<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Mehdi BOUTAYEB</title>
    <description>The latest articles on DEV Community by Mehdi BOUTAYEB (@darkmoonx).</description>
    <link>https://dev.to/darkmoonx</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3990946%2F256a9ee8-3deb-4a74-99db-5f09f595eeb5.png</url>
      <title>DEV Community: Mehdi BOUTAYEB</title>
      <link>https://dev.to/darkmoonx</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/darkmoonx"/>
    <language>en</language>
    <item>
      <title>How to read AI pentest benchmark claims: XBEN, 96 percent scores, and what they hide</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Tue, 07 Jul 2026 20:30:42 +0000</pubDate>
      <link>https://dev.to/darkmoonx/how-to-read-ai-pentest-benchmark-claims-xben-96-percent-scores-and-what-they-hide-2epj</link>
      <guid>https://dev.to/darkmoonx/how-to-read-ai-pentest-benchmark-claims-xben-96-percent-scores-and-what-they-hide-2epj</guid>
      <description>&lt;p&gt;Several autonomous pentest tools now advertise scores around 96 percent on the XBOW XBEN benchmark. A percentage with no context is marketing, not evidence. Here is how to read those claims like a practitioner.&lt;/p&gt;

&lt;h2&gt;
  
  
  What XBEN actually is
&lt;/h2&gt;

&lt;p&gt;XBOW open sourced a set of 104 web challenges built around exploit validation rather than detection. That focus is healthy: proving exploitation is a much harder and more honest bar than flagging a potential issue. But a benchmark is only as meaningful as the conditions you run it under.&lt;/p&gt;

&lt;h2&gt;
  
  
  The variables that inflate a score
&lt;/h2&gt;

&lt;p&gt;Hint free or hinted? Single attempt or unlimited retries? What is the false positive rate behind the headline number? A tool that scores high with hints and retries is not comparable to one that scores lower hint free on the first try.&lt;/p&gt;

&lt;h2&gt;
  
  
  The controlled to the wild gap
&lt;/h2&gt;

&lt;p&gt;Recent research evaluating agents on real targets, not just labs, keeps finding the same thing: lab benchmarks overstate real capability. CTF style completion is not the same as validated discovery on a messy production system.&lt;/p&gt;

&lt;h2&gt;
  
  
  A transparency checklist
&lt;/h2&gt;

&lt;p&gt;Before you trust any autonomous pentest claim, ask for a reproducible run, the proof of exploit artifacts, the false positive rate, and whether it was hint free. If those are missing, the number is a slide, not a result.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;Reproducibility is the whole point. Run the benchmark yourself against whatever tool you are evaluating and compare honestly.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>The real bottleneck in AI pentesting is validated exploitation, not discovery</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Tue, 07 Jul 2026 20:30:05 +0000</pubDate>
      <link>https://dev.to/darkmoonx/the-real-bottleneck-in-ai-pentesting-is-validated-exploitation-not-discovery-kie</link>
      <guid>https://dev.to/darkmoonx/the-real-bottleneck-in-ai-pentesting-is-validated-exploitation-not-discovery-kie</guid>
      <description>&lt;p&gt;In 2026 the AI slop problem got impossible to ignore: bug bounty platforms paused programs, maintainers like curl walked away from bounties, and autonomous agents started flooding open source projects with low quality reports. The lesson is that discovery got cheap and proof got scarce.&lt;/p&gt;

&lt;h2&gt;
  
  
  Discovery is now the easy part
&lt;/h2&gt;

&lt;p&gt;An LLM can generate a plausible looking finding in seconds. That is exactly why platforms are drowning. When the cost of producing a report drops to near zero, volume stops being a signal of value and starts being noise.&lt;/p&gt;

&lt;h2&gt;
  
  
  Proof of exploit is the scarce thing
&lt;/h2&gt;

&lt;p&gt;The finding that matters is the one you can actually exploit, with the exact commands and raw output to back it. An autonomous tool that only reports what it can prove, and attaches the evidence, produces a short list a human can trust instead of a long list a human has to triage.&lt;/p&gt;

&lt;h2&gt;
  
  
  Responsible behaviour toward maintainers
&lt;/h2&gt;

&lt;p&gt;Autonomous offensive tooling that scrubs public repos and files unsolicited reports is part of the problem, not the solution. Scope proof, deduplication, rate limiting and a human sign off should be defaults, not afterthoughts.&lt;/p&gt;

&lt;h2&gt;
  
  
  The design principle
&lt;/h2&gt;

