP)","2026-03-31T16:23:06",{"id":163,"version":164,"summary_zh":165,"released_at":166},106247,"v3.0.0","\r\n### Added\r\n\r\n- **Custom Nuclei Templates Integration** — custom nuclei templates (`mcp\u002Fnuclei-templates\u002F`) are now manageable via the UI with per-project selection, dynamically discovered by the agent, and included in automated recon scans:\r\n - **Template Upload UI**: upload, view, and delete custom `.yaml`\u002F`.yml` nuclei templates directly from Project Settings → Nuclei → Template Options. Templates are global (shared across all projects). Upload validates nuclei template format (requires `id:` and `info:` with `name:` and `severity:`). API: `GET\u002FPOST\u002FDELETE \u002Fapi\u002Fnuclei-templates`\r\n - **Per-project template selection**: each template has a checkbox — only checked templates are included in that project's automated scans. Stored as `nucleiSelectedCustomTemplates` String[] per project (default: `[]`). Different projects can enable different templates from the same global pool\r\n - **Agent discovery**: at startup, the nuclei MCP server scans `\u002Fopt\u002Fnuclei-templates\u002F` and dynamically appends all template paths (id, severity, name) to the `execute_nuclei` tool description, so the agent automatically knows what custom templates are available\r\n - **Recon pipeline**: selected templates are individually passed as `-t \u002Fcustom-templates\u002F{path}` flags to nuclei. Recon logs list each selected template by name\r\n - **Spring Boot Actuator templates** (community PR #69): 7 detection templates with 200+ WAF bypass paths for `\u002Factuator`, `\u002Fheapdump`, `\u002Fenv`, `\u002Fjolokia`, `\u002Fgateway` endpoints — URL encoding, semicolon injection, path traversal, and alternate base path evasion techniques\r\n\r\n- **SSL Verify Toggle for OpenAI-compatible LLM Providers** (community PR #70) — `sslVerify` boolean (default: `true`) lets users skip SSL certificate verification when connecting to internal\u002Fself-hosted LLM endpoints with self-signed certificates. Full stack: Prisma schema, API route, frontend checkbox, agent `httpx.Client(verify=False)` injection.\r\n\r\n- **Dockerfile `DEBIAN_FRONTEND=noninteractive`** (community PR #63) — added to `agentic`, `recon_orchestrator`, and `guinea_pigs` Dockerfiles to suppress interactive `apt-get` prompts during builds.\r\n\r\n- **ParamSpider Passive Parameter Discovery** — mines the Wayback Machine CDX API for historically-documented URLs containing query parameters. Only returns parameterized URLs (with `?key=value`), with values replaced by a configurable placeholder (default `FUZZ`), making results directly usable for fuzzing. Runs in Phase 4 (Resource Enumeration) in parallel with Katana, Hakrawler, and GAU. Passive — no traffic to target. No API keys required. Disabled by default; stealth mode auto-enables it. Full stack integration:\r\n - **Backend**: `paramspider_helpers.py` with `run_paramspider_discovery()` (subprocess per domain, stdout + file output parsing, scope filtering, temp dir cleanup) and `merge_paramspider_into_by_base_url()` (sources array merge, parameter enrichment, deduplication)\r\n - **Settings**: 3 user-configurable `PARAMSPIDER_*` settings (enabled, placeholder, timeout)\r\n - **Frontend**: `ParamSpiderSection.tsx` with enable toggle, placeholder input, timeout setting\r\n - **Stealth mode**: auto-enabled (passive tool, queries Wayback Machine only)\r\n - **Tests**: 22 unit tests covering merge logic, subprocess mocking, scope filtering, method merging, legacy field migration, settings, stealth overrides\r\n\r\n- **Arjun Parameter Discovery** — discovers hidden HTTP query and body parameters on endpoints by testing ~25,000 common parameter names. Runs in Phase 4 (Resource Enumeration) after FFuf, testing discovered endpoints from crawlers\u002Ffuzzers rather than just