DEV Community

Autonomous pentesting against Active Directory, without the black box

Active Directory is where most internal compromises happen and where most AI tools give up. Darkmoon runs the AD attack path autonomously and shows every step.

Why AD is hard for AI

AD attack paths are stateful and multi-step. A single prompt cannot hold the whole graph. You need an agent loop that enumerates, reasons, and pivots while keeping state.

Playbooks as the state engine

In Darkmoon, the AD methodology is a Markdown playbook you can read and fork. The agent follows it, the proxy keeps the state, and every tool call is explicit.

From foothold to domain

The agent enumerates with BloodHound-style logic, identifies attack paths, and executes them with real tools, attaching the output of each step.

Auditable by design

Because the method is a file and the execution is logged, a reviewer can follow exactly how the domain fell.

Try it

Run it on GOAD and read the generated attack path end to end.

Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.

Comments

No comments yet. Start the discussion.