{"id":51496640,"url":"https://github.com/ASCIT31/Dark-Moon","last_synced_at":"2026-07-07T16:00:39.955Z","repository":{"id":353589967,"uuid":"894433723","full_name":"ASCIT31/Dark-Moon","owner":"ASCIT31","description":"Autonomous AI pentesting engine performing continuous offensive security across web, cloud, AD and Kubernetes. Uses agentic reasoning, real exploit execution and attack path analysis to deliver proof-based vulnerabilities.","archived":false,"fork":false,"pushed_at":"2026-07-02T07:01:48.000Z","size":46764,"stargazers_count":640,"open_issues_count":2,"forks_count":113,"subscribers_count":9,"default_branch":"master","last_synced_at":"2026-07-02T08:15:45.242Z","etag":null,"topics":["ai-agents","ai-security-tool","autonomous-agents","cybersecurity","llm","multi-agent-systems","offensive-security","penetration-testing","pentesting","security-automation"],"latest_commit_sha":null,"homepage":"https://dark-moon.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ASCIT31.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security-threat-model.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-26T10:54:02.000Z","updated_at":"2026-07-02T07:01:52.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ASCIT31/Dark-Moon","commit_stats":null,"previous_names":["ascit31/dark-moon"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ASCIT31/Dark-Moon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASCIT31%2FDark-Moon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASCIT31%2FDark-Moon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASCIT31%2FDark-Moon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASCIT31%2FDark-Moon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ASCIT31","download_url":"https://codeload.github.com/ASCIT31/Dark-Moon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASCIT31%2FDark-Moon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35234127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-07T02:00:07.222Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-security-tool","autonomous-agents","cybersecurity","llm","multi-agent-systems","offensive-security","penetration-testing","pentesting","security-automation"],"created_at":"2026-07-07T16:00:29.741Z","updated_at":"2026-07-07T16:00:39.946Z","avatar_url":"https://github.com/ASCIT31.png","language":"Python","funding_links":[],"categories":["Securing AI SaaS","Applications"],"sub_categories":["Offensive Tools and Frameworks","Autonomous Agent Task Solver Projects"],"readme":"\u003cdiv align=\"center\"\u003e\n\n![DarkMoon Logo](docs/pics/logo_blue.png)\n\n**The Open-Source AI-Powered Autonomous Penetration Testing Platform**\n\n[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![GitHub stars](https://img.shields.io/github/stars/ASCIT31/darkmoon.svg?style=social\u0026label=Star)](https://github.com/ASCIT31/Dark-Moon)\n\n[Full Documentation](docs/full.md) · [Contributing](CONTRIBUTING.md) · [License](LICENSE)\n\n\u003c/div\u003e\n\n---\n\n## What is DarkMoon?\n\nDarkMoon is an **automated penetration testing tool** that orchestrates complete security assessments using **artificial intelligence security** agents. Built as an open-source **cybersecurity tool**, it enables organizations to run professional-grade **vulnerability assessments** without manual intervention.\n\nInstead of replacing the pentester, DarkMoon acts as an **autonomous security testing system** — it reasons, plans, and coordinates specialized agents that execute real offensive security operations through a controlled execution layer.