base URLs. Disabled by default; stealth mode forces passive-only; RoE caps rate. Full stack integration:\r\n - **Backend**: `arjun_helpers.py` with multi-method parallel execution via `ThreadPoolExecutor` — each selected method (GET\u002FPOST\u002FJSON\u002FXML) runs as a separate Arjun subprocess simultaneously\r\n - **Discovered endpoint feeding**: collects full endpoint URLs from Katana + Hakrawler + jsluice + FFuf results, prioritizes API and dynamic endpoints, caps to configurable max (default 50)\r\n - **Settings**: 12 user-configurable `ARJUN_*` settings (methods, max endpoints, threads, timeout, chunk size, rate limit, stable mode, passive mode, disable redirects, custom headers)\r\n - **Frontend**: `ArjunSection.tsx` with multi-select method checkboxes, max endpoints field, scan parameters, stable\u002Fpassive\u002Fredirect toggles, custom headers textarea\r\n - **Stealth mode**: forces `ARJUN_PASSIVE=True` (CommonCrawl\u002FOTX\u002FWaybackMachine only, no active requests to target)\r\n - **Tests**: 29 unit tests covering merge logic, multi-method parallel execution, scope filtering, command building, settings consistency, stealth\u002FRoE overrides\r\n\r\n- **FFuf Directory Fuzzer** — brute-force directory\u002Fendpoint discovery using wordlists, complementing crawlers (Katana, Hakrawler, GAU) by finding hidden content (admin panels, backup files, configs, undocumented APIs). Ru","2026-03-23T21:09:40",{"id":168,"version":169,"summary_zh":170,"released_at":171},106248,"v2.3.0","\r\n### Added\r\n\r\n- **Global Settings Page** — new `\u002Fsettings` page (gear icon in header) for managing all user-level configuration through the UI. AI provider keys and Tavily API key are configured exclusively here — no `.env` file needed. Two sections:\r\n - **LLM Providers** — add, edit, delete, and test LLM provider configurations stored per-user in the database. Supports five provider types:\r\n - **OpenAI, Anthropic, OpenRouter** — enter API key, all models auto-discovered\r\n - **AWS Bedrock** — enter AWS credentials + region, foundation models auto-discovered\r\n - **OpenAI-Compatible** — single endpoint+model configuration with presets for Ollama, vLLM, LM Studio, Groq, Together AI, Fireworks AI, Mistral AI, and Deepinfra. Supports custom base URL, headers, timeout, temperature, and max tokens\r\n - **Tool API Keys** — Tavily API key (web search), Shodan API key (internet-wide OSINT), and SerpAPI key (Google dorking)\r\n- **Test Connection** — each LLM provider can be tested before saving with a \"Test Connection\" button that sends a simple message and shows the response\r\n- **DB-only settings** — AI provider keys and Tavily API key are stored exclusively in the database (per-user). No env-var fallback — `.env` is reserved for infrastructure variables only (NVD, tunneling, database credentials, ports)\r\n- **Prisma schema** — added `UserLlmProvider` and `UserSettings` models with relations to `User`\r\n- **Centralized LLM setup** — CypherFix triage and codefix orchestrators now use the shared `setup_llm()` function instead of duplicating provider routing logic\r\n\r\n- **Pentest Report Generation** — generate professional, client-ready penetration testing reports as self-contained HTML files from the `\u002Freports` page. Reports compile all reconnaissance data, vulnerability findings, CVE intelligence, attack chain results, and remediation recommendations into an 11-section document (Cover, Executive Summary, Scope & Methodology, Risk Summary, Findings, Other Vulnerability Details, Attack Surface, CVE Intelligence, GitHub Secrets, Attack Chains, Recommendations, Appendix). Features include:\r\n - **LLM-generated narratives** — when an AI model is configured, six report sections receive detailed prose: executive summary (8–12 paragraphs), scope, risk analysis, findings context, attack surface analysis, and