8. AI Agent Guide
The AI Agent is RedAmon's autonomous pentesting engine — a LangGraph-based system that reasons about your attack surface, selects security tools, executes exploits, and reports findings, all through a real-time chat interface. This guide walks you through every aspect of using the agent.
- On the Graph Dashboard, click the "AI Agent" button on the right side of the toolbar
- The AI Agent Drawer slides in from the right side of the screen
The AI Agent drawer contains several sections:
| Area | Description |
|---|---|
| Header | Connection status (WiFi icon), phase badge, attack type, iteration counter, stealth toggle |
| Conversation History | Button to open past conversations panel |
| Chat Area | Scrollable area showing messages, thinking timeline, and tool executions |
| Input Area | Message input with Send/Stop buttons |
| Element | Description |
|---|---|
| Connection Status | Green WiFi icon = connected, red = disconnected. The agent uses a WebSocket connection |
| Phase Badge | Current operational phase: Informational (blue), Exploitation (red), Post-Exploitation (purple) |
| Attack Type | Shows "CVE" or "Brute Force" badge when the agent is executing an attack path |
| Iteration Counter | Current step number in the agent's reasoning loop |
| Stealth Toggle | Enable/disable stealth mode during agent operation |
Type your message in the input area at the bottom of the drawer.
- Enter — send the message
- Shift + Enter — new line (multiline input)
- The textarea auto-expands as you type
The agent can handle a wide range of queries:
Informational queries (no exploitation):
- "What vulnerabilities exist on 192.168.1.100?"
- "Which technologies have critical CVEs?"
- "Show me all open ports on the subdomains"
- "Find all endpoints with injectable parameters"
- "Summarize the attack surface for this project"
Exploitation requests:
- "Exploit CVE-2021-41773 on the Apache server"
- "Try brute forcing SSH on 10.0.0.5"
- "Find and exploit the most critical vulnerability"
- "Test the Node.js deserialization vulnerability"
The agent automatically translates natural language into Neo4j graph queries, tool commands, and exploitation workflows.
As the agent works, you'll see a timeline of its reasoning and actions:
Show the agent's internal reasoning — what it's considering, planning, and deciding. These are expandable to see full reasoning details.
Show when the agent runs a tool. Each card displays:
| Element | Description |
|---|---|
| Tool name | Which tool was executed (e.g., query_graph, execute_nmap, metasploit_console) |
| Arguments | The input sent to the tool |
| Streaming output | Real-time output as the tool runs (updated every 5 seconds for long operations) |
| Analysis | The agent's interpretation of the tool's output |
| Actionable Findings | Key findings extracted from the output |
| Recommended Next Steps | What the agent suggests doing next |
The agent maintains a todo list that updates as it works. Items are marked as:
- Pending — not yet started
- In Progress — currently being worked on
- Completed — finished
- Blocked — unable to proceed
The agent operates in three distinct phases, each with different tool access:
Color: Blue
The agent gathers intelligence without any offensive actions:
- Queries the Neo4j graph for attack surface data
- Runs web searches for CVE details and exploit PoCs
- Makes HTTP requests with curl to test endpoints
- Scans ports with Naabu
- Runs Nmap for service detection
- Uses Nuclei for vulnerability verification
Available tools: query_graph, web_search, execute_curl, execute_naabu, execute_nmap, execute_nuclei, kali_shell
Color: Red
When the agent identifies a viable attack path, it requests a phase transition to exploitation. This requires your approval (if approval gates are enabled).
Additional tools unlocked: execute_code, execute_hydra, metasploit_console, msf_restart
Two attack paths supported:
| Attack Path | Description |
|---|---|
| CVE Exploitation | The agent finds a matching Metasploit module, configures payload (reverse/bind shell), and fires the exploit |
| Hydra Brute Force | Uses THC Hydra to brute force credentials on 50+ protocols (SSH, FTP, RDP, SMB, MySQL, HTTP forms, etc.) |
When an exploit succeeds, the agent records a ChainFinding(exploit_success) in the EvoGraph — recording the attack type, target IP, CVE IDs, module used, payload, and credentials discovered. This finding is linked to the attack chain step and bridged to the recon graph, making it queryable across sessions.
