v0.10 · Now in early access

Pentest at Machine Speed. No manual setup. No waiting.

PhantomRed chains Nmap, Nuclei, FFUF, and SQLMap automatically — then runs AI analysis on every finding. Built for bug bounty hunters and freelance pentesters who need results fast.

Start for free → Open dashboard

✓ 3 free scans/month · No credit card · Setup in 60 seconds

⚡ PhantomRed vs Burp Suite → ⚡ PhantomRed vs Nessus →

phantomred — zsh

phantom@red ~ phantomred --mode full --target testphp.vulnweb.com

────────────────────────────────────────────────

[recon] ✓ Subfinder: 4 subdomains discovered

[recon] ✓ httpx: 3 live hosts confirmed

[recon] ✓ theHarvester: 12 emails collected

────────────────────────────────────────────────

[scan] ✓ Nmap: 6 open ports, 2 risky services

[scan] ! Nuclei: 3 CVEs matched [1 HIGH, 2 MEDIUM]

[scan] ! FFUF: 5 hidden paths found

────────────────────────────────────────────────

[ai] → Llama 3 analyzing 9 findings...

[ai] ✓ SQLi confirmed on /search endpoint

[ai] ✓ Report saved → reports/scan_20260413.md

✓ Full pentest complete in 4m 12s

How it works

Three steps.
Zero manual effort.

Enter a target, confirm consent, and PhantomRed handles the rest — recon, scanning, and AI analysis in a single pipeline.

🎯

Recon & OSINT

Automated subdomain enumeration, live host discovery, and email harvesting across your target's entire attack surface.

subfinder amass httpx theHarvester

🔍

Vulnerability Scan

Port scanning, CVE matching against 10,000+ templates, directory brute-forcing, and SQL injection detection — running in parallel.

nmap nuclei ffuf sqlmap

🤖

AI Analysis & Report

Llama 3 8B analyzes every finding, decides follow-up probes, and generates a severity-sorted Markdown report with remediation steps.

Llama 3 8B ReAct agent Markdown

The Platform

Your entire pentest,
in one dashboard.

Findings ranked by severity, AI-generated remediation steps, PDF reports, and an executive summary — ready the moment your scan completes.

phantomred.com/dashboard

Critical

High

Medium

Risk Score

CRITICAL SQL Injection via login parameter — unauthenticated RCE possible nuclei

HIGH Exposed .env file with database credentials ffuf

HIGH AWS API key found in JavaScript bundle js_scanner

MEDIUM TLS 1.0 still enabled — susceptible to POODLE attack nmap

+ AI remediation steps, CVSS scores, and PDF export on every finding

Features

Everything a
pentester needs.

From recon to report — the full offensive security workflow, automated. No stitching tools together manually.

⚡

Parallel Execution

All tools run concurrently via ThreadPoolExecutor. A full pentest that takes 30 minutes manually completes in under 5.

🧠

AI-Powered Analysis

Local Llama 3 8B reasons over every finding, prioritizes by exploitability, and decides which follow-up probes to run.

📋

Instant Reports

Severity-sorted Markdown reports with CVSS scores, affected hosts, and actionable remediation guidance — generated automatically.

🔗

Chained Pipeline

Recon feeds into scanning, which feeds into AI analysis. Findings from one stage automatically inform the next.

🖥️

CLI + Web Dashboard

Use the CLI for automation or the web dashboard for a visual interface. Both hit the same FastAPI backend.

📡

REST API Access

Full API with API key auth. Integrate PhantomRed into your own bug bounty workflow, CI pipeline, or scripts.

Why PhantomRed?

Stop stitching tools together.
Start finding bugs.

Burp Suite is powerful — if you have 3 hours to set up and run it manually. DIY scripts break. PhantomRed chains recon, scanning, and AI analysis in a single API call.

Burp Suite

✗ Manual setup and configuration
✗ No built-in AI analysis
✗ Proxy-based — requires local install
✗ No automated report generation
✗ Enterprise pricing starts at $449/yr

DIY / Manual

✗ Hours spent chaining Nmap + Nuclei + FFUF
✗ No unified report format
✗ Triage and analysis done manually
✗ No API — can't integrate into workflow
✗ Zero AI remediation guidance

YOU ARE HERE

PhantomRed

✓ Zero setup — scan in 60 seconds
✓ AI analysis on every finding
✓ Nmap + Nuclei + FFUF + JS scanner chained
✓ PDF + Markdown reports auto-generated
✓ Starts free — Pro at $29/month

Plan comparison

Feature	Free	Pro $29/mo	Enterprise $149/mo
Scans / month	3	75	Unlimited
Nmap + Nuclei + FFUF	✓	✓	✓
JS Secret Scanner	✓	✓	✓
AI Remediation on findings	✓	✓	✓
PDF + Markdown reports	✓	✓	✓
Executive Summary	✓	✓	✓
REST API Access	—	✓	✓
Subdomain enumeration	—	✓	✓
Priority support	—	—	✓

Start for free — no credit card →

Pricing

Simple, honest pricing.

Start free. Upgrade when you need more scans. No hidden fees, no enterprise walls.

Free plan includes 3 scans/month, resets on the 1st. No credit card required. Cancel anytime.
Not satisfied? First month fully refunded — no questions asked.

Free

$ 0 /month

For getting started and trying PhantomRed on your own targets.

3 scans per month
All scan modes (recon, scan, full)
AI analysis on every finding
Markdown report download
7-day report history
PDF & HTML reports
REST API access
Priority queue

Start free →

Start your first scan
in 60 seconds.

Free account. No credit card. 3 scans included.

✓ Check your inbox — or open the dashboard →

By signing up you agree to scan only targets you own or have explicit permission to test.

Pentest at Machine Speed. No manual setup. No waiting.

Three steps.Zero manual effort.

Your entire pentest,in one dashboard.

Everything apentester needs.

Stop stitching tools together.Start finding bugs.

Simple, honest pricing.

Start your first scanin 60 seconds.

Three steps.
Zero manual effort.

Your entire pentest,
in one dashboard.

Everything a
pentester needs.

Stop stitching tools together.
Start finding bugs.

Start your first scan
in 60 seconds.