exhaustive prioritized remediation triage. Falls back gracefully to data-only reports when no LLM is available\r\n - **Security Posture Radar** — inline SVG 6-axis radar chart in the Risk Summary section showing Attack Surface, Vulnerability Density, Exploitability, Certificate Health, Injectable Parameters, and Security Header coverage using logarithmic normalization\r\n - **Security Headers Gap Analysis** — per-header weighted coverage bars (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy) with color-coded thresholds\r\n - **CISA KEV Callout** — prominent alert box highlighting Known Exploited Vulnerabilities when present\r\n - **Injectable Parameters Breakdown** — summary and per-position injection risk analysis with visual bars\r\n - **Attack Flow Chains** — Technology → CVE → CWE → CAPEC flow table showing complete attack paths\r\n - **CDN Coverage visualization** — ratio of CDN-fronted vs directly exposed IPs in the Attack Surface section\r\n - **Project-specific generation** — dedicated project selector dropdown on the reports page (independent of the top bar selection)\r\n - **Download and Open** — separate buttons to save the HTML file locally or open in a new browser tab\r\n - **Print\u002FPDF optimized** — page breaks, print-friendly CSS, and clean SVG\u002FCSS bar rendering for `Ctrl+P` export\r\n - **Export\u002FImport support** — reports (metadata + HTML files) are included in project export ZIP archives and fully restored on import\r\n - **Wiki documentation** — new [Pentest Reports](redamon.wiki\u002F20.-Pentest-Reports) wiki page with example report download\r\n\r\n- **Target Guardrail** — LLM-based safety check that prevents targeting unauthorized domains and IPs. Blocks government sites (`.gov`, `.mil`), major tech companies, financial institutions, social media platforms, and other well-known public services. Two layers: project creation (fail-open) and agent initialization (fail-closed). For IP mode, public IPs are resolved via reverse DNS before evaluation; private\u002FRFC1918 IPs are auto-allowed. Blocked targets show a centered modal with the reason.\r\n\r\n- **Expanded CPE Technology Mappings** — CPE_MAPPINGS table in `recon\u002Fhelpers\u002Fcve_helpers.py` expanded from 82 to 133 entries, significantly improving CVE lookup accuracy for Wappalyzer-detected technologies. New coverage includes:\r\n - **CMS**: Magento, Ghost, TYPO3, Concrete CMS, Craft CMS, Strapi, Umbraco, Adobe Experience Manager, Sitecore, DNN, Kentico\r\n - **Web Frameworks**: CodeIgniter, Symfony, CakePHP, Yii, Nuxt.js, Apache Struts, Adobe ColdFusion\r\n - **JavaScript Libraries**: Moment.js, Lodash, Handlebars, Ember.","2026-03-14T23:03:43",{"id":173,"version":174,"summary_zh":175,"released_at":176},106249,"v2.2.0","### Added\r\n\r\n- **Pipeline Pause \u002F Resume \u002F Stop Controls** — full lifecycle management for all three pipelines (Recon, GVM Scan, GitHub Secret Hunt):\r\n - **Pause** — freezes the running container via Docker cgroups (`container.pause()`). Zero changes to scan scripts; processes resume exactly where they left off\r\n - **Resume** — unfreezes the container (`container.unpause()`), logs resume streaming instantly\r\n - **Stop** — kills the container permanently. Paused containers are unpaused before stopping to avoid cgroup issues. Sub-containers (naabu, httpx, nuclei, etc.) are also cleaned up\r\n - **Toolbar UI** — when running: spinner + Pause button + Stop button. When paused: Resume button + Stop button. When stopping: \"Stopping...\" with disabled controls\r\n - **Logs drawer controls** — pause\u002Fresume and stop buttons in the status bar, with `Paused` status indicator and spinner during stopping\r\n - **Optimistic UI** — stop button immediately shows \"Stopping...