\n\n\u003cdiv\u003e\n  \u003ca href=\"https://youtu.be/1bFRVuMkZzY?si=peKxwuxzbXBnb2zO\"\u003e\n    \u003cimg src=\"docs/pics/darkmoon-youtube.png\" /\u003e\n  \u003c/a\u003e\n\n  \u003cp\u003e\u003cstrong\u003eWatch DarkMoon in action — Full autonomous penetration test demo\u003c/strong\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n---\n\n## Why DarkMoon?\n\nTraditional **penetration testing** is:\n\n- ⏱️ **Time-consuming** — manual testing takes weeks\n- 💰 **Expensive** — expert consultants cost thousands per day\n- 🔄 **Inconsistent** — results vary by tester expertise\n- 📊 **Hard to scale** — limited by human resources\n\nDarkMoon solves this with **AI penetration testing**:\n\n- 🤖 **AI-powered pentesting** — autonomous agents conduct full security assessments end-to-end\n- 🛡️ **Security by design** — the AI never directly executes tools; all actions flow through a controlled MCP interface\n- ♾️ **Pentesting automation for CI/CD** — run **automated security testing** post-build to catch critical vulnerabilities before production\n- 🔧 **50+ integrated tools** — a comprehensive **penetration testing tools suite** (Nuclei, NetExec, BloodHound, sqlmap, Naabu, httpx, ffuf, and more)\n- 📈 **Adaptive multi-agent methodology** — specialized agents for Web, Active Directory, Kubernetes, Network, CMS, and more\n- 📝 **Vulnerability reporting automation** — structured, evidence-based reports generated automatically\n\nPerfect for **security teams**, **DevSecOps engineers**, **ethical hacking** professionals, and organizations of all sizes.\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- Docker \u0026 Docker Compose\n- An LLM API key (OpenRouter, Anthropic, OpenAI, or local models)\n\n\u003e **Note:** GPU configuration, NVIDIA driver troubleshooting, and advanced environment setup are covered in the [Full Documentation — GPU Troubleshooting](docs/full.md#ii2--darkmoon--gpu-troubleshooting-guide-official).\n\n### Installation\n\n**1. Clone the repository**\n\n```bash\ngit clone https://github.com/ASCIT31/Dark-Moon.git\ncd Dark-Moon\n```\n\n**2. Configure your LLM provider**\n\n`install.sh` handles provider configuration interactively — no need to edit `docker-compose.yml`:\n\n```bash\n./install.sh           # skip form if .opencode.env already configured\n./install.sh --init    # force reconfiguration (cloud or local model)\n./install.sh --help    # show usage\n```\n\nSupports **cloud providers** (Anthropic, OpenAI, OpenRouter…) and **local models** (Ollama, llama.cpp).\n\n\u003e **Note:** For full details on environment variables and local model setup, see the [Full Documentation — Environment Variables](docs/full.md#ii3-configuration-of-environment-variables).\n\n**3. Build and launch**\n\n```bash\n./install.sh  # Clean install with full stack reset\n```\n\n**4. Run your first assessment**\n\n```bash\n./darkmoon.sh \"TARGET: example.com\"\n```\n\n**5. Monitor in real-time**\n\n```bash\n./darkmoon.sh --log \u003csession_id\u003e\n```\n\n\u003e **Note:** Real-time session logs display every command executed by the MCP server. See [Full Documentation — Session Logs](docs/full.md#ii7e-step-1--start-an-assessment) for details.\n\n---\n\n## How It Works\n\nDarkMoon operates as a strategic **AI security agent** orchestrator aligned with ISO 27001, NIST SP 800-115, and MITRE ATT\u0026CK methodologies.\n\nWhen you provide a target, the platform automatically:\n\n1. 🔍 **Discovers** the target environment (ports, services, protocols)\n2. 🧠 **Fingerprints** the technology stack (frameworks, CMS, APIs)\n3. 🎯 **Models** the attack surface\n4. 🚀 **Deploys** specialized sub-agents based on detected technologies\n5. 🔬 **Executes** an **intelligent vulnerability scanning** loop with reactive adaptation\n6. ✅ **Validates** findings with evidence (requests, payloads, responses)\n7. 