The autonomous offensive security platform.
80+ integrated tools — every one coordinated by AI
Not a scanner. An autonomous security conductor.
Pricing
Open source at the core. One licence to run the full autonomous platform.
18 specialists. One orchestrator. Zero manual pivoting.
Built like a vault.
Runs like a weapon.
Claude's power.
Your data never leaves.
No sensitive data is ever sent to the LLM.
Deterministic tokens (same value → same placeholder), Fernet-encrypted in memory, never logged.
Context-aware rehydration of whitelisted fields only, two-pass output sanitisation.
Exfiltration blocked: placeholder in a URL, external host, echo/print, POST body, /dev/tcp, nc/telnet.
22/22 tests across the 7 required guarantees. Live on OWASP Juice Shop with the gateway active the whole run: 56 vulnerabilities found, 36 exploited — the model never saw a single real IP or email.
PrivacyVault
Per-session deterministic tokenization. The mapping lives only in memory — HMAC-deduplicated, Fernet-encrypted — and no raw value is ever retained or loggable.
CommandGateway
Rehydrates real values context-aware (never a naive global replace), gatekeeps every command against exfiltration, and sanitises output in two passes.
Reversible tokenization + anti-exfiltration gateway ship open-source. Sealed vault, rehydration audit trail and compliance proof are Pro.
Three ways to run Darkmoon.
- Legal framework & authorizations included
- Run end to end by our security experts
- Debriefed report in a secure client space
Questions security teams ask first.
How is Darkmoon different from a vulnerability scanner?Platform
Darkmoon orchestrates an end-to-end offensive campaign — it reasons about the target, dispatches domain specialists, validates findings with real payloads, builds an infrastructure graph and produces a structured report. A scanner runs one-pass signatures. Darkmoon runs a pentest.
Why does the AI never get shell access?Architecture
By design. The model plans and reasons, but every tool invocation passes through an MCP gateway that validates and gatekeeps the call. The model never executes a shell directly — which keeps the engagement auditable, bounded and safe. The whole architecture is open source.
Is Darkmoon really open source?Open source
Yes. The engine is published on GitHub at ASCIT31/Dark-Moon under the GPLv3 licence. You can read the orchestration logic, the agent playbooks and the MCP layer, and self-host it. The commercial licence adds the hardened runtime, the managed dashboard and support.
What report formats does Darkmoon produce?Reporting
ISO 27001 standard, HackerOne, Bugcrowd (VRT / P1–P5) and a custom format. Every report includes CVSS 3.1 scoring, MITRE ATT&CK mapping, ISO 27001 controls, raw evidence and remediation guidance. PDF export is branded and password-protected.
How does licensing work?Licensing
Darkmoon uses hardware-bound licensing. Your licence key is tied to a machine fingerprint derived from your hardware (MAC address, CPU model) — it cannot be cloned or moved to another machine by changing an environment variable.
Is it safe to run against production environments?Safety
Darkmoon includes configurable noise levels (stealth, low, moderate), safe-harbor mode, out-of-scope enforcement and per-agent scope propagation. The runtime is hardened with a read-only filesystem, seccomp, no-new-privileges and continuous watchdog checks.