\" before the API responds\r\n - **SSE stays alive** during pause and stopping states so logs resume\u002Fcomplete without reconnection\r\n - 6 new backend endpoints (`POST \u002F{recon,gvm,github-hunt}\u002F{projectId}\u002F{pause,resume}`) and 9 new webapp API proxy routes (pause\u002Fresume\u002Fstop × 3 pipelines)\r\n - Removed the auto-scroll play\u002Fpause toggle from logs drawer (redundant with \"Scroll to bottom\" button)\r\n- **IP\u002FCIDR Targeting Mode** — start reconnaissance from IP addresses or CIDR ranges instead of a domain:\r\n - **\"Start from IP\" toggle** in the Target & Modules tab — switches the project from domain-based to IP-based targeting. Locked after creation (cannot switch modes on existing projects)\r\n - **Target IPs \u002F CIDRs textarea** — accepts individual IPs (`192.168.1.1`), IPv6 (`2001:db8::1`), and CIDR ranges (`10.0.0.0\u002F24`, `192.168.1.0\u002F28`) with a max \u002F24 (256 hosts) limit per CIDR\r\n - **Reverse DNS (PTR) resolution** — each IP is resolved to its hostname via PTR records. When no PTR exists, a mock hostname is generated from the IP (e.g., `192-168-1-1`)\r\n - **CIDR expansion** — CIDR ranges are automatically expanded into individual host IPs (network and broadcast addresses excluded). Original CIDRs are passed to naabu for efficient native scanning\r\n - **Full pipeline support** — IP-mode projects run the complete 6-phase pipeline: reverse DNS + IP WHOIS → port scan → HTTP probe → resource enumeration (Katana, Kiterunner) → vulnerability scan (Nuclei) → CVE\u002FMITRE enrichment\r\n - **Neo4j graph integration** — mock Domain node (`ip-targets.{project_id}`) with `ip_mode: true`, Subdomain nodes (real PTR hostnames or IP-based mocks), IP nodes with WHOIS data, and all downstream relationships\r\n - **Tenant-scoped Neo4j constraints** — IP, Subdomain, BaseURL, Port, Service, and Technology uniqueness constraints are now scoped to `(key, user_id, project_id)`, allowing the same IP\u002Fsubdomain to exist in different projects without conflicts\r\n - **Input validation** — new `webapp\u002Fsrc\u002Flib\u002Fvalidation.ts` module with regex validators for IPs, CIDRs, domains, ports, status codes, HTTP headers, GitHub tokens, and more. Validation runs on form submit\r\n - `ipMode` and `targetIps` fields added to Prisma schema with database migration\r\n- **Chisel TCP Tunnel Integration** — multi-port reverse tunnel alternative to ngrok for full attack path support:\r\n - chisel (v1.11.4) installed alongside ngrok in kali-sandbox Dockerfile — single binary, supports amd64 and arm64\r\n - Reverse tunnels both port 4444 (handler) and port 8080 (web delivery\u002FHTA) through a single connection to a VPS\r\n - Enables **Web Delivery** (Method C) and **HTA Delivery** (Method D) phishing attacks that require two ports — previously blocked with ngrok's single-port limitation\r\n - **Stageless** Meterpreter payloads required through chisel (staged payloads fail through tunnels — same as ngrok)\r\n - Deterministic endpoint discovery — LHOST derived from `CHISEL_SERVER_URL` hostname (no API polling needed)\r\n - Auto-reconnect with exponential backoff if VPS connection drops\r\n - `CHISEL_SERVER_URL` and `CHISEL_AUTH` env vars added to `.env.example` and `docker-compose.yml`\r\n - `_query_chisel_tunnel()` utility in `agentic\u002Futils.py` with `get_session_config_prompt()` integration\r\n - `agentChiselTunnelEnabled` Prisma field with database migration\r\n- **Phishing \u002F Social Engineering Attack Path** (`phishing_social_engineering`) — third classified attack path with a mandatory 6-step workflow: target platform selection, handler setup, payload generation, verification, delivery, and session callback:\r\n - **Standalone Payloads** (Method A): msfvenom-based payload generation for Windows (exe, psh, psh-reflection, vba, hta-psh), Linux (elf, bash, python), macOS (macho), Android (apk), Java (war), and cross-platform (python) — with optional AV evasion