Most AI pentesting tools stop at the web layer. Darkmoon goes further. Built by professional pentesters, it combines 18 specialized AI agents and 80+ offensive security tools to assess Active Directory, Kubernetes, cloud infrastructure, APIs, CMSs, and networks. Self-hosted, open-source, MITRE-mapped, and designed to deliver evidence-backed findings, attack paths, and publication-ready reports.
Hey Product Hunt,
We're a small team of professional pentesters.
Over the last few years we've tested almost every AI-powered pentesting tool we could find.
Most of them turned out to be web scanners with an LLM wrapped around them.
That's fine if your target is a marketing website and you're hunting for XSS.
Real engagements don't look like that.
They look like:
* Active Directory
* Kubernetes
* AWS
* Internal networks
* APIs
* Legacy systems
That's where we spend our time.
That's also where most AI tools hit a wall.
So we built Darkmoon.
Darkmoon is an open-source, self-hosted autonomous penetration testing platform.
It currently includes:
* 18 specialized methodology agents
* 80+ integrated offensive security tools
* Infrastructure mapping
* Evidence-backed reporting
* Attack-path generation
The orchestrator fingerprints the target and selects the most appropriate methodology.
Examples:
* Active Directory
* Kubernetes
* WordPress
* Drupal
* Magento
* GraphQL
* PHP
* Node.js
* ASP.NET
* Spring Boot
* Network infrastructure
One thing we cared about from day one was transparency.
The agents are not hidden prompts.
Every methodology is stored as a plain Markdown file that can be:
* reviewed
* audited
* version controlled
* customized
Each methodology is mapped to:
* MITRE ATT&CK
* NIST 800-115
Under the hood Darkmoon orchestrates more than 80 offensive security tools including:
* Nuclei
* SQLMap
* NetExec
* BloodHound
* Impacket
* FFUF
* Hydra
* Kubescape
The model doesn't execute tools directly.
It plans.
It prioritizes.
It delegates.
A separate execution layer runs the commands, captures the output and feeds the results back into the workflow.
Findings include:
* supporting evidence
* executed commands
* command output
* severity ratings
* infrastructure maps
A few honest caveats:
* Web and Active Directory are currently the most mature agents.
* Cloud coverage is improving but still evolving.
* Frontier models currently perform better than smaller local models.
* There is an API cost associated with each run.
Darkmoon is GPLv3.
Fully self-hosted.
No telemetry.
You can bring:
* OpenAI
* Anthropic
* Ollama
* llama.cpp
We're launching today to gather feedback from the security and open-source communities.
Happy to answer questions about the architecture, methodology, roadmap, or anything else.
Thanks for checking it out.
GitHub:
https://github.com/ASCIT31/Dark-...
Strong launch. I like the split between model planning and a separate execution layer. For security work, the useful artifact is not only the report, it is the chain from target scope to authorized tool to command output to finding. Do you keep that run record exportable for client or audit review?
What’s the setup like to run a full assessment, and can you plug in your own tools or internal scanners?
About Darkmoon on Product Hunt
“Autonomous penetration testing platform”
Darkmoon launched on Product Hunt on June 19th, 2026 and earned 96 upvotes and 11 comments, placing #14 on the daily leaderboard. Most AI pentesting tools stop at the web layer. Darkmoon goes further. Built by professional pentesters, it combines 18 specialized AI agents and 80+ offensive security tools to assess Active Directory, Kubernetes, cloud infrastructure, APIs, CMSs, and networks. Self-hosted, open-source, MITRE-mapped, and designed to deliver evidence-backed findings, attack paths, and publication-ready reports.
Darkmoon was featured in Open Source (68.6k followers), Developer Tools (515.4k followers), Artificial Intelligence (473.1k followers) and GitHub (41.3k followers) on Product Hunt. Together, these topics include over 218k products, making this a competitive space to launch in.
Who hunted Darkmoon?
Darkmoon was hunted by Mehdi Boutayeb . A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how Darkmoon stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.