&lt;p&gt;Optimise for validated exploitation and an auditable evidence trail, not for the number of findings. That is the antidote to slop, and it is the only version of autonomous pentesting that survives contact with a real remediation team.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;If you care about proof over volume, the methodology and evidence trail are the part worth scrutinising.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>Shannon and Darkmoon: two Claude powered pentesters, compared</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Tue, 07 Jul 2026 20:26:40 +0000</pubDate>
      <link>https://dev.to/darkmoonx/shannon-and-darkmoon-two-claude-powered-pentesters-compared-2bhk</link>
      <guid>https://dev.to/darkmoonx/shannon-and-darkmoon-two-claude-powered-pentesters-compared-2bhk</guid>
      <description>&lt;p&gt;Disclosure: I work on Darkmoon. Shannon (KeygraphHQ) is the closest technical twin, both lean on Claude, so a fair comparison is useful.&lt;/p&gt;

&lt;h2&gt;
  
  
  Shannon's strength
&lt;/h2&gt;

&lt;p&gt;Shannon is a white box pentester that reads your source, identifies attack vectors and executes real exploits to prove them, and it scores very well on the XBOW benchmark. For source available web and API testing, it is excellent.&lt;/p&gt;

&lt;h2&gt;
  
  
  Darkmoon's focus
&lt;/h2&gt;

&lt;p&gt;Darkmoon is black box and multi surface: it chains across web, cloud, AD and Kubernetes without needing source, orchestrating 80 plus tools via MCP with an evidence trail per finding.&lt;/p&gt;

&lt;h2&gt;
  
  
  Licensing and model
&lt;/h2&gt;

&lt;p&gt;Shannon is AGPL-3.0, Darkmoon is GPL-3.0. Both are model agnostic in spirit and tuned around Claude Opus for planning stability.&lt;/p&gt;

&lt;h2&gt;
  
  
  Which to pick
&lt;/h2&gt;

&lt;p&gt;If you have source and want white box proof, Shannon. If you need broad black box chaining across an internal estate, Darkmoon. Both are open, so you can try both.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;Run both against a lab and judge for your scope.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>NodeZero is excellent, but it is SaaS: the self hosted open source path</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Tue, 07 Jul 2026 20:25:59 +0000</pubDate>
      <link>https://dev.to/darkmoonx/nodezero-is-excellent-but-it-is-saas-the-self-hosted-open-source-path-5fjd</link>
      <guid>https://dev.to/darkmoonx/nodezero-is-excellent-but-it-is-saas-the-self-hosted-open-source-path-5fjd</guid>
      <description>&lt;p&gt;Disclosure: I work on Darkmoon. NodeZero is a genuinely good autonomous pentest platform. This is for the teams that cannot use it because the targets cannot leave their environment.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why SaaS is a blocker for some
&lt;/h2&gt;

&lt;p&gt;Regulated, air gapped or data sensitive environments often cannot send targets or results to a vendor cloud. That rules out most hosted platforms regardless of quality.&lt;/p&gt;

&lt;h2&gt;
  
  
  What self hosted changes
&lt;/h2&gt;

&lt;p&gt;A self hosted engine keeps scope, data and evidence inside your environment. You run it on your own model and infrastructure.&lt;/p&gt;

&lt;h2&gt;
  
  
  What you get with an open source MCP host
&lt;/h2&gt;

&lt;p&gt;Darkmoon is GPL-3.0, model agnostic, and orchestrates 80 plus offensive tools via MCP across web, cloud, AD and Kubernetes, keeping a proof trail per finding.&lt;/p&gt;

&lt;h2&gt;
  
  
  Being fair
&lt;/h2&gt;

&lt;p&gt;You give up the polish and support of a funded SaaS. You gain control, privacy and the ability to read and change the method.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;If data residency is the constraint, a self hosted open source engine is worth a lab run.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>Open source autonomous pentesting: Darkmoon compared to Strix, PentAGI and Shannon</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Tue, 07 Jul 2026 20:25:17 +0000</pubDate>
      <link>https://dev.to/darkmoonx/open-source-autonomous-pentesting-darkmoon-compared-to-strix-pentagi-and-shannon-e46</link>
      <guid>https://dev.to/darkmoonx/open-source-autonomous-pentesting-darkmoon-compared-to-strix-pentagi-and-shannon-e46</guid>
      <description>&lt;p&gt;Disclosure: I work on Darkmoon, and I tried to make this a fair map of the open source field rather than a pitch. If you are choosing an open source AI pentester, here is how the main options actually differ.&lt;/p&gt;

&lt;h2&gt;
  
  
  Strix
&lt;/h2&gt;