📝 **Generates** a structured audit report\n\n### Sub-Agent Orchestration\n\nDarkMoon dynamically selects and dispatches specialized agents depending on the technologies discovered:\n\n| Detected Technology | Agent Triggered |\n|---|---|\n| WordPress, Drupal, Joomla, Magento, PrestaShop, Moodle | CMS-specific agent |\n| PHP, Node.js, Flask, ASP.NET, Spring Boot, Ruby on Rails | Stack-specific agent |\n| GraphQL | GraphQL agent |\n| Active Directory | AD agent |\n| Kubernetes | Kubernetes agent |\n| Headless browser required | Headless browser agent |\n\nMultiple agents can execute **in parallel** across hybrid architectures.\n\n\u003e **Note:** For the complete list of agents, their structure, lifecycle, and how to create custom agents, see [Full Documentation — AI Agents](docs/full.md#v-ai-agents).\n\n### Architecture Overview\n\n```\nUser ──\u003e DarkmoonCLI ──\u003e OpenCode (AI Brain) ──\u003e MCP (Security Gatekeeper) ──\u003e Docker Toolbox (Real Tools)\n```\n\n```mermaid\nsequenceDiagram\n  participant U as User\n  participant O as OpenCode\n  participant A as AI Agent\n  participant M as MCP Darkmoon\n  participant T as Docker Toolbox\n\n  U-\u003e\u003eO: User prompt\n  O-\u003e\u003eA: Delegate task\n  A-\u003e\u003eM: MCP function call\n  M-\u003e\u003eT: Execute real tool\n  T--\u003e\u003eM: Results\n  M--\u003e\u003eA: Structured output\n  A--\u003e\u003eO: Next decision\n  O--\u003e\u003eU: Summary / result\n```\n\nThe AI reasons and plans. The MCP controls what can be executed. The Toolbox runs isolated tools inside Docker. **The AI never directly touches the system** — this is **security by design**.\n\n\u003e **Note:** For the full architecture breakdown (deployment diagrams, network flows, security boundaries), see [Full Documentation — Architecture](docs/full.md#iv-architecture).\n\n---\n\n## Scope Definition\n\nDarkMoon supports flexible scope definition directly from the command line.\n\n**Quick pentest (zero config):**\n\n```bash\n./darkmoon.sh \"TARGET: http://172.19.0.3:3000\"\n```\n\n**Bug bounty mode (flags activate automatically):**\n\n```bash\n./darkmoon.sh \"TARGET: http://172.19.0.3:3000 PROGRAM=\\\"Juice Shop\\\" FOCUS=sqli,xss,idor NOISE=moderate FORMAT=h1\"\n```\n\nKey flags include `FOCUS`, `EXCLUDE`, `CREDS`, `TOKEN`, `NOISE`, `SEVERITY`, `FORMAT`, and more — all interpreted naturally by the AI.\n\n\u003e **Note:** For the complete flags reference, asset types, EXCLUDE/FOCUS free-form syntax, and advanced multi-target scoping, see [Full Documentation — Scope Definition](docs/full.md#ii7c-launch-darkmoon-with-tui-console).\n\n---\n\n## Integrated Toolbox\n\nDarkMoon ships with a purpose-built Docker image containing **50+ security tools** compiled and optimized in a multi-stage build:\n\n| Category | Tools (examples) |\n|---|---|\n| Port scanning | Naabu, Masscan |\n| Web scanning | Nuclei, ffuf, dirb, sqlmap, Arjun, wafw00f |\n| Recon \u0026 crawling | Subfinder, Katana, Waybackurls, httpx |\n| CMS | WPScan, CMSeeK, WhatWeb |\n| Active Directory | NetExec, BloodHound, Impacket (30+ scripts) |\n| Kubernetes | kubectl, Kubescape, Kubeletctl |\n| Network | Hydra, curl, dig, SNMP tools |\n| Browser | Lightpanda (headless) |\n\nAll tools are directly accessible — no path configuration needed.\n\n\u003e **Note:** For the complete tools list with installation details and how to add new tools, see [Full Documentation — Toolbox](docs/full.md#vi-toolbox).