v0.10 · Now in early access

Pentest at Machine Speed. No manual setup. No waiting.

PhantomRed chains Nmap, Nuclei, FFUF, and SQLMap automatically — then runs AI analysis on every finding. Built for bug bounty hunters and freelance pentesters who need results fast.

Start for free → Open dashboard

✓ 10 free scans/month · No credit card · Setup in 60 seconds

phantomred — zsh

phantom@red ~ phantomred --mode full --target testphp.vulnweb.com

────────────────────────────────────────────────

[recon] ✓ Subfinder: 4 subdomains discovered

[recon] ✓ httpx: 3 live hosts confirmed

[recon] ✓ theHarvester: 12 emails collected

────────────────────────────────────────────────

[scan] ✓ Nmap: 6 open ports, 2 risky services

[scan] ! Nuclei: 3 CVEs matched [1 HIGH, 2 MEDIUM]

[scan] ! FFUF: 5 hidden paths found

────────────────────────────────────────────────

[ai] → Llama 3 analyzing 9 findings...

[ai] ✓ SQLi confirmed on /search endpoint

[ai] ✓ Report saved → reports/scan_20260413.md

✓ Full pentest complete in 4m 12s

How it works

Three steps.
Zero manual effort.

Enter a target, confirm consent, and PhantomRed handles the rest — recon, scanning, and AI analysis in a single pipeline.

🎯

Recon & OSINT

Automated subdomain enumeration, live host discovery, and email harvesting across your target's entire attack surface.

subfinder amass httpx theHarvester

🔍

Vulnerability Scan

Port scanning, CVE matching against 10,000+ templates, directory brute-forcing, and SQL injection detection — running in parallel.

nmap nuclei ffuf sqlmap

🤖

AI Analysis & Report

Llama 3 8B analyzes every finding, decides follow-up probes, and generates a severity-sorted Markdown report with remediation steps.

Llama 3 8B ReAct agent Markdown

🛡️

Built with consent at the core

Every scan requires explicit confirmation that you own or have written permission to test the target. A hard blocklist blocks cloud providers, major platforms, and critical infrastructure — no exceptions. Unauthorized scanning is illegal and we enforce this strictly.

Features

Everything a
pentester needs.

From recon to report — the full offensive security workflow, automated. No stitching tools together manually.

⚡

Parallel Execution

All tools run concurrently via ThreadPoolExecutor. A full pentest that takes 30 minutes manually completes in under 5.

🧠

AI-Powered Analysis

Local Llama 3 8B reasons over every finding, prioritizes by exploitability, and decides which follow-up probes to run.

📋

Instant Reports

Severity-sorted Markdown reports with CVSS scores, affected hosts, and actionable remediation guidance — generated automatically.

🔗

Chained Pipeline

Recon feeds into scanning, which feeds into AI analysis. Findings from one stage automatically inform the next.

🖥️

CLI + Web Dashboard

Use the CLI for automation or the web dashboard for a visual interface. Both hit the same FastAPI backend.

📡

REST API Access

Full API with API key auth. Integrate PhantomRed into your own bug bounty workflow, CI pipeline, or scripts.

Pricing

Simple, honest pricing.

Start free. Upgrade when you need more scans. No hidden fees, no enterprise walls.

Free

$ 0 /month

For getting started and trying PhantomRed on your own targets.

10 scans per month
All scan modes (recon, scan, full)
AI analysis on every finding
Markdown report download
REST API access
Priority queue
Custom scan templates

Start free →

Start your first scan
in 60 seconds.

Free account. No credit card. 10 scans included.

✓ Check your inbox — or open the dashboard →

By signing up you agree to scan only targets you own or have explicit permission to test.

Pentest at Machine Speed. No manual setup. No waiting.

Three steps.Zero manual effort.

Everything apentester needs.

Simple, honest pricing.

Start your first scanin 60 seconds.

Three steps.
Zero manual effort.

Everything a
pentester needs.

Start your first scan
in 60 seconds.