&lt;p&gt;usestrix/strix runs code dynamically and validates web and app vulnerabilities with real proof of concept exploits. It is strong and fast on the application layer. If your scope is mostly web and API, look at it seriously.&lt;/p&gt;

&lt;h2&gt;
  
  
  PentAGI and Shannon
&lt;/h2&gt;

&lt;p&gt;PentAGI (vxcontrol) is a self hosted multi agent system with 20 plus built in tools. Shannon (KeygraphHQ) is a white box, Claude based pentester that reads source and proves exploitation, and it scores very well on the XBOW benchmark. Both are excellent at what they focus on.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where Darkmoon is different
&lt;/h2&gt;

&lt;p&gt;Darkmoon focuses on multi surface coverage (web, cloud, Active Directory, Kubernetes, API and internal networks) orchestrated through MCP, with the methodology written as Markdown playbooks you can read and fork, and an evidence trail on every finding.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to choose honestly
&lt;/h2&gt;

&lt;p&gt;For source aware web testing, Shannon and Strix are compelling. For broad multi host chaining across AD and Kubernetes with an auditable method, try Darkmoon. They are not mutually exclusive.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;Read the playbooks and run whichever fits your scope against a lab. Feedback and corrections to this comparison are welcome.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>The open source AI pentest tools worth knowing in 2026</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Sat, 04 Jul 2026 22:09:54 +0000</pubDate>
      <link>https://dev.to/darkmoonx/the-open-source-ai-pentest-tools-worth-knowing-in-2026-5f7</link>
      <guid>https://dev.to/darkmoonx/the-open-source-ai-pentest-tools-worth-knowing-in-2026-5f7</guid>
      <description>&lt;p&gt;Disclosure: I work on Darkmoon, one entry in this list. This is a neutral survey of the open source AI pentest field, not a ranking, so you can pick what fits your scope.&lt;/p&gt;

&lt;h2&gt;
  
  
  The assistants
&lt;/h2&gt;

&lt;p&gt;PentestGPT (GreyDGL) and Nebula (berylliumsec) put an LLM next to the operator for recon, reasoning and notes. Great for learning and augmenting a human.&lt;/p&gt;

&lt;h2&gt;
  
  
  The autonomous agents
&lt;/h2&gt;

&lt;p&gt;Strix, PentAGI, Shannon and CAI push toward autonomy on the application or source layer, each with a different focus and license.&lt;/p&gt;

&lt;h2&gt;
  
  
  The MCP and multi surface tools
&lt;/h2&gt;

&lt;p&gt;HexStrike exposes 150 plus tools over MCP. Darkmoon runs an MCP host across web, cloud, AD, Kubernetes and internal networks with playbooks and an evidence trail.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to read the field
&lt;/h2&gt;

&lt;p&gt;There is no single winner. Match the tool to your scope, your license needs and whether you want an assistant, an agent or an orchestrator.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;Star and try the ones that fit your work. Corrections to this survey are welcome.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>Autonomous pentesting against Active Directory, without the black box</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Sat, 04 Jul 2026 22:09:28 +0000</pubDate>
      <link>https://dev.to/darkmoonx/autonomous-pentesting-against-active-directory-without-the-black-box-23f4</link>
      <guid>https://dev.to/darkmoonx/autonomous-pentesting-against-active-directory-without-the-black-box-23f4</guid>
      <description>&lt;p&gt;Active Directory is where most internal compromises happen and where most AI tools give up. Darkmoon runs the AD attack path autonomously and shows every step.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why AD is hard for AI
&lt;/h2&gt;

&lt;p&gt;AD attack paths are stateful and multi step. A single prompt cannot hold the whole graph. You need an agent loop that enumerates, reasons and pivots while keeping state.&lt;/p&gt;

&lt;h2&gt;
  
  
  Playbooks as the state engine
&lt;/h2&gt;

&lt;p&gt;In Darkmoon the AD methodology is a Markdown playbook you can read and fork. The agent follows it, the proxy keeps the state, and every tool call is explicit.&lt;/p&gt;

&lt;h2&gt;
  
  
  From foothold to domain
&lt;/h2&gt;

&lt;p&gt;The agent enumerates with BloodHound style logic, identifies attack paths, and executes them with real tools, attaching the output of each step.&lt;/p&gt;

&lt;h2&gt;
  
  
  Auditable by design
&lt;/h2&gt;