via shikata_ga_nai encoding\r\n - **Malicious Documents** (Method B): Metasploit fileformat modules for weaponized Word macro (.docm), Excel macro (.xlsm), PDF (Adobe Reader exploit","2026-03-05T21:16:31",{"id":178,"version":179,"summary_zh":180,"released_at":181},106250,"v2.1.0","### Added\r\n\r\n- **CypherFix — Automated Vulnerability Remediation Pipeline** — end-to-end system that takes offensive findings from the Neo4j graph and turns them into merged code fixes:\r\n - **Triage Agent** (`cypherfix_triage\u002F`): AI agent that queries the Neo4j knowledge graph, correlates hundreds of reconnaissance and exploitation findings, deduplicates them, ranks by exploitability and severity, and produces a prioritized remediation plan\r\n - **CodeFix Agent** (`cypherfix_codefix\u002F`): autonomous code-repair agent that clones the target repository, navigates the codebase with 11 code-aware tools, implements targeted fixes for each triaged vulnerability, and opens a GitHub pull request ready for review and merge\r\n - Real-time WebSocket streaming for both Triage and CodeFix agents with dedicated hooks (`useCypherFixTriageWS`, `useCypherFixCodeFixWS`)\r\n - Remediations API (`\u002Fapi\u002Fremediations\u002F`) and hook (`useRemediations`) for persisting and retrieving remediation results\r\n - CypherFix API routes (`\u002Fapi\u002Fcypherfix\u002F`) for triggering and managing triage and codefix sessions\r\n - Agent-side API endpoints and orchestrator integration in `api.py` and `orchestrator.py`\r\n- **CypherFix Tab on Graph Page** — new tab (`CypherFixTab\u002F`) in the Graph dashboard providing a dedicated interface to launch triage, review prioritized findings, trigger code fixes, and monitor remediation progress\r\n- **CypherFix Settings Section** — new `CypherFixSettingsSection` in Project Settings for configuring CypherFix parameters (GitHub repo, branch, AI model, triage\u002Fcodefix behavior)\r\n- **CypherFix Type System** (`cypherfix-types.ts`) — shared TypeScript types for triage results, codefix sessions, remediation records, and WebSocket message protocols\r\n- **Agentic README Documentation** (`agentic\u002Freadmes\u002F`) — internal documentation for the agentic module\r\n\r\n### Changed\r\n\r\n- **Global Header** — updated navigation to include CypherFix access point\r\n- **View Tabs** — styling updates to accommodate the new CypherFix tab\r\n- **Project Form** — expanded with CypherFix settings section and updated section exports\r\n- **Hooks barrel export** — updated `hooks\u002Findex.ts` with new CypherFix and remediation hooks\r\n- **Prisma Schema** — new fields for CypherFix configuration in the project model\r\n- **Agent Requirements** — new Python dependencies for CypherFix agents\r\n- **Docker Compose** — updated service configuration for CypherFix support\r\n- **README** — version bump to v2.1.0, CypherFix badge added, pipeline description updated\r\n\r\n---","2026-02-27T20:38:51",{"id":183,"version":184,"summary_zh":185,"released_at":186},106251,"v1.3.0","### Added\r\n\r\n- **Multi-Provider LLM Support** — the agent now supports **4 AI providers** (OpenAI, Anthropic, OpenRouter, AWS Bedrock) with 400+ selectable models. Models are dynamically fetched from each provider's API and cached for 1 hour. Provider is auto-detected via a prefix convention (`openrouter\u002F`, `bedrock\u002F`, `claude-*`, or plain OpenAI)\r\n- **Dynamic Model Selector** — replaced the hardcoded 11-model dropdown with a searchable, provider-grouped model picker in Project Settings. Type to filter across all providers instantly; each model shows name, context window, and pricing info\r\n- **`GET \u002Fmodels` API Endpoint** — new agent endpoint that fetches available models from all configured providers in parallel. Proxied through the webapp at `\u002Fapi\u002Fmodels`\r\n- **`model_providers.py`** — new provider