heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
samugit83/redamon

Your AI red team that files its own bug-fix PRs

RedAmon chains recon, exploitation, and post-exploitation into an autonomous pipeline that ends with patched code and a GitHub pull request.

2k stars Python AgentsDomain Apps
View on GitHub
redamon
Velocity · 7d
+12
★ / day
Trend
steady
star history

What it does

RedAmon is a Dockerized offensive-security framework that runs reconnaissance (Nmap, Nuclei, OpenVAS, etc.), exploitation (Metasploit, SQLMap, Hydra), and post-exploitation through autonomous AI agents. Findings feed into a Neo4j knowledge graph for deduplication and relationship mapping. A separate “CypherFix” triage agent then ranks vulnerabilities by exploitability, clones your repository, navigates the codebase with 11 code-aware tools, implements fixes, and opens a GitHub PR. The README emphasizes “human oversight at every critical step” despite the autonomous branding.

The interesting bit

The pipeline doesn’t stop at a PDF report—it attempts to close the loop by editing source code and submitting patches. That’s unusual in a field where most tools max out at CSV export. The “Fireteam” mode also runs parallel specialist agents (credential testing, CVE validation, XSS mapping) simultaneously rather than sequentially.

Key highlights

  • 70+ security tools orchestrated via Docker Compose; host needs only Docker, no local Python/Node toolchain
  • Neo4j knowledge graph merges multi-tool output for natural-language querying
  • Supports local LLMs via Ollama, vLLM, or LM Studio in addition to ~400 cloud models
  • CypherFix auto-remediation agent generates code fixes and GitHub PRs
  • Rules-of-Engagement (RoE) guardrails configurable per project
  • Kali Linux sandbox for exploit execution; OpenVAS optional but heavy (8 GB RAM, ~30 min first sync)

Caveats

  • The README is heavy on badge marketing and light on technical architecture; actual agent coordination logic isn’t detailed
  • Full stack with OpenVAS demands significant resources (50 GB disk, 16 GB RAM recommended)
  • “Zero human intervention” in the repo description contradicts the README’s “human oversight at every critical step”—actual autonomy level is unclear

Verdict

Worth evaluating for security teams with mature DevOps workflows who want to automate from scan to patch. Skip it if you need lightweight tooling or transparent agent reasoning—this is a black-box orchestrator with a large footprint.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.