&lt;p&gt;Because the method is a file and the execution is logged, a reviewer can follow exactly how the domain fell.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;Run it on GOAD and read the generated attack path end to end.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>MCP for offensive security: orchestrating 80+ tools through an MCP host</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Sat, 04 Jul 2026 22:09:01 +0000</pubDate>
      <link>https://dev.to/darkmoonx/mcp-for-offensive-security-orchestrating-80-tools-through-an-mcp-host-1fnd</link>
      <guid>https://dev.to/darkmoonx/mcp-for-offensive-security-orchestrating-80-tools-through-an-mcp-host-1fnd</guid>
      <description>&lt;p&gt;Model Context Protocol is becoming the clean way for an agent to call tools explicitly. Here is how an MCP host drives real offensive tooling, and how Darkmoon and HexStrike approach it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why MCP fits offense
&lt;/h2&gt;

&lt;p&gt;MCP makes every tool call explicit, scoped and logged, which is exactly what offensive work needs for auditability.&lt;/p&gt;

&lt;h2&gt;
  
  
  HexStrike's approach
&lt;/h2&gt;

&lt;p&gt;0x4m4/hexstrike-ai exposes 150 plus tools to an agent as an MCP server. If you want a broad tool server to plug into your own agent, it is a strong option.&lt;/p&gt;

&lt;h2&gt;
  
  
  Darkmoon's approach
&lt;/h2&gt;

&lt;p&gt;Darkmoon is an MCP host: it runs the agent loop and the methodology playbooks itself, and drives 80 plus tools through MCP across web, cloud, AD and Kubernetes, with an evidence trail per finding.&lt;/p&gt;

&lt;h2&gt;
  
  
  Server versus host
&lt;/h2&gt;

&lt;p&gt;A server exposes tools. A host reasons and orchestrates. Depending on whether you are building your own agent or want a ready one, you want one or the other, or both.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;If you are wiring MCP into offensive security, both approaches are open source and worth reading.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>Pentera alternatives in 2026, including the open source options</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Sat, 04 Jul 2026 22:08:35 +0000</pubDate>
      <link>https://dev.to/darkmoonx/pentera-alternatives-in-2026-including-the-open-source-options-1okf</link>
      <guid>https://dev.to/darkmoonx/pentera-alternatives-in-2026-including-the-open-source-options-1okf</guid>
      <description>&lt;p&gt;Disclosure: I work on Darkmoon, one of the tools below. Pentera is a mature, enterprise grade validation platform. If you are looking at alternatives, here is an honest map including the open source path.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Pentera does well
&lt;/h2&gt;

&lt;p&gt;Agentless, safe by design validation across internal and external surface, with enterprise support and maturity. If you have the budget and want a supported product, it is a strong choice.&lt;/p&gt;

&lt;h2&gt;
  
  
  The new autonomous wave
&lt;/h2&gt;

&lt;p&gt;NodeZero, XBOW and RunSybil are well funded SaaS platforms that autonomously find and prove exploitable paths. They are fast and polished, and they run in the vendor cloud.&lt;/p&gt;

&lt;h2&gt;
  
  
  The open source option
&lt;/h2&gt;

&lt;p&gt;If you cannot send targets to a vendor cloud, or you want to read and fork the methodology, a self hosted GPL tool like Darkmoon covers web, cloud, AD, Kubernetes and internal networks, orchestrating 80 plus tools via MCP with an evidence trail per finding.&lt;/p&gt;

&lt;h2&gt;
  
  
  Honest trade off
&lt;/h2&gt;

&lt;p&gt;The SaaS platforms are more mature and hands off. The open source path gives you data residency, no per test fee and full auditability, in exchange for running it yourself.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;If self hosted and auditable matters to you, try the open source path against a lab first.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>Why evidence matters more than model memory in AI pentesting</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Sat, 04 Jul 2026 22:06:04 +0000</pubDate>
      <link>https://dev.to/darkmoonx/why-evidence-matters-more-than-model-memory-in-ai-pentesting-467m</link>
      <guid>https://dev.to/darkmoonx/why-evidence-matters-more-than-model-memory-in-ai-pentesting-467m</guid>
      <description>&lt;p&gt;An AI finding you cannot reproduce is a liability, not a result. Darkmoon attaches the exact commands and raw tool output to every finding so a human can peer review it.&lt;/p&gt;

&lt;h2&gt;
  
  
  The trust problem
&lt;/h2&gt;

&lt;p&gt;Most AI security tools return a confidence score and a paragraph. In offensive security that is not enough. If you cannot show the command that proved a vulnerability, you cannot defend it in a report or a remediation meeting.&lt;/p&gt;

&lt;h2&gt;
  
  
  What an evidence trail actually contains
&lt;/h2&gt;

