2.2.0 - 2026-03-05

Added

• Pipeline Pause / Resume / Stop Controls — full lifecycle management for all three pipelines (Recon, GVM Scan, GitHub Secret Hunt):
  • Pause — freezes the running container via Docker cgroups (container.pause()). Zero changes to scan scripts; processes resume exactly where they left off
  • Resume — unfreezes the container (container.unpause()), logs resume streaming instantly
  • Stop — kills the container permanently. Paused containers are unpaused before stopping to avoid cgroup issues. Sub-containers (naabu, httpx, nuclei, etc.) are also cleaned up
  • Toolbar UI — when running: spinner + Pause button + Stop button. When paused: Resume button + Stop button. When stopping: "Stopping..." with disabled controls
  • Logs drawer controls — pause/resume and stop buttons in the status bar, with Paused status indicator and spinner during stopping
  • Optimistic UI — stop button immediately shows "Stopping..." before the API responds
  • SSE stays alive during pause and stopping states so logs resume/complete without reconnection
  • 6 new backend endpoints (POST /{recon,gvm,github-hunt}/{projectId}/{pause,resume}) and 9 new webapp API proxy routes (pause/resume/stop × 3 pipelines)
  • Removed the auto-scroll play/pause toggle from logs drawer (redundant with "Scroll to bottom" button)
• IP/CIDR Targeting Mode — start reconnaissance from IP addresses or CIDR ranges instead of a domain:
  • "Start from IP" toggle in the Target & Modules tab — switches the project from domain-based to IP-based targeting. Locked after creation (cannot switch modes on existing projects)
  • Target IPs / CIDRs textarea — accepts individual IPs (192.168.1.1), IPv6 (2001:db8::1), and CIDR ranges (10.0.0.0/24, 192.168.1.0/28) with a max /24 (256 hosts) limit per CIDR
  • Reverse DNS (PTR) resolution — each IP is resolved to its hostname via PTR records. When no PTR exists, a mock hostname is generated from the IP (e.g., 192-168-1-1)
  • CIDR expansion — CIDR ranges are automatically expanded into individual host IPs (network and broadcast addresses excluded). Original CIDRs are passed to naabu for efficient native scanning
  • Full pipeline support — IP-mode projects run the complete 6-phase pipeline: reverse DNS + IP WHOIS → port scan → HTTP probe → resource enumeration (Katana, Kiterunner) → vulnerability scan (Nuclei) → CVE/MITRE enrichment
  • Neo4j graph integration — mock Domain node (ip-targets.{project_id}) with ip_mode: true, Subdomain nodes (real PTR hostnames or IP-based mocks), IP nodes with WHOIS data, and all downstream relationships
  • Tenant-scoped Neo4j constraints — IP, Subdomain, BaseURL, Port, Service, and Technology uniqueness constraints are now scoped to (key, user_id, project_id), allowing the same IP/subdomain to exist in different projects without conflicts
  • Input validation — new webapp/src/lib/validation.ts module with regex validators for IPs, CIDRs, domains, ports, status codes, HTTP headers, GitHub tokens, and more. Validation runs on form submit
  • ipMode and targetIps fields added to Prisma schema with database migration
• Chisel TCP Tunnel Integration — multi-port reverse tunnel alternative to ngrok for full attack path support:
  • chisel (v1.11.4) installed alongside ngrok in kali-sandbox Dockerfile — single binary, supports amd64 and arm64
  • Reverse tunnels both port 4444 (handler) and port 8080 (web delivery/HTA) through a single connection to a VPS
  • Enables Web Delivery (Method C) and HTA Delivery (Method D) phishing attacks that require two ports — previously blocked with ngrok's single-port limitation
  • Stageless Meterpreter payloads required through chisel (staged payloads fail through tunnels — same as ngrok)
  • Deterministic endpoint discovery — LHOST derived from CHISEL_SERVER_URL hostname (no API polling needed)
  • Auto-reconnect with exponential backoff if VPS connection drops
  • CHISEL_SERVER_URL and CHISEL_AUTH env vars added to .env.example and docker-compose.yml
  • _query_chisel_tunnel() utility in agentic/utils.py with get_session_config_prompt() integration
  • agentChiselTunnelEnabled Prisma field with database migration
• Phishing / Social Engineering Attack Path (phishing_social_engineering) — third classified attack path with a mandatory 6-step workflow: target platform selection, handler setup, payload generation, verification, delivery, and session callback:
  • Standalone Payloads (Method A): msfvenom-based payload generation for Windows (exe, psh, psh-reflection, vba, hta-psh), Linux (elf, bash, python), macOS (macho), Android (apk), Java (war), and cross-platform (python) — with optional AV evasion via shikata_ga_nai encoding
  • Malicious Documents (Method B): Metasploit fileformat modules for weaponized Word macro (.docm), Excel macro (.xlsm), PDF (Adobe Reader exploit), RTF (CVE-2017-0199 HTA handler), and LNK shortcut files