\n\n---\n\n## 📖 Documentation Guide\n\nDarkMoon's [Full Documentation](docs/full.md) covers everything you need to operate the platform. Here is a quick reference to the most important sections:\n\n| Topic | What You'll Find | Link |\n|---|---|---|\n| **GPU \u0026 Driver Setup** | NVIDIA troubleshooting for Docker, WSL, and native Linux | [GPU Guide](docs/full.md#ii2--darkmoon--gpu-troubleshooting-guide-official) |\n| **Environment Variables** | LLM provider configuration, API keys, model selection | [Environment Config](docs/full.md#ii3-configuration-of-environment-variables-in-docker-compose) |\n| **Startup \u0026 Build** | install.sh behavior, docker compose build, stack management | [Build \u0026 Launch](docs/full.md#ii6-build-and-launch-darkmoon) |\n| **Scope \u0026 Flags** | TARGET syntax, bug bounty mode, FOCUS/EXCLUDE, credentials | [Scope Definition](docs/full.md#ii7c-launch-darkmoon-with-tui-console) |\n| **Assessment Workflow** | Step-by-step: discovery, fingerprinting, agents, reporting | [Assessment Engine](docs/full.md#ii7d-how-to-use-the-darkmoon-assessment-engine) |\n| **Real-Time Session Logs** | Monitor commands executed by the MCP server live | [Session Logs](docs/full.md#ii7e-step-1--start-an-assessment) |\n| **AI Agents** | Agent structure, lifecycle, how to create or modify agents | [AI Agents](docs/full.md#v-ai-agents) |\n| **Architecture** | Deployment diagrams, security boundaries, execution flow | [Architecture](docs/full.md#iv-architecture) |\n| **Toolbox** | Complete tool list, adding tools, Docker image internals | [Toolbox](docs/full.md#vi-toolbox) |\n| **MCP Workflows** | Workflow structure, creating custom workflows, best practices | [MCP Workflows](docs/full.md#vii-mcp-workflows) |\n| **Available Tools List** | Full table of 50+ tools with paths and sources | [Tools List](docs/full.md#vi10-toolbox-list) |\n| **Training Labs** | Recommended vulnerable labs to train DarkMoon | [Pentester Labs](docs/full.md#vi11-bonus-pentester-lab-to-train-darkmoon) |\n\n---\n\n## Use Cases\n\nDarkMoon is designed as a versatile **security testing platform** for:\n\n- 🔒 **Security teams** — run continuous **automated penetration testing** across your infrastructure\n- ⚙️ **DevSecOps pipelines** — integrate **AI-driven security research** into CI/CD workflows\n- 🎯 **Bug bounty hunters** — accelerate **ethical hacking** with autonomous target analysis\n- 🔬 **Security researchers** — explore attack surfaces with an **AI cybersecurity platform** that adapts in real time\n- 🎓 **Training \u0026 education** — learn offensive security with guided, reproducible assessments\n\n---\n\n## Example Prompts\n\n```bash\n# Web application pentest\n./darkmoon.sh \"TARGET: http://172.19.0.3:3000\"\n\n# Active Directory assessment\n./darkmoon.sh \"TARGET: 192.168.1.10\"\n\n# Bug bounty with specific focus\n./darkmoon.sh \"TARGET: https://app.example.com PROGRAM=\\\"Example BB\\\" FOCUS=sqli,rce,ssrf EXCLUDE=H1 FORMAT=h1\"\n```\n\n\u003e **Note:** For more prompt examples including DVGA, Juice Shop, and headless browser scenarios, see [Full Documentation — Prompt Examples](docs/full.md#iii-uses).\n\n---\n\n## Contributing\n\nDarkMoon is open source and welcomes contributions. Whether you want to add new agents, integrate tools, create workflows, or improve documentation — see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n---\n\n## License\n\nThis project is licensed under the **GNU General Public License v3.0**. See [LICENSE](LICENSE) for details.\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Built by ASC-IT with 💚 for the global security community**\n\n🔒 Open Source · 🤖 AI-Powered · 🇫🇷 Made in France\n\n[⭐ Star us on GitHub](https://github.com/ASCIT31/darkmoon) · [📖 Full Documentation](docs/full.md) · [▶️ Watch the Demo](https://youtu.be/1bFRVuMkZzY?si=peKxwuxzbXBnb2zO)\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FASCIT31%2FDark-Moon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FASCIT31%2FDark-Moon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FASCIT31%2FDark-Moon/lists"}