&lt;p&gt;For every finding Darkmoon keeps the executed command, the raw output, and the reasoning that connected them. The finding is a reproducible artifact, not a claim you have to take on faith.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why this beats a bigger model
&lt;/h2&gt;

&lt;p&gt;A larger model reduces some errors but never removes them. The evidence trail is what lets a human catch the ones that remain, which is exactly why we made it the core of the design rather than an afterthought.&lt;/p&gt;

&lt;h2&gt;
  
  
  How it changes the workflow
&lt;/h2&gt;

&lt;p&gt;Reviewers stop re verifying everything by hand and start spot checking the trail. Reports write themselves from real data instead of paraphrased model output.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;If you want to see the evidence trail on a live target, clone the Community Edition and point it at a lab.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo (GPLv3): &lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Docs: &lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Demo: &lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>opensource</category>
      <category>devsecops</category>
    </item>
    <item>
      <title>We build Darkmoon: An Open-Source Autonomous Pentesting Platform</title>
      <dc:creator>Mehdi BOUTAYEB</dc:creator>
      <pubDate>Thu, 18 Jun 2026 13:20:08 +0000</pubDate>
      <link>https://dev.to/darkmoonx/darkmoon-building-an-open-source-autonomous-pentesting-platform-4h6e</link>
      <guid>https://dev.to/darkmoonx/darkmoon-building-an-open-source-autonomous-pentesting-platform-4h6e</guid>
      <description>&lt;p&gt;Darkmoon is an open-source autonomous penetration testing platform released under GPLv3.&lt;/p&gt;

&lt;p&gt;Before talking about AI, agents or dashboards, it's important to understand that the project was built around a transparent and auditable open-source core.&lt;/p&gt;

&lt;p&gt;Over the last few years, we've tested a lot of security products.&lt;/p&gt;

&lt;p&gt;Some were excellent scanners.&lt;/p&gt;

&lt;p&gt;Some generated decent reports.&lt;/p&gt;

&lt;p&gt;Some experimented with AI-assisted workflows.&lt;/p&gt;

&lt;p&gt;But when we tried to use them in the environments we actually encounter during professional engagements, the limitations quickly became obvious.&lt;/p&gt;

&lt;p&gt;A real assessment rarely consists of a single web application.&lt;/p&gt;

&lt;p&gt;More often, the target is a combination of:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Active Directory&lt;/li&gt;
&lt;li&gt;Kubernetes&lt;/li&gt;
&lt;li&gt;Cloud infrastructure&lt;/li&gt;
&lt;li&gt;APIs&lt;/li&gt;
&lt;li&gt;CMS platforms&lt;/li&gt;
&lt;li&gt;Internal networks&lt;/li&gt;
&lt;li&gt;Legacy systems&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That's where we spend most of our time as pentesters.&lt;/p&gt;

&lt;p&gt;And that's what eventually led us to build Darkmoon.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjwtue7kscbj195xl3zvh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjwtue7kscbj195xl3zvh.png" alt=" " width="800" height="441"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Why We Built Darkmoon
&lt;/h2&gt;

&lt;p&gt;Darkmoon didn't begin as an AI project.&lt;/p&gt;

&lt;p&gt;It started with a practical question:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Could we automate parts of a penetration test without reducing everything to a vulnerability scanner?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most security tools are already very good at collecting information.&lt;/p&gt;

&lt;p&gt;The difficult part is deciding what to do next.&lt;/p&gt;

&lt;p&gt;An experienced pentester constantly adapts based on new information.&lt;/p&gt;

&lt;p&gt;They change direction.&lt;/p&gt;

&lt;p&gt;They prioritize attack paths.&lt;/p&gt;

&lt;p&gt;They abandon dead ends.&lt;/p&gt;

&lt;p&gt;They focus on technologies that matter.&lt;/p&gt;

&lt;p&gt;We wanted to explore whether some of that decision-making process could be reproduced while keeping humans in control of the assessment.&lt;/p&gt;




&lt;h2&gt;
  
  
  Open Source First
&lt;/h2&gt;

&lt;p&gt;One decision was made very early.&lt;/p&gt;

&lt;p&gt;Darkmoon had to be open source.&lt;/p&gt;

&lt;p&gt;Security teams already have enough black boxes to deal with.&lt;/p&gt;

&lt;p&gt;If an autonomous system is going to participate in security assessments, practitioners should be able to understand what it is doing and why.&lt;/p&gt;

&lt;p&gt;That's why Darkmoon is released under GPLv3.&lt;/p&gt;

&lt;p&gt;The source code is public.&lt;/p&gt;

&lt;p&gt;The methodologies are public.&lt;/p&gt;

