Darkmoon orchestrates 18 specialized AI agents across your entire attack surface — web, APIs, cloud, Active Directory, Kubernetes — and delivers live findings, interactive infra graphs, and publication-ready reports.
Darkmoon reasons about your target, models the attack surface, and dispatches the right agents — sequentially or in parallel — with full cascade control.
The master agent detects 14 technology signals and routes the campaign to the right specialists. Cascade depth capped at 3 levels — no runaway recursion.
Every finding, infrastructure node, and agent event is streamed live to the dashboard via SSE. You watch the pentest unfold as it happens.
ISO 27001, HackerOne, Bugcrowd, or custom formats. Markdown + branded PDF with CVSS, MITRE ATT&CK mapping, evidence, and remediation — auto-generated.
Enter a URL, IP, or scoped program. Darkmoon parses scope flags, credentials, noise level, severity threshold, and engagement rules.
Subfinder, httpx, katana, whatweb, wafw00f, and naabu build a complete picture: subdomains, ports, services, technologies, WAFs.
Specialized agents test attack paths, pivot when justified, and push confirmed findings with full evidence to the live campaign.
Infrastructure nodes and vulnerabilities stream to the dashboard in real time. The infra graph updates as the topology is discovered.
Executive summary, risk score, CVSS vectors, MITRE ATT&CK IDs, ISO 27001 controls, remediation logic — Markdown and branded PDF.
Live campaigns, vulnerability history, infrastructure graphs, risk scores — everything surfaced in a purpose-built dark dashboard.
Security for everyone. Complexity for no one.
The master agent detects your target's technology stack and dispatches the right specialists automatically. Each agent is a domain expert with its own attack playbook.
SQLi, XSS (reflected/stored/DOM), SSRF, IDOR, RCE, SSTI, deserialization, JWT abuse, file upload, path traversal — validated with real payloads, not just signatures.
RBAC escalation, DIND exploitation, node escape, etcd SSRF, privilege container breakout, crypto miner detection, Helm Tiller abuse, CIS benchmark via kube-bench.
AS-REP roasting, Kerberoasting, BloodHound collection, NTLM relay, LSASS dump, DCSync, ADCS ESC1-ESC8, Golden/Silver ticket, pass-the-hash / pass-the-ticket.
Darkmoon wraps the industry-standard offensive security toolkit inside an AI orchestration layer that knows when and how to use each tool.
Darkmoon orchestrates an end-to-end offensive campaign — it reasons about target type, dispatches domain specialists, validates findings with real payloads, builds an infrastructure graph, and produces a structured report. A scanner runs one-pass signatures. Darkmoon runs a pentest.
You watch it happen. Every agent event, tool call, finding, and infrastructure discovery streams to the dashboard in real time via SSE. The infra graph and vulnerability list update as the campaign progresses.
Yes. The built-in scheduler supports one-time, daily, weekly, and monthly recurrences with configurable intervals. All campaign parameters — scope, credentials, noise level, format — are preserved per scheduled entry.
ISO 27001 standard, HackerOne, Bugcrowd (VRT / P1–P5), and custom format. All reports include CVSS 3.1 scoring, MITRE ATT&CK mapping, ISO 27001 controls, raw evidence, and remediation guidance. PDF export includes a branded cover page and is password-protected.
Darkmoon uses hardware-bound licensing via Cryptolens. Your licence key is tied to a machine fingerprint derived from your hardware (MAC address, CPU model) — it cannot be cloned or moved to another machine by changing an environment variable.
Darkmoon includes configurable noise levels (stealth / low / moderate), safe harbor mode, out-of-scope enforcement, and per-agent scope propagation. The runtime is hardened with a read-only filesystem, seccomp, no-new-privileges, and continuous watchdog checks.
