Home

RedAmon Wiki

Legal Disclaimer: This tool is intended for authorized security testing, educational purposes, and research only. Never use this system to scan, probe, or attack any system you do not own or have explicit written permission to test. Read the full disclaimer.

Welcome to the RedAmon user guide — a comprehensive, step-by-step reference for getting started with and mastering every feature of the RedAmon AI-powered red team framework.

New here? Start with Getting Started to install and launch RedAmon, then follow the guide sequentially.

---

Quick Navigation

Getting Started

Page	What You'll Learn
Getting Started	Prerequisites, installation, environment setup, first launch
User Management	Creating users, switching between users, deleting users
Creating a Project	Setting up a target (domain or IP/CIDR), configuring scan modules, the 12-tab project form
Global Settings	LLM providers, tool API keys (Tavily, Shodan, SerpAPI), attack skill management

Core Workflow

Page	What You'll Learn
The Graph Dashboard	Main interface tour — toolbar, 2D/3D graph, data table, node details, bottom bar
Running Reconnaissance	Starting scans, real-time logs, the parallelized fan-out/fan-in pipeline, downloading results
AI Agent Guide	Chat interface, agent phases, Wave Runner (parallel tools), approval workflows, guidance, reports
Remote Shells	Live session interaction, Command Whisperer, meterpreter/shell management, session upgrade

Scanning & OSINT

Page	What You'll Learn
GVM Vulnerability Scanning	Network-level scanning with OpenVAS, scan profiles, viewing results
GitHub Secret Hunting	Creating a GitHub token, configuring and running secret scans

AI & Automation

Page	What You'll Learn
AI Model Providers	Setting up OpenAI, Anthropic, Ollama, OpenRouter, AWS Bedrock
Attack Skills	Built-in skills (CVE, brute force, phishing), user-defined attack skills, classification badge, skill authoring
CypherFix — Automated Remediation	Vulnerability triage, remediation dashboard, CodeFix agent, diff review, PR creation
Rules of Engagement (RoE)	Document upload, LLM parsing, enforcement layers, RoE viewer, settings reference

Analysis & Reporting

Page	What You'll Learn
Insights Dashboard	Analytics overview — KPI cards, attack chain charts, vulnerability intelligence, graph overview
Pentest Reports	Report generation, templates, export formats
Attack Surface Graph	Neo4j graph schema — 17 node types, 20+ relationships
EvoGraph — Attack Chain Evolution	Evolutive attack chain graph — 5 node types, bridge relationships, cross-session learning
Data Export & Import	Exporting projects, downloading scan data, Excel export

Reference & Help

Page	What You'll Learn
Project Settings Reference	Complete reference for all 180+ configurable parameters
Troubleshooting	Common issues, container management, GVM feed sync

---

What is RedAmon?

RedAmon is an AI-powered agentic red team framework that automates offensive security operations — from reconnaissance to exploitation to post-exploitation — with zero human intervention. Everything runs inside Docker containers: no security tools needed on your host machine.

Key capabilities:

• Automated Reconnaissance — parallelized fan-out/fan-in scanning pipeline that maps an entire attack surface from a domain or IP/CIDR targets
• AI-Powered Pentesting — autonomous agent that reasons, selects tools, executes exploits, and runs independent tools in parallel via Wave Runner
• Network Vulnerability Scanning — GVM/OpenVAS integration with 170,000+ NVTs
• GitHub Secret Hunting — discover leaked credentials and API keys
• Attack Surface Graph — Neo4j knowledge graph with 17 node types + EvoGraph evolutionary attack chain tracking
• 180+ Project Settings — fine-grained control over every tool and behavior
• 400+ AI Models — support for 5 providers including local models via Ollama