Darkmoon

Darkmoon is an open-source, self-hosted autonomous penetration testing platform. It employs specialized methodology agents and integrated offensive security tools to assess Active Directory, Kubernetes, and cloud environments for professional pent...

Darkmoon

About Darkmoon

Darkmoon is an open-source, self-hosted autonomous penetration testing platform (GitHub) built by professional pentesters. It combines 18 specialized methodology agents with over 80 integrated offensive security tools to assess Active Directory, Kubernetes, cloud infrastructure, APIs, CMSs, and networks. The platform generates evidence-backed findings, attack paths, and publication-ready reports, and all methodology files are stored as plain Markdown mapped to MITRE ATT&CK and NIST 800-115.

Review

Darkmoon splits penetration testing automation into two layers: an AI orchestrator that plans and prioritizes actions, and a separate execution layer that runs commands via an MCP-based tool gateway. The orchestrator fingerprints the target and selects a methodology, then delegates tool execution - the AI never executes commands directly. This review looks at the current feature set and the tradeoffs that come with the design.

Key Features

  • 18 methodology agents covering Active Directory, Kubernetes, WordPress, Drupal, Magento, GraphQL, PHP, Node.js, ASP.NET, Spring Boot, and network infrastructure assessments.
  • Over 80 offensive security tools integrated: Nuclei, SQLMap, NetExec, BloodHound, Impacket, FFUF, Hydra, Kubescape, and others.
  • Methodologies stored as plain Markdown files, with mappings to MITRE ATT&CK and NIST 800-115, allowing review, customization, version control, and audit.
  • Findings backed by evidence - each includes executed commands, raw tool outputs, severity ratings, and infrastructure maps.
  • Docker-based deployment with a single docker compose command, MCP-based tool orchestration, and support for bringing your own LLM (OpenAI, Anthropic, Ollama, llama.cpp).

Pricing and Value

The open-source Community Edition is free and distributed under GPLv3. A Professional Edition adds a session history interface, campaign-level dashboards, historical vulnerability views, and interactive trend visualizations. Pricing for the Professional Edition is not yet defined. Independent of edition, each assessment run incurs API costs for the chosen language model provider.

Pros

  • Methodology logic lives in transparent Markdown files, making agent behaviour auditable and modifiable without reverse-engineering prompts.
  • The AI planning layer is separated from tool execution; all commands go through controlled MCP workflows, reducing the risk of arbitrary or hallucinated actions.
  • Evidence trail that captures commands, raw tool outputs, and reasoning paths supports client review and audit requirements.
  • Integrates 80+ existing offensive tools, so teams can keep using familiar scanners while the orchestrator connects them into a coherent workflow.
  • Self-hosted and telemetry-free - assessment data stays entirely within the user's infrastructure.

Cons

  • Active Directory and web assessments are the most mature areas; cloud infrastructure coverage is acknowledged as still evolving.
  • Not designed for teams that want fully autonomous hacking without human validation - the platform aims to assist pentesters, not replace their judgment.
  • Setup and customization require comfort with Docker and the command line, which may be a barrier for less technical users.

Darkmoon should appeal to professional penetration testers and security teams seeking auditable, evidence-backed assessments across Active Directory, on-prem networks, and web applications. Organizations needing extensive cloud coverage or a hands-off AI-only testing product will likely find it less complete for those scenarios today. Its open-source foundation and plain-text methodologies give teams the flexibility to adapt it to internal processes, though they should plan for the LLM API costs that come with each run.



Open 'Darkmoon' Website
Get Daily AI Tools Updates

Your membership also unlocks:

700+ AI Courses
700+ Certifications
Personalized AI Learning Plan
6500+ AI Tools (no Ads)
Daily AI News by job industry (no Ads)

Join thousands of clients on the #1 AI Learning Platform

Explore just a few of the organizations that trust Complete AI Training to future-proof their teams.