discovery module with async fetchers for OpenAI, Anthropic, OpenRouter, and AWS Bedrock APIs, with in-memory caching (1h TTL)\r\n- **Stealth Mode** — new per-project toggle that forces the entire pipeline to use only passive and low-noise techniques:\r\n - Recon: disables Kiterunner and banner grabbing, switches Naabu to CONNECT scan with rate limiting, throttles httpx\u002FKatana\u002FNuclei, disables DAST and interactsh callbacks\r\n - Agent: injects stealth rules into the system prompt — only passive\u002Fstealthy methods allowed, agent must refuse if stealth is impossible\r\n - GVM scanning disabled in stealth mode (generates ~50K active probes per target)\r\n- **Stealth Mode UI** — toggle in Target section of Project Settings with description of what it does\r\n- **Kali Sandbox Tooling Expansion** — 15+ new packages installed in the Kali container: `netcat`, `socat`, `rlwrap`, `exploitdb`, `john`, `smbclient`, `sqlmap`, `jq`, `gcc`, `g++`, `make`, `perl`, `go`\r\n- **`kali_shell` MCP Tool** — direct Kali Linux shell command execution, available in all phases\r\n- **`execute_code` MCP Tool** — run custom Python\u002FBash exploit scripts on the Kali sandbox\r\n- **`msf_restart` MCP Tool** — restart Metasploit RPC daemon when it becomes unresponsive\r\n- **`execute_nmap` MCP Tool** — deep service analysis, OS fingerprinting, NSE scripts (consolidated from previous naabu-only setup)\r\n- **MCP Server Consolidation** — merged curl and naabu servers into a unified `network_recon_server.py`, added dedicated `nmap_server.py`, fixed tool loading race condition\r\n- **Failure Loop Detection** — agent detects 3+ consecutive similar failures and injects a pivot warning to break out of unproductive loops\r\n- **Prompt Token Optimization** — lazy no-module fallback injection (saves ~1.1K tokens), compact formatting for older execution trace steps (full output only for last 5), trimmed rarely-used wordlist tables\r\n- **Metasploit Prewarm** — pre-initializes Metasploit console on agent startup to reduce first-use latency\r\n- **Markdown Report Export** — download the full agent conversation as a formatted Markdown file\r\n- **Brute Force & CVE Exploit Settings** — new Project Settings sections for configuring brute force speed\u002Fwordlist limits and CVE exploit attack path parameters\r\n- **Node.js Deserialization Guinea Pig** — new test environment for CVE-2017-5941 (node-serialize RCE)\r\n- **Phase Tools Tooltip** — hover on phase badges to see which MCP tools are available in that phase\r\n- **GitHub Secrets Suggestion** — new suggestion button in AI Assistant to leverage discovered GitHub secrets during exploitation\r\n\r\n### Changed\r\n\r\n- **Agent Orchestrator** — rewritten `_setup_llm()` with 4-way provider detection (OpenAI, Anthropic, OpenRouter via ChatOpenAI + custom base_url, Bedrock via ChatBedrockConverse with lazy import)\r\n- **Model Display** — `formatModelDisplay()` helper cleans up prefixed model names in the AI Assistant badge and markdown export (e.g., `openrouter\u002Fmeta-llama\u002Fllama-4-maverick` → `llama-4-maverick (OR)`)\r\n- **Prompt Architecture** — tool registry extracted into dedicated `tool_registry.py`, attack path prompts (CVE exploit, brute force, post-exploitation) significantly reworked for better token efficiency and exploitation success rates\r\n- **curl-based Exploitation** — expanded curl-based vulnerability probing and no-module fallback workflows for when Metasploit modules aren't available\r\n- **kali_shell & execute_nuclei** — expanded to all phases (previously restricted)\r\n- **GVM Button** — disabled in stealth mode with tooltip explaining why\r\n- **README** — extensive updates: 4-provider documentation, AI Model Providers section, Kali sandbox tooling tables, new badges (400+ AI Models, Stealth Mode, Full Kill Chain, 30+ Security Tools, 9000+ Vuln Templates, 