  • Web Delivery (Method C): fileless one-liner delivery via exploit/multi/script/web_delivery supporting Python, PHP, PowerShell, Regsvr32 (AppLocker bypass), pubprn, SyncAppvPublishingServer, and PSH Binary targets
  • HTA Delivery (Method D): HTML Application server via exploit/windows/misc/hta_server for browser-based payload delivery
  • Email Delivery: Python smtplib-based email sending via execute_code with per-project SMTP configuration (host, port, user, password, sender, TLS) — agent asks at runtime if no SMTP settings are configured
  • Chat Download: default delivery via docker cp command reported in chat
  • New prompt module phishing_social_engineering_prompts.py with PHISHING_SOCIAL_ENGINEERING_TOOLS (full workflow) and PHISHING_PAYLOAD_FORMAT_GUIDANCE (OS-specific format decision tree and msfvenom quick reference)
  • LLM classifier updated with phishing keywords and 10 example requests for accurate routing
  • phishing_social_engineering added to KNOWN_ATTACK_PATHS set and AttackPathClassification validator
• ngrok TCP Tunnel Integration — automatic reverse shell tunneling through ngrok for NAT/cloud environments:
  • ngrok installed in kali-sandbox Dockerfile and auto-started in entrypoint.sh when NGROK_AUTHTOKEN env var is set
  • TCP tunnel on port 4444 with ngrok API exposed on port 4040
  • _query_ngrok_tunnel() utility in agentic/utils.py that queries ngrok API, discovers the public TCP endpoint, and resolves the hostname to an IP for targets with limited DNS
  • get_session_config_prompt() auto-detects LHOST/LPORT from ngrok when enabled — injects a status banner, dual LHOST/LPORT table (handler vs payload), and enforces REVERSE-only payloads through ngrok
  • is_session_config_complete() short-circuits to complete when ngrok tunnel is active
  • NGROK_AUTHTOKEN added to .env.example and docker-compose.yml (kali-sandbox env + port 4040 exposed)
• Phishing Section in Project Settings — new PhishingSection component with SMTP configuration textarea for per-project email delivery settings
• Tunnel Provider Dropdown — replaced the single "Enable ngrok TCP Tunnel" toggle in Agent Behaviour settings with a Tunnel Provider dropdown (None / ngrok / chisel). Mutually exclusive — selecting one automatically disables the other
• Social Engineering Suggestion Templates — 15 new suggestion buttons in AI Assistant drawer under a pink "Social Engineering" template group (Mail icon), covering payload generation, malicious documents, web delivery, HTA, email phishing, AV evasion, and more
• Phishing Attack Path Badge — pink "PHISH" badge with #ec4899 accent color for phishing sessions in the AI Assistant drawer
• Prisma Migrations — 20260228120000_add_ngrok_tunnel (agentNgrokTunnelEnabled), 20260228130000_add_phishing_smtp_config (phishingSmtpConfig), and 20260305145750_add_ip_mode (ipMode, targetIps) database migrations
• Remote Shells Tab — new "Remote Shells" tab on the graph dashboard for real-time session management:
  • Unified view of all active Metasploit sessions (meterpreter, shell), background handlers/jobs, and non-MSF listeners (netcat, socat)
  • Sessions auto-detected from the Kali sandbox with 3-second polling and background cache refresh
  • Built-in interactive terminal with command history (arrow keys), session-aware prompts, and auto-scroll
  • Session actions: kill, upgrade shell to meterpreter, stop background jobs
  • Agent busy detection with lock-timeout strategy — session listing always works from cache, interaction retries when lock is available
  • Session-to-chat mapping — each session card shows which AI agent chat session created it
  • Non-MSF session registration when agent creates netcat/socat listeners via kali_shell
• Command Whisperer — AI-powered NLP-to-command translator in the Remote Shells terminal:
  • Natural language input bar (purple accent) above the terminal command line
  • Describe what you want in plain English → LLM generates the correct command for the current session type (meterpreter vs shell)
  • Uses the project's configured LLM (same model as the AI agent) via a new /command-whisperer API endpoint
  • Generated commands auto-fill the terminal input for review — no auto-execution
• Metasploit Session Persistence — removed automatic Metasploit restart on new conversations:
  • Removed start_msf_prewarm call from WebSocket initialization
  • Removed sessions -K soft-reset on first metasploit_console use
  • msf_restart tool now visible to the AI agent for manual use when a clean state is needed

Changed

• Conflict detection — IP-mode projects skip domain conflict checks entirely (tenant-scoped Neo4j constraints make IP overlap safe across projects). Domain-mode conflict detection unchanged
• HTTP probe scope filtering —...

