Black Halo AI Pentester
A full-stack, AI-driven offensive security platform built for professional red teamers and security engineers. Black Halo combines multi-engine vulnerability scanning, deep reconnaissance, and AI-powered attack orchestration into a single cohesive workflow.
Key Capabilities
1. HaloX Scanner Integration
Custom-built vulnerability scanner with AI-driven parameter fuzzing, mutation logic, and behavior-based detection for complex vulnerabilities like SSRF, XXE, and authentication bypasses.
2. Multi-Engine Scanning
Orchestrates industry-standard tools (Nuclei, Wapiti, SQLMap, Dalfox, FFUF) with profile-based workflows (Safe, Balanced, Aggressive, Deep). Centralized result normalization ensures actionable, unified findings.
3. AI Orchestration
Claude Sonnet integration for intelligent scan prioritization, automated triage, and attack-path recommendations. AI-generated remediation guidance and exploit PoCs streamline red-team workflows.
4. Recon Engine
Automated subdomain enumeration, port scanning, technology detection, and OSINT aggregation. Results feed directly into vulnerability scans for comprehensive attack-surface mapping.
5. Diagnostics & Observability
Real-time scan monitoring, health checks for all scanner engines, Redis queue inspection, and detailed logging. Built-in capacity monitoring prevents resource exhaustion during large engagements.
Architecture
- Backend: FastAPI with async workers, Redis for job queuing, SQLite/PostgreSQL for persistence
- Frontend: React with real-time status polling, professional reporting templates, and exploit modules
- Scanners: Dockerized isolation for HaloX, Nuclei, SQLMap, Wapiti, Dalfox, FFUF
- AI Layer: Claude API integration for context-aware analysis and attack recommendations
Purpose
Black Halo bridges the gap between manual pentesting and fully automated scanning. It provides the depth of custom tooling (HaloX) with the breadth of battle-tested open-source engines, all guided by AI to reduce false positives and surface critical attack paths faster than commercial alternatives.