170K+ NVTs, 180+ Settings), version bump to v1.3.0\r\n","2026-02-19T22:18:27",{"id":188,"version":189,"summary_zh":190,"released_at":191},106252,"v1.2.0","### Added\r\n\r\n- **GVM Vulnerability Scanning** — full end-to-end integration of Greenbone Vulnerability Management (GVM\u002FOpenVAS) into the RedAmon pipeline:\r\n - Python scanner module (`gvm_scan\u002F`) with `GVMScanner` class wrapping the GMP protocol for headless API-based scanning\r\n - Orchestrator endpoints (`\u002Fgvm\u002F{id}\u002Fstart`, `\u002Fgvm\u002F{id}\u002Fstatus`, `\u002Fgvm\u002F{id}\u002Fstop`, `\u002Fgvm\u002F{id}\u002Flogs`) with SSE log streaming\r\n - Webapp API routes, `useGvmStatus` polling hook, `useGvmSSE` streaming hook, toolbar buttons, and log drawer on the Graph page\r\n - Neo4j graph integration — GVM findings stored as `Vulnerability` nodes (source=\"gvm\") linked to IP\u002FSubdomain via `HAS_VULNERABILITY`, with associated `CVE` nodes\r\n - JSON result download from the Graph page toolbar\r\n- **GitHub Secret Hunt** — automated secret and credential detection across GitHub organizations and user repositories:\r\n - Python scanner module (`github_secret_hunt\u002F`) with `GitHubSecretHunter` class supporting 40+ regex patterns for AWS, Azure, GCP, GitHub, Slack, Stripe, database connection strings, CI\u002FCD tokens, cryptographic keys, JWT\u002FBearer tokens, and more\r\n - High-entropy string detection via Shannon entropy to catch unknown secret formats\r\n - Sensitive filename detection (`.env`, `.pem`, `.key`, credentials files, Kubernetes kubeconfig, Terraform tfvars, etc.)\r\n - Commit history scanning (configurable depth, default 100 commits) and gist scanning\r\n - Organization member repository enumeration with rate-limit handling and exponential backoff\r\n - Orchestrator endpoints (`\u002Fgithub-hunt\u002F{id}\u002Fstart`, `\u002Fgithub-hunt\u002F{id}\u002Fstatus`, `\u002Fgithub-hunt\u002F{id}\u002Fstop`, `\u002Fgithub-hunt\u002F{id}\u002Flogs`) with SSE log streaming\r\n - Webapp API routes for start, status, stop, log streaming, and JSON result download\r\n - `useGithubHuntStatus` polling hook and `useGithubHuntSSE` streaming hook for real-time UI updates\r\n - Graph page toolbar integration with start\u002Fstop button, log drawer, and result download\r\n - JSON output with statistics (repos scanned, files scanned, commits scanned, gists scanned, secrets found, sensitive files, high-entropy findings)\r\n- **GitHub Hunt Per-Project Settings** — GitHub scan configuration is now configurable per-project via the webapp UI:\r\n - New \"GitHub\" section in Project Settings with token, target org\u002Fuser, and scan options\r\n - 7 configurable fields: Access Token, Target Organization, Scan Members, Scan Gists, Scan Commits, Max Commits, Output JSON\r\n - `github_secret_hunt\u002Fproject_settings.py` mirrors the recon\u002FGVM settings pattern (fetch from webapp API, fallback to defaults)\r\n - 7 new Prisma schema fields (`github_access_token`, `github_target_org`, `github_scan_members`, `github_scan_gists`, `github_scan_commits`, `github_max_commits`, `github_output_json`)\r\n- **GVM Per-Project Settings** — GVM scan configuration is now configurable per-project via the webapp UI:\r\n - New \"GVM Scan\" tab in Project Settings (between Integrations and Agent Behaviour)\r\n - 5 configurable fields: Scan Profile, Scan Targets Strategy, Task Timeout, Poll Interval, Cleanup After Scan\r\n - `gvm_scan\u002Fproject_settings.py` mirrors the recon\u002Fagentic settings pattern (fetch from webapp API, fallback to defaults)\r\n - Defaults served via orchestrator `\u002Fdefaults` endpoint using `importlib` to avoid module name collision\r\n - 5 new Prisma schema fields (`gvm_scan_config`, `gvm_scan_targets`, `gvm_task_timeout`, `gvm_poll_interval`, `gvm_cleanup_after_scan`)\r\n\r\n### Changed\r\n\r\n- **Webapp