2.1.0 - 2026-02-27

Added

• CypherFix — Automated Vulnerability Remediation Pipeline — end-to-end system that takes offensive findings from the Neo4j graph and turns them into merged code fixes:
  • Triage Agent (cypherfix_triage/): AI agent that queries the Neo4j knowledge graph, correlates hundreds of reconnaissance and exploitation findings, deduplicates them, ranks by exploitability and severity, and produces a prioritized remediation plan
  • CodeFix Agent (cypherfix_codefix/): autonomous code-repair agent that clones the target repository, navigates the codebase with 11 code-aware tools, implements targeted fixes for each triaged vulnerability, and opens a GitHub pull request ready for review and merge
  • Real-time WebSocket streaming for both Triage and CodeFix agents with dedicated hooks (useCypherFixTriageWS, useCypherFixCodeFixWS)
  • Remediations API (/api/remediations/) and hook (useRemediations) for persisting and retrieving remediation results
  • CypherFix API routes (/api/cypherfix/) for triggering and managing triage and codefix sessions
  • Agent-side API endpoints and orchestrator integration in api.py and orchestrator.py
• CypherFix Tab on Graph Page — new tab (CypherFixTab/) in the Graph dashboard providing a dedicated interface to launch triage, review prioritized findings, trigger code fixes, and monitor remediation progress
• CypherFix Settings Section — new CypherFixSettingsSection in Project Settings for configuring CypherFix parameters (GitHub repo, branch, AI model, triage/codefix behavior)
• CypherFix Type System (cypherfix-types.ts) — shared TypeScript types for triage results, codefix sessions, remediation records, and WebSocket message protocols
• Agentic README Documentation (agentic/readmes/) — internal documentation for the agentic module

Changed

• Global Header — updated navigation to include CypherFix access point
• View Tabs — styling updates to accommodate the new CypherFix tab
• Project Form — expanded with CypherFix settings section and updated section exports
• Hooks barrel export — updated hooks/index.ts with new CypherFix and remediation hooks
• Prisma Schema — new fields for CypherFix configuration in the project model
• Agent Requirements — new Python dependencies for CypherFix agents
• Docker Compose — updated service configuration for CypherFix support
• README — version bump to v2.1.0, CypherFix badge added, pipeline description updated

---

1.3.0 - 2026-02-19

Added

• Multi-Provider LLM Support — the agent now supports 4 AI providers (OpenAI, Anthropic, OpenRouter, AWS Bedrock) with 400+ selectable models. Models are dynamically fetched from each provider's API and cached for 1 hour. Provider is auto-detected via a prefix convention (openrouter/, bedrock/, claude-*, or plain OpenAI)
• Dynamic Model Selector — replaced the hardcoded 11-model dropdown with a searchable, provider-grouped model picker in Project Settings. Type to filter across all providers instantly; each model shows name, context window, and pricing info
• GET /models API Endpoint — new agent endpoint that fetches available models from all configured providers in parallel. Proxied through the webapp at /api/models
• model_providers.py — new provider discovery module with async fetchers for OpenAI, Anthropic, OpenRouter, and AWS Bedrock APIs, with in-memory caching (1h TTL)
• Stealth Mode — new per-project toggle that forces the entire pipeline to use only passive and low-noise techniques:
  • Recon: disables Kiterunner and banner grabbing, switches Naabu to CONNECT scan with rate limiting, throttles httpx/Katana/Nuclei, disables DAST and interactsh callbacks
  • Agent: injects stealth rules into the system prompt — only passive/stealthy methods allowed, agent must refuse if stealth is impossible
  • GVM scanning disabled in stealth mode (generates ~50K active probes per target)
• Stealth Mode UI — toggle in Target section of Project Settings with description of what it does
• Kali Sandbox Tooling Expansion — 15+ new packages installed in the Kali container: netcat, socat, rlwrap, exploitdb, john, smbclient, sqlmap, jq, gcc, g++, make, perl, go
• kali_shell MCP Tool — direct Kali Linux shell command execution, available in all phases
• execute_code MCP Tool — run custom Python/Bash exploit scripts on the Kali sandbox
• msf_restart MCP Tool — restart Metasploit RPC daemon when it becomes unresponsive
• execute_nmap MCP Tool — deep service analysis, OS fingerprinting, NSE scripts (consolidated from previous naabu-only setup)
• MCP Server Consolidation — merged curl and naabu servers into a unified network_recon_server.py, added dedicated nmap_server.py, fixed tool loading race condition
• Failure Loop Detection — agent detects 3+ consecutive similar failures and injects a pivot warning to break out of unproductive loops
• Prompt Token Optimization — lazy no-module fallback injection (saves ~1.1K tokens), compact formatting for older execution trace steps (full output only for last 5), trimmed rarely-used wordlist tables
• Metasploit Prewarm — pre-initializes Metasploit console on agent startup to reduce first-use latency
• Markdown Report Export — download the full agent conversation as a formatted Markdown file
• Brute Force & CVE Exploit Settings — new Project Settings sections for configuring brute force speed/wordlist limits and CVE exploit attack path parameters
• Node.js Deserialization Guinea Pig — new test environment for CVE-2017-5941 (node-serialize RCE)
• Phase Tools Tooltip — hover on phase badges to see which MCP tools are available in that phase
• GitHub Secrets Suggestion — new suggestion button in AI Assistant to leverage discovered GitHub secrets during exploitation

