DarkMoon tackles a thorny challenge in autonomous penetration testing: enabling AI to orchestrate complex offensive security workflows safely and reliably. Its architecture strictly separates AI reasoning from direct tool execution, ensuring the platform can automate assessments without opening the door to uncontrolled or unsafe command execution.
What DarkMoon does and how it is architected
DarkMoon is an open-source Python platform for autonomous penetration testing across diverse environments such as web applications, cloud services, Active Directory, and Kubernetes clusters. It uses AI agents to orchestrate security assessments end-to-end, aiming to speed up and standardize pentesting workflows.
At its core sits an AI “brain” named OpenCode, responsible for reasoning and planning the pentest steps. Crucially, OpenCode does not execute any commands directly. Instead, all tool invocations funnel through a security gatekeeper component known as MCP. This gatekeeper validates and dispatches commands into a Docker-based toolbox, which houses over 50 containerized offensive security tools.
This design isolates the AI from executing arbitrary commands on the host system. By limiting tool execution to controlled, sandboxed Docker containers, DarkMoon reduces risk and prevents the AI from causing unintended side effects or security breaches.
DarkMoon dynamically spawns specialized sub-agents tailored to the technologies discovered during assessment. For instance, it dispatches agents focused on WordPress, GraphQL, Kubernetes, or Active Directory environments. This modular approach helps target the assessment efficiently based on the context.
The platform also supports a bug bounty mode that uses natural language flags to scope engagements, helping ensure testing occurs within authorized boundaries.
What sets DarkMoon’s architecture and approach apart
The standout architectural feature is the strict separation between AI reasoning and tool execution enforced via the MCP security gatekeeper. This gatekeeper acts as a single control point through which all commands pass before reaching the Docker toolbox.
This pattern makes the system secure by design rather than relying on prompt constraints or trusting the AI to behave safely. The AI can never directly execute commands; it only suggests actions that the gatekeeper validates and runs in sandboxed containers.
This architecture balances flexibility and security. The AI can orchestrate complex multi-step workflows across many integrated tools, yet the execution environment remains tightly controlled.
The codebase is primarily Python, and the platform leverages Docker and Docker Compose for environment consistency and isolation. The integration of over 50 offensive security tools within containerized sandboxes shows a deliberate emphasis on modularity and containment.
The dynamic dispatch of sub-agents based on identified technologies reflects a practical approach to scaling autonomous pentesting workflows. Instead of a monolithic agent trying to do everything, DarkMoon breaks down tasks to specialized agents that can focus on specific attack surfaces.
One tradeoff is the complexity introduced by managing multiple agents and containerized tools, which may affect startup times and resource usage. However, these are reasonable costs for safer autonomous execution.
Quick start
Prerequisites
- Docker & Docker Compose
- An LLM API key (OpenRouter, Anthropic, OpenAI, or local models)
Note: GPU configuration, NVIDIA driver troubleshooting, and advanced environment setup are covered in the Full Documentation — GPU Troubleshooting.
Installation
1. Clone the repository
git clone https://github.com/ASCIT31/Dark-Moon.git
cd Dark-Moon
2. Configure your LLM provider
install.sh handles provider configuration interactively — no need to edit docker-compose.yml:
./install.sh # skip form if .opencode.env already configured
./install.sh --init # force reconfiguration (cloud or local model)
./install.sh --help # show usage
Supports cloud providers (Anthropic, OpenAI, OpenRouter…) and local models (Ollama, llama.cpp).
Note: For full details on environment variables and local model setup, see the Full Documentation — Environment Variables.
3. Build and launch
./install.sh # Clean install with full stack reset
4. Run your first assessment
./darkmoon.sh "TARGET: example.com"
5. Monitor in real-time
./darkmoon.sh --log <session_id>
Note: Real-time session logs display every command executed by the MCP server. See Full Documentation — Session Logs for details.
Verdict
DarkMoon is relevant for pentesters and security teams interested in automating assessments across complex environments using AI without sacrificing execution safety. Its architecture makes autonomous pentesting safer by design, a significant consideration given the risks of running offensive tools under AI control.
That said, the platform’s complexity, with multiple agents and containerized tools, may require significant resources and operational familiarity with Docker and LLM configurations. Also, the quality and coverage of the integrated tools and AI reasoning depend on ongoing maintenance and tuning.
For teams exploring AI-powered security automation, DarkMoon offers a well-structured, security-conscious foundation worth evaluating. It is less suited for simple or one-off scans but shines in multi-technology, continuous testing scenarios where automation and safety need to coexist.
→ GitHub Repo: ASCIT31/Dark-Moon ⭐ 326 · Python