Dockerfile** — embedded Prisma CLI in the production image; entrypoint now runs `prisma db push` automatically on startup, eliminating the separate `webapp-init` container\r\n- **Dev Compose** — `docker-compose.dev.yml` now runs `prisma db push` before `npm run dev` to ensure schema is always in sync\r\n- **Docker Compose** — removed `webapp-init` service and `webapp_prisma_cache` volume; webapp handles its own schema migration\r\n\r\n### Removed\r\n\r\n- **`webapp-init` service** — replaced by automatic migration in the webapp entrypoint (both production and dev modes)\r\n- **`gvm_scan\u002Fparams.py`** — hardcoded GVM settings replaced by per-project `project_settings.py`\r\n","2026-02-14T06:56:18",{"id":193,"version":194,"summary_zh":195,"released_at":196},106253,"v1.1.0","### Added\r\n\r\n- **Attack Path System** — agent now supports dynamic attack path selection with two built-in paths:\r\n - **CVE Exploit** — automated Metasploit module search, payload configuration, and exploit execution\r\n - **Brute Force Credential Guess** — service-level brute force with configurable wordlists and max attempts per service\r\n- **Agent Guidance** — send real-time steering messages to the agent while it works, injected into the system prompt before the next reasoning step\r\n- **Agent Stop & Resume** — stop the agent at any point and resume from the last LangGraph checkpoint with full context preserved\r\n- **Project Creation UI** — full frontend project form with all configurable settings sections:\r\n - Naabu (port scanner), Httpx (HTTP prober), Katana (web crawler), GAU (passive URLs), Kiterunner (API discovery), Nuclei (vulnerability scanner), and agent behavior settings\r\n- **Agent Settings in Frontend** — transferred agent configuration parameters from hardcoded `params.py` to PostgreSQL, editable via webapp UI\r\n- **Metasploit Progress Streaming** — HTTP progress endpoint (port 8013) for real-time MSF command tracking with ANSI escape code cleaning\r\n- **Metasploit Session Auto-Reset** — `msf_restart()` MCP tool for clean msfconsole state; auto-reset on first use per chat session\r\n- **WebSocket Integration** — real-time bidirectional communication between frontend and agent orchestrator\r\n- **Markdown Chat UI** — react-markdown with syntax highlighting for agent chat messages\r\n- **Smart Auto-Scroll** — chat only auto-scrolls when user is at the bottom of the conversation\r\n- **Connection Status Indicator** — color-coded WebSocket connection status (green\u002Fred) in the chat interface\r\n\r\n### Changed\r\n\r\n- **Unified Docker Compose** — replaced per-module `.env` files and `start.sh`\u002F`stop.sh` scripts with a single root `docker-compose.yml` and `docker-compose.dev.yml` for full-stack orchestration\r\n- **Settings Source of Truth** — migrated all recon and agent settings from hardcoded `params.py` to PostgreSQL via Prisma ORM, fetched at runtime via webapp API\r\n- **Recon Pipeline Improvements** — multi-level improvements across all recon modules for reliability and accuracy\r\n- **Orchestrator Model Selection** — fixed model selection logic in the agent orchestrator\r\n- **Frontend Usability** — unified RedAmon primary crimson color (#d32f2f), styled message containers with ghost icons and gradient backgrounds, improved markdown heading and list spacing\r\n- **Environment Configuration** — added root `.env.example` with all required keys; forwarded NVD_API_KEY and Neo4j credentials from recon-orchestrator to spawned containers\r\n- **Webapp Header** — replaced Crosshair icon with custom logo.png image, bumped logo text size\r\n\r\n### Fixed\r\n\r\n- **Double Approval Dialog** — fixed duplicate approval confirmation with ref-based state tracking\r\n- **Orchestrator Model Selection** — corrected model selection logic when switching between AI providers\r\n\r\n---\r\n","2026-02-08T15:12:37"]