Disclosure: I work on Darkmoon. Shannon (KeygraphHQ) is the closest technical twin, both lean on Claude, so a fair comparison is useful.
Shannon's strength
Shannon is a white box pentester that reads your source, identifies attack vectors and executes real exploits to prove them, and it scores very well on the XBOW benchmark. For source available web and API testing, it is excellent.
Darkmoon's focus
Darkmoon is black box and multi surface: it chains across web, cloud, AD and Kubernetes without needing source, orchestrating 80 plus tools via MCP with an evidence trail per finding.
Licensing and model
Shannon is AGPL-3.0, Darkmoon is GPL-3.0. Both are model agnostic in spirit and tuned around Claude Opus for planning stability.
Which to pick
If you have source and want white box proof, Shannon. If you need broad black box chaining across an internal estate, Darkmoon. Both are open, so you can try both.
Try it
Run both against a lab and judge for your scope.
- Repo (GPLv3): https://github.com/ASCIT31/Dark-Moon
- Docs: https://docs.dark-moon.org/
- Demo: https://youtu.be/1bFRVuMkZzY
Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.
Top comments (0)