# Darkmoon > Autonomous AI penetration testing platform with 18 specialized agents and 80+ integrated tools that runs full offensive security campaigns and delivers validated, evidence-backed findings. Darkmoon is an autonomous AI-powered penetration testing platform built by ASC-IT in Toulouse, France. It orchestrates 18 specialized AI agents and over 80 integrated security tools to conduct end-to-end offensive security campaigns without manual intervention. The core engine is open source under GPLv3, with a commercial Pro licence adding a hardened sealed runtime, managed live command center, and branded reporting. ## What It Is Darkmoon sits in the autonomous offensive security category — it is not a passive vulnerability scanner but a multi-agent system that reasons about a target, fingerprints the technology stack, models the attack surface, dispatches domain-specific sub-agents, validates findings with real payloads, and generates structured audit reports. The platform is built around a strict security-by-design principle: the AI never directly executes tools. All tool calls flow through an MCP (Model Context Protocol) gateway that acts as a controlled execution layer, keeping the AI reasoning layer isolated from the actual toolbox. ## Architecture: AI Brain, MCP Gatekeeper, Docker Toolbox The execution pipeline follows a clear separation of concerns: - **OpenCode (AI Brain)** — reasons, plans, and delegates tasks to sub-agents - **MCP Darkmoon (Security Gatekeeper)** — validates and routes every tool call - **Docker Toolbox** — runs isolated security tools inside containers The master orchestrator agent detects up to 14 technology signals from the target and routes the campaign to the appropriate specialists, either sequentially or in parallel, with cascade depth capped at three levels to prevent runaway recursion. A live SSE (Server-Sent Events) dashboard streams every finding, infrastructure node, and agent event in real time. ## Agent Coverage and Toolbox Darkmoon ships 18 specialized agents covering: - **Web & API exploitation** — SQLi, XSS, SSRF, IDOR, RCE, SSTI, deserialization, JWT abuse, file upload, and path traversal, validated with real payloads - **Kubernetes attack chains** — RBAC escalation, DIND exploitation, node escape, etcd SSRF, privileged container breakout, crypto-miner detection, and CIS benchmarking - **Active Directory takeover** — AS-REP roasting, Kerberoasting, BloodHound, NTLM relay, LSASS dump, DCSync, and ADCS ESC1–ESC8, Golden & Silver tickets - **CMS-specific agents** — WordPress, Drupal, Joomla, Magento, PrestaShop, Moodle - **Stack-specific agents** — PHP/Laravel, Node/Express, NestJS/Next.js, Flask/Django, ASP.NET/Blazor, Spring Boot, Ruby on Rails The integrated toolbox includes subfinder, httpx, naabu, katana, nuclei, ffuf, wpscan, sqlmap, hydra, hashcat, netexec, BloodHound, Impacket, mimikatz, kubectl, kubescape, and more — all coordinated through the MCP gateway. ## Runtime Security Model The Pro licence adds a hardened sealed runtime with several tamper-resistance mechanisms: - AES-256-GCM sealed storage with keys derived from the licence and hardware fingerprint, resealed every 30 seconds - Hardware-bound licensing derived from MAC address and CPU model - SHA-256 binary integrity watchdog re-verifying critical binaries every 2 seconds, triggering immediate zeroize on tampering - Continuous debugger and tracer detection (gdb, strace, ltrace, frida, lldb) - Read-only rootfs with tmpfs writable paths, seccomp, and no-new-privileges - Secret redaction scrubbing model API keys and licence keys from all log output ## Update: Darkmoon v1.1.0 The GitHub repository shows the latest release as **v1.1.0 — "Authoritative reporting & adversarial qualification"**, published on 15 June 2026. The repository was last pushed on 19 June 2026, indicating active development. The project is written primarily in Python and has accumulated 408 stars and 71 forks on GitHub as of the data snapshot. Three deployment paths are offered: self-hosted licence via Docker, a managed Pentest on Demand service where ASC-IT experts run the engagement, and a Partner/MSSP reseller program with Stripe-powered billing. ## Features - 18 specialized AI agents - 80+ integrated security tools - Multi-agent orchestration with cascade depth control - Live SSE dashboard with real-time event streaming - MCP-gatekept tool execution (AI never gets shell access) - Web & API exploitation (SQLi, XSS, SSRF, IDOR, RCE, SSTI) - Kubernetes attack chain coverage - Active Directory takeover (Kerberoasting, BloodHound, DCSync, ADCS ESC1-ESC8) - CMS-specific agents (WordPress, Drupal, Joomla, Magento, PrestaShop, Moodle) - Infrastructure graph mapping - ISO 27001, HackerOne, and Bugcrowd report formats - Branded password-protected PDF reports with CVSS 3.1 and MITRE ATT&CK mapping - AES-256-GCM sealed storage - Hardware-bound licensing - Binary integrity watchdog - Debugger and tracer detection - Read-only rootfs with seccomp sandbox - Secret redaction in logs - Docker-based self-hosted deployment - CI/CD integration support - Bug bounty mode with FOCUS/EXCLUDE flags - GPLv3 open-source core engine ## Integrations Docker, Docker Compose, OpenRouter, Anthropic Claude, OpenAI, Ollama, llama.cpp, Nuclei, subfinder, httpx, naabu, katana, ffuf, wpscan, sqlmap, hydra, hashcat, netexec, BloodHound, Impacket, mimikatz, kubectl, kubescape, wafw00f, arjun, Playwright, Masscan, dirb, WhatWeb, CMSeeK, Waybackurls, Lightpanda, Stripe ## Platforms MACOS, LINUX, WEB, API, CLI ## Pricing Open Source, Free tier available ## Version v1.1.0 ## Links - Website: https://dark-moon.org - Documentation: https://docs.dark-moon.org/ - Repository: https://github.com/ASCIT31/Dark-Moon - EveryDev.ai: https://www.everydev.ai/tools/darkmoon