3. Creating a Project
Projects are the core organizational unit in RedAmon. Each project represents a single target domain and contains all the configuration for how to scan, analyze, and test it. This page walks you through creating a project with the 12-tab configuration form.
- Make sure you have a user selected (see User Management)
- On the Projects page, click the "New Project" button in the top-right area
- You'll be taken to the New Project form at
/projects/new
The project form is organized into 12 tabs, each controlling a different aspect of the scanning and analysis pipeline. Default values are loaded automatically from the server — you only need to fill in the required fields and adjust what you want.
For the complete list of all 180+ parameters, see the Project Settings Reference.
This is the only tab with required fields. Everything else has sensible defaults.
| Field | Description |
|---|---|
| Project Name | A descriptive name for your assessment (e.g., "Example Corp Q1 2026") |
| Target Domain | The root domain to scan (e.g., example.com). RedAmon checks for conflicts with existing projects |
| Field | Default | Description |
|---|---|---|
| Subdomain Prefixes | (empty) | Specific subdomain prefixes to scan (e.g., www, api, mail). Leave empty to discover all subdomains automatically |
| Include Root Domain | true | Whether to include the root domain itself in the scan |
| Stealth Mode | false | Forces passive-only techniques. Disables active scanning, brute force, and GVM |
Optional feature to prove you own the target domain before scanning:
| Field | Default | Description |
|---|---|---|
| Verify Domain Ownership | false | Require a DNS TXT record proof before scanning starts |
| Ownership Token | (auto) | A unique token to place in a TXT record |
| TXT Record Prefix | _redamon |
The DNS record name prefix (e.g., _redamon.example.com) |
A hierarchical tree of modules you can enable/disable. Disabling a parent automatically disables all children:
Domain Discovery (root — always on)
└── Port Scan
└── HTTP Probe
├── Resource Enumeration (Katana, GAU, Kiterunner)
└── Vulnerability Scanning (Nuclei)
| Field | Default | Description |
|---|---|---|
| Update Graph Database | true | Auto-import results into Neo4j |
| Use Tor for Recon | false | Route all recon traffic through Tor |
| Use Bruteforce for Subdomains | true | Enable Knockpy active subdomain brute-forcing |
| WHOIS Max Retries | 3 | Retry attempts for WHOIS lookups |
| DNS Max Retries | 3 | Retry attempts for DNS resolution |
Controls how open ports are discovered on target hosts using Naabu. Key settings include scan type (SYN vs. CONNECT), top-N port selection, rate limiting, thread count, CDN exclusion, and passive mode via Shodan.
See Project Settings Reference > Port Scanner for all parameters.
Controls what metadata is extracted from live HTTP services. Over 25 toggles for probe types: status codes, content analysis, technology detection, TLS/certificate inspection, favicon hashing, JARM fingerprinting, and more.
See Project Settings Reference > HTTP Prober for all parameters.
Three tools for discovering web endpoints:
- Katana — active web crawling with configurable depth and URL limits
- GAU — passive URL discovery from web archives (disabled by default)
- Kiterunner — API endpoint brute-forcing with REST/GraphQL wordlists
See Project Settings Reference > Resource Enumeration for all parameters.
Template-based vulnerability scanning with 9,000+ templates. Controls severity filters, DAST mode, Interactsh for blind vulnerability detection, and template management.
See Project Settings Reference > Vulnerability Scanner for all parameters.
- CVE Enrichment — enrich findings with CVSS scores, descriptions, and references from NVD or Vulners
- MITRE Mapping — automatically map CVEs to CWE weaknesses and CAPEC attack patterns
See Project Settings Reference > CVE Enrichment for all parameters.
25+ individual toggle-controlled checks grouped into six categories:
- Network Exposure — direct IP access, WAF bypass detection
- TLS/Certificate — certificate expiry warning
- Security Headers — missing Referrer-Policy, Permissions-Policy, COOP, CORP, COEP, Cache-Control, CSP unsafe-inline
- Authentication — login forms over HTTP, insecure session cookies, Basic Auth without TLS
- DNS Security — missing SPF, DMARC, DNSSEC, zone transfer
- Exposed Services — admin ports, databases, Redis, Kubernetes API, SMTP open relay
See Project Settings Reference > Security Checks for all parameters.
Configure the GVM/OpenVAS network-level vulnerability scanner. Choose scan profiles (from Host Discovery to Full and very deep ultimate), target strategy, and timeout settings.
See Project Settings Reference > GVM Vulnerability Scan and the GVM Vulnerability Scanning guide.
GitHub Secret Hunting — configure GitHub API access for scanning repositories and gists for leaked secrets. Requires a Personal Access Token.
See GitHub Secret Hunting for a step-by-step setup guide.
Configure the AI agent that performs autonomous pentesting:
- LLM Model — select from 400+ models across 5 providers
- Phase Control — enable/disable post-exploitation, choose statefull vs. stateless mode
- Custom System Prompts — inject custom instructions per phase
- Payload Configuration — LHOST, LPORT, bind port, HTTPS toggle
- Agent Limits — max iterations, trace memory, tool output truncation
- Approval Gates — require user confirmation before exploitation/post-exploitation
- Retries & Logging — Cypher retries, log rotation settings
See Project Settings Reference > Agent Behavior for all parameters.
Configure attack path settings:
- CVE Exploit — payload configuration for CVE-based exploitation (configured in Agent Behaviour tab)
- Hydra Brute Force — threads, timeouts, extra checks, verbose output
- Phishing / Social Engineering — SMTP configuration for phishing email delivery. A free-text textarea where you can specify SMTP host, port, username, password, sender address, and TLS settings. The agent reads this when the phishing attack path is active. Leave empty to have the agent ask at runtime.
- Tool Phase Restrictions — matrix controlling which tools are available in each phase (Informational, Exploitation, Post-Exploitation)
See Project Settings Reference > Hydra Brute Force for all parameters.
Configure CypherFix automated vulnerability remediation:
-
GitHub Token — Personal Access Token with
reposcope for repository access -
Default Repository — target repository in
owner/repoformat -
Default Branch — base branch for fix branches (default:
main) -
Branch Prefix — prefix for auto-created branches (default:
cypherfix/) - Require Approval — pause before each code edit for human review
- LLM Model Override — use a specific model for CodeFix
See CypherFix — Automated Remediation for the full usage guide, and Project Settings Reference > CypherFix Configuration for all parameters.
Once you've configured your settings:
- Click the "Create Project" button at the bottom of the form
- RedAmon checks for domain conflicts (no two projects can target the same domain)
- If successful, the project is created and you're redirected to the Projects page
- Your new project appears as a card in the project grid
To modify a project's settings after creation:
- Go to the Projects page
- Click on the project card you want to edit
- You'll be taken to the project settings page (
/projects/{id}/settings) - Make your changes across any of the 11 tabs
- Click "Save" to apply
RedAmon prevents multiple projects from targeting the same domain. When you enter a target domain:
- The system checks against all existing projects (with a 500ms debounce)
- If a conflict is found, you'll see a warning message
- You cannot create or save a project with a conflicting domain
With your project created, head to the Graph Dashboard to explore the main interface, then run your first reconnaissance.