Darkmoon

Darkmoon is an autonomous AI-powered penetration testing platform built by ASC-IT in Toulouse, France. It orchestrates 18 specialized AI agents and over 80 integrated security tools to conduct end-to-end offensive security campaigns without manual intervention. The core engine is open source under GPLv3, with a commercial Pro licence adding a hardened sealed runtime, managed live command center, and branded reporting.

What It Is

Darkmoon sits in the autonomous offensive security category — it is not a passive vulnerability scanner but a multi-agent system that reasons about a target, fingerprints the technology stack, models the attack surface, dispatches domain-specific sub-agents, validates findings with real payloads, and generates structured audit reports. The platform is built around a strict security-by-design principle: the AI never directly executes tools. All tool calls flow through an MCP (Model Context Protocol) gateway that acts as a controlled execution layer, keeping the AI reasoning layer isolated from the actual toolbox.

Architecture: AI Brain, MCP Gatekeeper, Docker Toolbox

The execution pipeline follows a clear separation of concerns:

• OpenCode (AI Brain) — reasons, plans, and delegates tasks to sub-agents
• MCP Darkmoon (Security Gatekeeper) — validates and routes every tool call
• Docker Toolbox — runs isolated security tools inside containers

The master orchestrator agent detects up to 14 technology signals from the target and routes the campaign to the appropriate specialists, either sequentially or in parallel, with cascade depth capped at three levels to prevent runaway recursion. A live SSE (Server-Sent Events) dashboard streams every finding, infrastructure node, and agent event in real time.

Agent Coverage and Toolbox

Darkmoon ships 18 specialized agents covering:

• Web & API exploitation — SQLi, XSS, SSRF, IDOR, RCE, SSTI, deserialization, JWT abuse, file upload, and path traversal, validated with real payloads
• Kubernetes attack chains — RBAC escalation, DIND exploitation, node escape, etcd SSRF, privileged container breakout, crypto-miner detection, and CIS benchmarking
• Active Directory takeover — AS-REP roasting, Kerberoasting, BloodHound, NTLM relay, LSASS dump, DCSync, and ADCS ESC1–ESC8, Golden & Silver tickets
• CMS-specific agents — WordPress, Drupal, Joomla, Magento, PrestaShop, Moodle
• Stack-specific agents — PHP/Laravel, Node/Express, NestJS/Next.js, Flask/Django, ASP.NET/Blazor, Spring Boot, Ruby on Rails

The integrated toolbox includes subfinder, httpx, naabu, katana, nuclei, ffuf, wpscan, sqlmap, hydra, hashcat, netexec, BloodHound, Impacket, mimikatz, kubectl, kubescape, and more — all coordinated through the MCP gateway.

Runtime Security Model

The Pro licence adds a hardened sealed runtime with several tamper-resistance mechanisms:

• AES-256-GCM sealed storage with keys derived from the licence and hardware fingerprint, resealed every 30 seconds
• Hardware-bound licensing derived from MAC address and CPU model
• SHA-256 binary integrity watchdog re-verifying critical binaries every 2 seconds, triggering immediate zeroize on tampering
• Continuous debugger and tracer detection (gdb, strace, ltrace, frida, lldb)
• Read-only rootfs with tmpfs writable paths, seccomp, and no-new-privileges
• Secret redaction scrubbing model API keys and licence keys from all log output

Update: Darkmoon v1.1.0

The GitHub repository shows the latest release as v1.1.0 — "Authoritative reporting & adversarial qualification", published on 15 June 2026. The repository was last pushed on 19 June 2026, indicating active development. The project is written primarily in Python and has accumulated 408 stars and 71 forks on GitHub as of the data snapshot. Three deployment paths are offered: self-hosted licence via Docker, a managed Pentest on Demand service where ASC-IT experts run the engagement, and a Partner/MSSP reseller program with Stripe-powered billing.