Color: Purple
After a successful exploit, the agent can transition to post-exploitation (if enabled in project settings):
- Statefull mode — interactive Meterpreter commands: enumeration, lateral movement, data exfiltration
- Stateless mode — re-runs exploits with different command payloads
When the agent wants to transition to a more aggressive phase, it pauses and sends an Approval Request.
The approval request includes:
- Reason — why the agent wants to transition
- Planned actions — what it intends to do
- Risks — potential impact
You have three options:
| Action | Description |
|---|---|
| Approve | Allow the phase transition — agent continues with offensive tools |
| Modify | Approve with modifications — add constraints or redirect the approach |
| Abort | Deny the transition — agent stays in the current phase |
Approval gates are configurable per project. You can disable them in the Agent Behaviour tab of project settings to let the agent operate fully autonomously.
Sometimes the agent needs additional information from you. It sends a Question Request with:
- The question text
- Optional predefined answer choices
You can select a predefined answer or type a custom response.
You can steer the agent while it's working by sending a guidance message:
- Type your guidance in the input area while the agent is actively processing
- The guidance is injected into the agent's context before its next reasoning step
- Examples: "Focus on SSH vulnerabilities", "Skip the web application, look at network services", "Try a different exploit module"
The agent acknowledges guidance with a confirmation message.
Click the Stop button (replaces the Send button while the agent is working) to pause execution. The agent's state is checkpointed.
After stopping, a Resume button appears. Click it to continue from the last checkpoint with full context preserved.
The agent supports multiple conversations per project. Each conversation is an independent session with its own context.
- Click the history button (clock icon) in the drawer header
- A Conversation History panel slides in showing all past conversations
Each conversation shows:
- Title (auto-generated from the first message)
- Status (active, completed)
- Agent running indicator
- Current phase
- Iteration count
- Timestamp
Click on any conversation to load it. The chat area updates with the full message history.
Click the delete icon on any conversation to remove it permanently.
Click the "New Conversation" button at the top of the history panel.
You can export any conversation as a Markdown report:
- Click the download button (download icon) in the drawer header
- The report is saved as a
.mdfile containing:- All user messages and agent responses
- Thinking/reasoning steps
- Tool executions with output
- Findings and recommendations
- Todo list states
The AI Agent uses a WebSocket connection for real-time communication.
| Icon | Status | Meaning |
|---|---|---|
| Green WiFi | Connected | WebSocket is active, agent is reachable |
| Red WiFi (crossed) | Disconnected | Connection lost — messages won't send |
If disconnected, the agent will attempt to reconnect. You can also try refreshing the page.
- Start with informational queries — ask the agent to summarize the attack surface before requesting exploits
- Be specific — "Exploit CVE-2021-41773 on 10.0.0.5:8080" works better than "hack the server"
- Use guidance — steer the agent if it's going in the wrong direction
- Check the todo list — it shows what the agent is planning and what's done
- Review tool output — expand tool execution cards to see raw output
- Use approval gates — keep them enabled until you're comfortable with the agent's behavior
Key settings that control agent behavior (configured in project settings > Agent Behaviour tab):
| Setting | Default | Description |
|---|---|---|
| LLM Model | claude-opus-4-6 | The AI model powering the agent |
| Max Iterations | 100 | Maximum reasoning-action loops |
| Approval for Exploitation | true | Require your approval before exploitation |
| Approval for Post-Exploitation | true | Require your approval before post-exploitation |
| Post-Exploitation Type | statefull | Meterpreter sessions vs. one-shot commands |
| Tool Output Max Chars | 20000 | Truncation limit for tool output |
Full configuration reference: Project Settings Reference > Agent Behavior
- Project Settings Reference — fine-tune every parameter
- AI Model Providers — configure different AI models for the agent
- Attack Surface Graph — understand the graph schema the agent queries
- EvoGraph — Attack Chain Evolution — how the agent's actions are tracked as persistent, evolutionary attack chains