&lt;p&gt;The orchestration logic is public.&lt;/p&gt;

&lt;p&gt;The deployment process is public.&lt;/p&gt;

&lt;p&gt;If you disagree with how an assessment is performed, you can inspect the methodology and modify it.&lt;/p&gt;

&lt;p&gt;For us, transparency matters more than any AI feature.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbm38aockhbrvr0lb6b11.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbm38aockhbrvr0lb6b11.png" alt=" " width="800" height="516"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Today the project includes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;18 specialized methodology agents&lt;/li&gt;
&lt;li&gt;80+ integrated offensive security tools&lt;/li&gt;
&lt;li&gt;Active Directory workflows&lt;/li&gt;
&lt;li&gt;Kubernetes workflows&lt;/li&gt;
&lt;li&gt;Cloud infrastructure assessments&lt;/li&gt;
&lt;li&gt;API security testing&lt;/li&gt;
&lt;li&gt;CMS security testing&lt;/li&gt;
&lt;li&gt;Infrastructure mapping&lt;/li&gt;
&lt;li&gt;Evidence collection&lt;/li&gt;
&lt;li&gt;Automated reporting&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;GitHub:&lt;br&gt;
&lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Documentation:&lt;br&gt;
&lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;&lt;/p&gt;


&lt;h2&gt;
  
  
  Methodologies Instead of Hidden Prompts
&lt;/h2&gt;

&lt;p&gt;One of the most common questions we receive is:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;How do the agents work?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The answer is deliberately simple.&lt;/p&gt;

&lt;p&gt;They're Markdown files.&lt;/p&gt;

&lt;p&gt;Each methodology describes how Darkmoon approaches a specific technology stack.&lt;/p&gt;

&lt;p&gt;They're reviewable.&lt;/p&gt;

&lt;p&gt;Version-controlled.&lt;/p&gt;

&lt;p&gt;Customizable.&lt;/p&gt;

&lt;p&gt;And visible.&lt;/p&gt;

&lt;p&gt;Unlike many AI-powered security products, the reasoning process isn't hidden behind proprietary prompts.&lt;/p&gt;

&lt;p&gt;A WordPress assessment doesn't follow the same methodology as an Active Directory engagement.&lt;/p&gt;

&lt;p&gt;A Kubernetes cluster doesn't trigger the same workflow as a GraphQL API.&lt;/p&gt;

&lt;p&gt;The methodologies can be inspected before running an assessment.&lt;/p&gt;

&lt;p&gt;For us, that's a critical requirement.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F60qt8bbk3yooem1d7dfl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F60qt8bbk3yooem1d7dfl.png" alt="Agent Selection Matrix" width="800" height="375"&gt;&lt;/a&gt;&lt;/p&gt;


&lt;h2&gt;
  
  
  Understanding the Target
&lt;/h2&gt;

&lt;p&gt;Darkmoon continuously builds an internal model of the environment it is assessing.&lt;/p&gt;

&lt;p&gt;Instead of blindly launching tools, it gathers technical signals from the target:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Services&lt;/li&gt;
&lt;li&gt;Technologies&lt;/li&gt;
&lt;li&gt;Frameworks&lt;/li&gt;
&lt;li&gt;CMS platforms&lt;/li&gt;
&lt;li&gt;APIs&lt;/li&gt;
&lt;li&gt;Infrastructure components&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Those signals are then used to determine which methodologies should be activated.&lt;/p&gt;

&lt;p&gt;Different technologies trigger different workflows.&lt;/p&gt;

&lt;p&gt;A WordPress deployment doesn't require the same approach as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Active Directory&lt;/li&gt;
&lt;li&gt;Kubernetes&lt;/li&gt;
&lt;li&gt;GraphQL&lt;/li&gt;
&lt;li&gt;ASP.NET&lt;/li&gt;
&lt;li&gt;Spring Boot&lt;/li&gt;
&lt;li&gt;Cloud infrastructure&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F929y6kxucb7u4f5aba2u.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F929y6kxucb7u4f5aba2u.png" alt="Environment Enumeration" width="800" height="433"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The objective is not to run every tool against every target.&lt;/p&gt;

&lt;p&gt;The objective is to select the most relevant methodology based on what is actually discovered.&lt;/p&gt;


&lt;h2&gt;
  
  
  Building Around Existing Security Tools
&lt;/h2&gt;

&lt;p&gt;We didn't try to reinvent twenty years of offensive security tooling.&lt;/p&gt;

