Darkmoon

Autonomous AI penetration testing, from scan to report.

Visit website

3.6
22
1

What Is Darkmoon?

Darkmoon is an open-source autonomous AI penetration testing platform built to automate complex offensive security assessments across web, cloud, and infrastructure environments. It orchestrates a fleet of specialized AI agents to discover assets, map attack paths, and execute realistic attack scenarios without manual intervention.

Security teams get a live dashboard for runtime visibility alongside publication-ready reports that make it easier to monitor and communicate risk. Maintained by ASC-IT in Toulouse, France, Darkmoon is released under the GPLv3 license with documentation, live demo access, and API references available.

Managed security providers and consulting firms can also resell or white-label the platform through a dedicated partner program, bringing automated pentesting to a wider range of organizations.

Quick Snapshot

Darkmoon automates professional-grade penetration tests using specialized AI agents, cutting the time and effort needed for security assessments. Teams get continuous, repeatable tests with evidence-backed findings to understand and communicate risk faster.

Works on
  • Web
  • API
  • Other
Pricing Model
Freemium
Starting at €149/month — Darkmoon offers a Free plan plus paid plans starting at €149/month, with additional custom pricing options for larger or specialized deployments. Full details and usage limits are available on the product’s pricing page.
Affiliate Program
Unknown
API Availability
Darkmoon has an API available.
Key Features
  1. Automate end-to-end penetration tests with AI agents
  2. Gain live visibility into security posture and risks
  3. Generate publication-ready reports in minutes
Audience
  • security engineers
  • penetration testers
  • CISOs
  • DevSecOps teams
  • managed security service providers
  • IT administrators
  • consulting firms

Screenshot

Darkmoon

Key Features of Darkmoon

Autonomous AI agents

Uses multiple specialized AI agents to orchestrate asset discovery, attack path mapping, and realistic attack execution with minimal manual intervention.

End-to-end pentesting

Runs full penetration testing workflows from initial scan through to final reporting, drastically reducing time and effort compared to traditional approaches.

Live security dashboard

Provides a live dashboard and runtime visibility so teams can monitor ongoing assessments and understand security posture in near real time.

Publication-ready reports

Generates reports designed for stakeholders and clients, making it easier to document findings and communicate risk clearly.

Open-source GPLv3

Released under the GPLv3 open-source license, with documentation, live demo access, and API references available for transparency and extensibility.

MSSP partner program

Offers a dedicated program for MSSPs to resell or white-label Darkmoon, enabling scalable automated pentesting services.

API access

Includes an API so teams and providers can integrate autonomous penetration testing workflows into existing security and DevSecOps pipelines.

Use Cases for Darkmoon

Continuous pentesting

Run frequent, repeatable penetration tests using AI agents to continuously assess security posture without constantly booking manual pentest engagements.

Web and API testing

Automatically discover and test web applications and APIs, surfacing vulnerabilities and misconfigurations faster than traditional manual-only approaches.

Cloud and infrastructure audits

Map attack paths across cloud and on-premise infrastructure to identify exploitable weaknesses that could be used in real-world attack scenarios.

MSSP service delivery

Use Darkmoon as a white-labeled or resold platform to offer scalable, automated pentesting services to multiple clients with standardized reporting.

Executive risk reporting

Generate publication-ready penetration testing reports that help CISOs and security leaders clearly communicate technical risk to stakeholders and regulators.

Frequently Asked Questions

What is Darkmoon and how does it work?

Darkmoon is an open-source, AI-powered autonomous penetration testing platform. It coordinates multiple AI agents to discover assets, map attack paths, and execute realistic attack scenarios across web, cloud, and infrastructure environments, then surfaces findings through dashboards and reports.

Is Darkmoon really open-source?

Yes. Darkmoon is released under the GPLv3 license and is built and maintained by ASC-IT in Toulouse, France, with documentation, demos, and API references available online.

Which environments can Darkmoon test?

Darkmoon is designed to automate offensive security assessments across web applications, cloud environments, and underlying infrastructure, providing a broad view of your attack surface.

Who should use Darkmoon?

Darkmoon is aimed at security engineers, penetration testers, CISOs, DevSecOps teams, MSSPs, IT administrators, and consulting firms that need scalable, repeatable penetration testing and clear risk reporting.

How much does Darkmoon cost?

Darkmoon offers a Free plan, with paid plans starting at €149 per month and additional custom pricing for larger or specialized deployments. Detailed pricing and limits are listed on the Darkmoon website.

Does Darkmoon offer an affiliate or partner program?

Darkmoon includes a partner program that allows MSSPs to resell or white-label the platform. It also has an affiliate program, although specific commission details are not publicly stated.

Can Darkmoon integrate with existing security workflows?

Yes. Darkmoon provides an API that allows teams and providers to integrate autonomous penetration testing into existing security operations and DevSecOps workflows.

How does Darkmoon help with reporting to stakeholders?

Darkmoon generates publication-ready reports that summarize findings and risk, making it easier for security teams and service providers to communicate results to executives, clients, and regulators.

Darkmoon · Our Verdict

Darkmoon stands out by combining open-source transparency with an autonomous AI agent approach to penetration testing, which is still uncommon in the security ecosystem. Its focus on end-to-end automation, clear reporting, and partner-friendly resale options makes it particularly compelling for security teams and MSSPs that need repeatable, scalable assessments rather than one-off manual engagements.

Reviews 3.6 (1)

Want to review this tool? Login or Register.

No reviews yet. Be the first to share your experience!