A groundbreaking open-source security tool, RedAmon, is reshaping the landscape of automated penetration testing. By seamlessly integrating reconnaissance, exploitation, and post-exploitation processes with AI-driven triage and automated code remediation, RedAmon offers a comprehensive security solution. The system culminates in a GitHub pull request, providing a pre-written fix for identified vulnerabilities.
Innovative Framework and Architecture
RedAmon’s modular framework is built on Docker, negating the need to install security tools directly on a host system. The platform’s design revolves around six key components: a parallelized Reconnaissance Pipeline, an AI Agent Orchestrator, an Attack Surface Graph, EvoGraph for cross-session intelligence, the CypherFix remediation engine, and an extensive Project Settings Engine with over 500 parameters. This structured approach ensures a streamlined and effective penetration testing process.
Advanced Reconnaissance and AI Integration
The platform’s reconnaissance pipeline activates more than 40 industry-standard security tools, such as Subfinder, Amass, and Nuclei, within a Kali Linux container. These tools’ outputs are integrated into a Neo4j knowledge graph, featuring 17 node types and over 20 relationship types, allowing the AI agent to rapidly map a structured attack surface. Furthermore, the AI Gauntlet module extends reconnaissance capabilities, using tools like garak and PyRIT to test for vulnerabilities such as prompt injection and data leakage, aligning with OWASP-LLM and MITRE-ATLAS standards.
Autonomous Agents and Remediation
Central to RedAmon is a LangGraph-based autonomous agent following the ReAct (Reasoning + Acting) pattern. Operating through informational, exploitation, and post-exploitation phases, it leverages over 14 security tools, including Metasploit and Hydra, within a sandboxed environment. The Fireteam mode enables simultaneous operations by multiple sub-agents, enhancing efficiency.
Unlike typical offensive tools, RedAmon includes CypherFix, a two-agent remediation pipeline. The Triage Agent processes findings in the Neo4j graph, while the CodeFix Agent makes targeted codebase adjustments, creating a GitHub pull request for review. This system is not fully autonomous; human oversight is incorporated through a Tool Confirmation system, which allows manual intervention during critical operations.
Developed by Samuele Giampieri, an experienced AI Platform Architect, and Ritesh Gohil, a seasoned Cyber Security Engineer, RedAmon supports various LLM providers, including OpenAI and AWS Bedrock. It is accessible on GitHub, offering an innovative and comprehensive solution for modern cybersecurity challenges.