&lt;p&gt;Darkmoon relies heavily on existing projects such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Nuclei&lt;/li&gt;
&lt;li&gt;SQLMap&lt;/li&gt;
&lt;li&gt;NetExec&lt;/li&gt;
&lt;li&gt;BloodHound&lt;/li&gt;
&lt;li&gt;Impacket&lt;/li&gt;
&lt;li&gt;FFUF&lt;/li&gt;
&lt;li&gt;Hydra&lt;/li&gt;
&lt;li&gt;Kubescape&lt;/li&gt;
&lt;li&gt;Kubeletctl&lt;/li&gt;
&lt;li&gt;WPScan&lt;/li&gt;
&lt;li&gt;CMSeeK&lt;/li&gt;
&lt;li&gt;Naabu&lt;/li&gt;
&lt;li&gt;Masscan&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;and many others.&lt;/p&gt;

&lt;p&gt;The interesting part isn't the tools themselves.&lt;/p&gt;

&lt;p&gt;The interesting part is deciding:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which tool should run&lt;/li&gt;
&lt;li&gt;When it should run&lt;/li&gt;
&lt;li&gt;Why it should run&lt;/li&gt;
&lt;li&gt;How the results should influence the next step&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That's where most of our work has gone.&lt;/p&gt;


&lt;h2&gt;
  
  
  Community Edition and Professional Edition
&lt;/h2&gt;

&lt;p&gt;Darkmoon is built around an open-source GPLv3 core.&lt;/p&gt;

&lt;p&gt;The Community Edition contains:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The autonomous engine&lt;/li&gt;
&lt;li&gt;Methodologies&lt;/li&gt;
&lt;li&gt;Orchestration logic&lt;/li&gt;
&lt;li&gt;Docker deployment&lt;/li&gt;
&lt;li&gt;Assessment workflows&lt;/li&gt;
&lt;li&gt;Reporting capabilities&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For organizations running larger engagements, we also maintain a Professional Edition.&lt;/p&gt;

&lt;p&gt;The Professional Edition focuses on operational workflows rather than changing the philosophy of the project.&lt;/p&gt;

&lt;p&gt;It extends the open-source foundation with:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Campaign management&lt;/li&gt;
&lt;li&gt;Infrastructure visualization&lt;/li&gt;
&lt;li&gt;Centralized dashboards&lt;/li&gt;
&lt;li&gt;Enhanced reporting&lt;/li&gt;
&lt;li&gt;Operational monitoring&lt;/li&gt;
&lt;li&gt;Team-oriented workflows&lt;/li&gt;
&lt;li&gt;Vulnerability analytics&lt;/li&gt;
&lt;li&gt;Historical campaign tracking&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The screenshots below come from the Professional Edition.&lt;/p&gt;

&lt;p&gt;The goal is not to replace the open-source edition.&lt;/p&gt;

&lt;p&gt;The goal is to provide operational capabilities for teams running Darkmoon at scale.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9nmjjl5u23dalt5zupmz.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9nmjjl5u23dalt5zupmz.png" alt=" " width="800" height="445"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flvegcyr8c7shirlnb39d.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flvegcyr8c7shirlnb39d.png" alt=" " width="799" height="434"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fteoc45h23aeilrxpsls1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fteoc45h23aeilrxpsls1.png" alt=" " width="800" height="435"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foc6hhwwsvv5qf3erlc0a.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foc6hhwwsvv5qf3erlc0a.png" alt=" " width="799" height="441"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpslj73lvpqoeslil2wzm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpslj73lvpqoeslil2wzm.png" alt=" " width="800" height="893"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frduye6gt1d5a9cthhfb0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frduye6gt1d5a9cthhfb0.png" alt=" " width="799" height="288"&gt;&lt;/a&gt;&lt;/p&gt;


&lt;h2&gt;
  
  
  Evidence Matters
&lt;/h2&gt;

&lt;p&gt;One of our biggest frustrations with automated security products is the lack of context.&lt;/p&gt;

&lt;p&gt;A finding without evidence is difficult to trust.&lt;/p&gt;

&lt;p&gt;Darkmoon attempts to preserve:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Commands executed&lt;/li&gt;
&lt;li&gt;Outputs collected&lt;/li&gt;
&lt;li&gt;Supporting evidence&lt;/li&gt;
&lt;li&gt;Attack paths&lt;/li&gt;
&lt;li&gt;Severity information&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The objective is not simply to produce findings.&lt;/p&gt;

&lt;p&gt;The objective is to produce findings that can be understood, validated and acted upon.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fur220w6n7odl4uvp0s43.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fur220w6n7odl4uvp0s43.png" alt="Darkmoon Logs" width="800" height="437"&gt;&lt;/a&gt;&lt;/p&gt;