Changed

• Agent Orchestrator — rewritten _setup_llm() with 4-way provider detection (OpenAI, Anthropic, OpenRouter via ChatOpenAI + custom base_url, Bedrock via ChatBedrockConverse with lazy import)
• Model Display — formatModelDisplay() helper cleans up prefixed model names in the AI Assistant badge and markdown export (e.g., openrouter/meta-llama/llama-4-maverick → llama-4-maverick (OR))
• Prompt Architecture — tool registry extracted into dedicated tool_registry.py, attack path prompts (CVE exploit, brute force, post-exploitation) significantly reworked for better token efficiency and exploitation success rates
• curl-based Exploitation — expanded curl-based vulnerability probing and no-module fallback workflows for when Metasploit modules aren't available
• kali_shell & execute_nuclei — expanded to all phases (previously restricted)
• GVM Button — disabled in stealth mode with tooltip explaining why
• README — extensive updates: 4-provider documentation, AI Model Providers section, Kali sandbox tooling tables, new badges (400+ AI Models, Stealth Mode, Full Kill Chain, 30+ Security Tools, 9000+ Vuln Templates, 170K+ NVTs, 180+ Settings), version bump to v1.3.0

1.2.0 - 2026-02-13

Added

• GVM Vulnerability Scanning — full end-to-end integration of Greenbone Vulnerability Management (GVM/OpenVAS) into the RedAmon pipeline:
  • Python scanner module (gvm_scan/) with GVMScanner class wrapping the GMP protocol for headless API-based scanning
  • Orchestrator endpoints (/gvm/{id}/start, /gvm/{id}/status, /gvm/{id}/stop, /gvm/{id}/logs) with SSE log streaming
  • Webapp API routes, useGvmStatus polling hook, useGvmSSE streaming hook, toolbar buttons, and log drawer on the Graph page
  • Neo4j graph integration — GVM findings stored as Vulnerability nodes (source="gvm") linked to IP/Subdomain via HAS_VULNERABILITY, with associated CVE nodes
  • JSON result download from the Graph page toolbar
• GitHub Secret Hunt — automated secret and credential detection across GitHub organizations and user repositories:
  • Python scanner module (github_secret_hunt/) with GitHubSecretHunter class supporting 40+ regex patterns for AWS, Azure, GCP, GitHub, Slack, Stripe, database connection strings, CI/CD tokens, cryptographic keys, JWT/Bearer tokens, and more
  • High-entropy string detection via Shannon entropy to catch unknown secret formats
  • Sensitive filename detection (.env, .pem, .key, credentials files, Kubernetes kubeconfig, Terraform tfvars, etc.)
  • Commit history scanning (configurable depth, default 100 commits) and gist scanning
  • Organization member repository enumeration with rate-limit handling and exponential backoff
  • Orchestrator endpoints (/github-hunt/{id}/start, /github-hunt/{id}/status, /github-hunt/{id}/stop, /github-hunt/{id}/logs) with SSE log streaming
  • Webapp API routes for start, status, stop, log streaming, and JSON result download
  • useGithubHuntStatus polling hook and useGithubHuntSSE streaming hook for real-time UI updates
  • Graph page toolbar integration with start/stop button, log drawer, and result download
  • JSON output with statistics (repos scanned, files scanned, commits scanned, gists scanned, secrets found, sensitive files, high-entropy findings)
• GitHub Hunt Per-Project Settings — GitHub scan configuration is now configurable per-project via the webapp UI:
  • New "GitHub" section in Project Settings with token, target org/user, and scan options
  • 7 configurable fields: Access Token, Target Organization, Scan Members, Scan Gists, Scan Commits, Max Commits, Output JSON
  • github_secret_hunt/project_settings.py mirrors the recon/GVM settings pattern (fetch from webapp API, fallback to defaults)
  • 7 new Prisma schema fields (github_access_token, github_target_org, github_scan_members, github_scan_gists, github_scan_commits, github_max_commits, github_output_json)
• GVM Per-Project Settings — GVM scan configuration is now configurable per-project via the webapp UI:
  • New "GVM Scan" tab in Project Settings (between Integrations and Agent Behaviour)
  • 5 configurable fields: Scan Profile, Scan Targets Strategy, Task Timeout, Poll Interval, Cleanup After Scan
  • gvm_scan/project_settings.py mirrors the recon/agentic settings pattern (fetch from webapp API, fallback to defaults)
  • Defaults served via orchestrator /defaults endpoint using importlib to avoid module name collision
  • 5 new Prisma schema fields (gvm_scan_config, gvm_scan_targets, gvm_task_timeout, gvm_poll_interval, gvm_cleanup_after_scan)