&lt;h2&gt;
  
  
  Deployment
&lt;/h2&gt;

&lt;p&gt;Installation is intentionally simple.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;git clone https://github.com/ASCIT31/Dark-Moon.git
&lt;span class="nb"&gt;cd &lt;/span&gt;Dark-Moon

&lt;span class="nb"&gt;chmod&lt;/span&gt; +x install.sh darkmoon.sh

./install.sh
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Once installed:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;./darkmoon.sh
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Or directly against a target:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;./darkmoon.sh &lt;span class="s2"&gt;"TARGET: https://target.example"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Docker handles the environment and dependencies.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnttfgpvyvjwuy8579y5d.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnttfgpvyvjwuy8579y5d.png" alt="Assessment Startup" width="800" height="459"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Bring Your Own Model
&lt;/h2&gt;

&lt;p&gt;Darkmoon does not lock users into a single provider.&lt;/p&gt;

&lt;p&gt;Supported options include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;OpenAI&lt;/li&gt;
&lt;li&gt;Anthropic&lt;/li&gt;
&lt;li&gt;OpenRouter&lt;/li&gt;
&lt;li&gt;Ollama&lt;/li&gt;
&lt;li&gt;llama.cpp&lt;/li&gt;
&lt;li&gt;OpenAI-compatible endpoints&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Organizations can choose between:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Maximum performance&lt;/li&gt;
&lt;li&gt;Maximum privacy&lt;/li&gt;
&lt;li&gt;Fully local deployments&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fd7uqc1kptoigii8rfcf4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fd7uqc1kptoigii8rfcf4.png" alt="Provider Configuration" width="769" height="1189"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  What Still Needs Work
&lt;/h2&gt;

&lt;p&gt;Darkmoon is far from finished.&lt;/p&gt;

&lt;p&gt;Today:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Web application assessments are among the most mature workflows&lt;/li&gt;
&lt;li&gt;Active Directory coverage is highly advanced&lt;/li&gt;
&lt;li&gt;Cloud assessments are improving rapidly&lt;/li&gt;
&lt;li&gt;Smaller local models still struggle compared to frontier models on long reasoning loops&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;We're continuously improving:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Detection quality&lt;/li&gt;
&lt;li&gt;Methodologies&lt;/li&gt;
&lt;li&gt;Reporting&lt;/li&gt;
&lt;li&gt;False positive reduction&lt;/li&gt;
&lt;li&gt;Cloud coverage&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The project is evolving rapidly, but we're still early.&lt;/p&gt;




&lt;h2&gt;
  
  
  Looking Ahead
&lt;/h2&gt;

&lt;p&gt;The long-term vision is not to build another scanner.&lt;/p&gt;

&lt;p&gt;It's not even to build another AI wrapper.&lt;/p&gt;

&lt;p&gt;What interests us is creating systems that understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Infrastructure&lt;/li&gt;
&lt;li&gt;Security methodology&lt;/li&gt;
&lt;li&gt;Attack paths&lt;/li&gt;
&lt;li&gt;Offensive operations&lt;/li&gt;
&lt;li&gt;Remediation workflows&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;in a way that is genuinely useful to practitioners.&lt;/p&gt;

&lt;p&gt;Today, Darkmoon orchestrates methodologies, tools and workflows.&lt;/p&gt;

&lt;p&gt;Tomorrow, we want to push even further into cybersecurity-specific reasoning systems.&lt;/p&gt;

&lt;p&gt;Darkmoon is our attempt at exploring that direction in public, in the open, and alongside the community.&lt;/p&gt;




&lt;h2&gt;
  
  
  Links
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;GitHub&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/ASCIT31/Dark-Moon" rel="noopener noreferrer"&gt;https://github.com/ASCIT31/Dark-Moon&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Documentation&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://docs.dark-moon.org/" rel="noopener noreferrer"&gt;https://docs.dark-moon.org/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Website&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://dark-moon.org/" rel="noopener noreferrer"&gt;https://dark-moon.org/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Demo Video&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://youtu.be/1bFRVuMkZzY" rel="noopener noreferrer"&gt;https://youtu.be/1bFRVuMkZzY&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;We're always interested in feedback from:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Pentesters&lt;/li&gt;
&lt;li&gt;Security engineers&lt;/li&gt;
&lt;li&gt;DevSecOps teams&lt;/li&gt;
&lt;li&gt;Platform engineers&lt;/li&gt;
&lt;li&gt;Open-source contributors&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>cybersecurity</category>
      <category>mcp</category>
    </item>
  </channel>
</rss>