Changed

• Webapp Dockerfile — embedded Prisma CLI in the production image; entrypoint now runs prisma db push automatically on startup, eliminating the separate webapp-init container
• Dev Compose — docker-compose.dev.yml now runs prisma db push before npm run dev to ensure schema is always in sync
• Docker Compose — removed webapp-init service and webapp_prisma_cache volume; webapp handles its own schema migration

Removed

• webapp-init service — replaced by automatic migration in the webapp entrypoint (both production and dev modes)
• gvm_scan/params.py — hardcoded GVM settings replaced by per-project project_settings.py

1.1.0 - 2026-02-08

Added

• Attack Path System — agent now supports dynamic attack path selection with two built-in paths:
  • CVE Exploit — automated Metasploit module search, payload configuration, and exploit execution
  • Brute Force Credential Guess — service-level brute force with configurable wordlists and max attempts per service
• Agent Guidance — send real-time steering messages to the agent while it works, injected into the system prompt before the next reasoning step
• Agent Stop & Resume — stop the agent at any point and resume from the last LangGraph checkpoint with full context preserved
• Project Creation UI — full frontend project form with all configurable settings sections:
  • Naabu (port scanner), Httpx (HTTP prober), Katana (web crawler), GAU (passive URLs), Kiterunner (API discovery), Nuclei (vulnerability scanner), and agent behavior settings
• Agent Settings in Frontend — transferred agent configuration parameters from hardcoded params.py to PostgreSQL, editable via webapp UI
• Metasploit Progress Streaming — HTTP progress endpoint (port 8013) for real-time MSF command tracking with ANSI escape code cleaning
• Metasploit Session Auto-Reset — msf_restart() MCP tool for clean msfconsole state; auto-reset on first use per chat session
• WebSocket Integration — real-time bidirectional communication between frontend and agent orchestrator
• Markdown Chat UI — react-markdown with syntax highlighting for agent chat messages
• Smart Auto-Scroll — chat only auto-scrolls when user is at the bottom of the conversation
• Connection Status Indicator — color-coded WebSocket connection status (green/red) in the chat interface

Changed

• Unified Docker Compose — replaced per-module .env files and start.sh/stop.sh scripts with a single root docker-compose.yml and docker-compose.dev.yml for full-stack orchestration
• Settings Source of Truth — migrated all recon and agent settings from hardcoded params.py to PostgreSQL via Prisma ORM, fetched at runtime via webapp API
• Recon Pipeline Improvements — multi-level improvements across all recon modules for reliability and accuracy
• Orchestrator Model Selection — fixed model selection logic in the agent orchestrator
• Frontend Usability — unified RedAmon primary crimson color (#d32f2f), styled message containers with ghost icons and gradient backgrounds, improved markdown heading and list spacing
• Environment Configuration — added root .env.example with all required keys; forwarded NVD_API_KEY and Neo4j credentials from recon-orchestrator to spawned containers
• Webapp Header — replaced Crosshair icon with custom logo.png image, bumped logo text size

Fixed

• Double Approval Dialog — fixed duplicate approval confirmation with ref-based state tracking
• Orchestrator Model Selection — corrected model selection logic when switching between AI providers

---