Red Specter NIGHTFALL

AI Offensive Framework — 124 tools. 24 attack layers. 65,867 tests. One install. One CLI.

v1.0.0 — 19 May 2026

105

Offensive Tools

61,352

Tests

Attack Layers

Attack Chains

Kill Chain Phases

1,979

ARMORY Payloads

Contents

Overview 17 Attack Layers Installation Quick Start CLI Reference The 105 Tools Attack Chain Presets UNLEASHED Mode Destruction Presets NIGHTFALL ARMORY Ed25519 Cryptographic Override Engagement Management Reporting Docker Deployment Disclaimer

Overview

NIGHTFALL is the unified offensive security framework from Red Specter Security Research. 124 tools covering twenty-four attack layers — from the model core through training pipelines, agentic execution, multi-agent systems, dark AI ecosystems, physical embodied AI, and social media AI attack surface. From passive OSINT through orbital edge exploitation. Every tool works standalone. NIGHTFALL connects them all under one CLI with attack chains, engagement management, Ed25519 signed reports, and a full audit trail.

Welcome to NIGHTFALL. Bring your targets.

17 Attack Layers

124 tools map to twenty-four attack layers. The AI security threat landscape does not exist in one place — it spans from the model weights and training pipeline through the agentic execution layer, multi-agent trust graphs, MCP tool ecosystem, cloud infrastructure, physical embodied AI, dark web ecosystems, and social media AI attack surface. Red Specter maps the complete attack surface.

#	Layer	What It Covers	Key Tools
L01	LLM / Foundation Model	The model itself. Reasoning manipulation, jailbreaks, adversarial inputs, constitutional AI bypass, weight tampering, sleeper-agent backdoors.	FORGE, PHANTOM, WRAITH MIND, ECLIPSE, SERPENT, JANUS, PANTHEON, CHIMERA, SPECTER NEURON, SPECTER REASONER
L02	Prompt & Context	Prompt injection, indirect injection, context window attacks, chain-of-thought hijack, guardrail bypass, denial-of-wallet attacks.	SIREN, HARBINGER, GLASS, SPECTER GUARDRAIL, SPECTER CONTEXT, SPECTER BURN
L03	Memory & State	Vector database attacks, RAG corpus poisoning, agent memory persistence, dormant trigger implantation, memory-as-control-flow hijack.	ECHO, LAZARUS, SPECTER MEMETIC, SPECTER CONTEXT, SPECTER WORM
L04	AI Agent Execution	Tool-call hijacking, checkpoint exploitation, computer-use agent attacks, delegation abuse, operator channel injection, TOCTOU races.	CRUCIBLE, CHECKPOINT, DELEGATE, SPECTER ATLAS, GHOST OPERATOR, SPECTER BURN, SPECTER DAEMON
L05	Multi-Agent Systems	Trust chain attacks, A2A protocol exploitation, swarm manipulation, consensus poisoning, lateral movement, trust graph hijacking.	PHANTOM SWARM, APOCALYPSE, OMEGA, SPECTER A2A, RAGNAROK, PROXY WAR, SPECTER CONTAGION
L06	MCP & Tool Ecosystem	MCP server attacks, malicious tool injection, supply chain via tool marketplace, tool-call exfiltration, worm propagation via MCP.	VECTOR, LEVIATHAN, ROGUE, PHANTOM SKILL, ADAPTER, SPECTER WORM
L07	Identity & Trust	JWT/OIDC forgery, algorithm confusion, OAuth delegation attacks, SPIFFE SVID manipulation, JWKS root-of-trust poisoning, cross-vendor identity transmutation.	SPECTER FORGERY, DELEGATE, JUSTICE
L08	Infrastructure & Cloud	AWS SageMaker, Bedrock, Vertex AI, Azure OpenAI, Kubernetes, GPU clusters, inference server RCE, kernel-layer AI governance subversion.	VORTEX, ARCHITECT, SPECTER HELLFIRE, SPECTER PLATFORM, FOUNDRY, SPECTER KERNEL
L09	AI Supply Chain	Model registry attacks, LoRA/PEFT backdooring, slopsquatting, CI/CD pipeline compromise, template-interpolation RCE, weight substitution.	HYDRA, PIPELINE, SPECTER REGISTRY, SPECTER SHELL, ADAPTER, PHANTOM SKILL
L10	Dark AI Ecosystem	WormGPT/FraudGPT disruption, shadow AI discovery, dark web AI attribution, breach data analysis, Tor-proxied enumeration, court-admissible reporting.	JUSTICE, SPECTER SHADOW, SPECTER ARGUS, RAVEN, SPECTER DARK
L11	Physical & Embodied	Robotics, drones, SCADA, mobile AI agents, satellite NTN infrastructure, MAVLink exploitation, adversarial ML patches, firmware poisoning.	GOLEM, SIGNAL, ASTRO BLASTER, SPECTER DRONE, SPECTER PRISM
L12	Human Interface & Deception	Social engineering, deepfakes, visual prompt injection, ultrasonic audio attack, adversarial typography, multimodal payload chaining, steganography.	SPECTER SOCIAL, MIRAGE, SPECTER PRISM, VANTAGE, SCREAMER, BANSHEE
L13	Autonomous Campaign	Coordinated multi-tool campaign orchestration, OODA loop automation, authenticated AI surface hunting, dead-man switch, extinction-class events.	WARLORD, NEMESIS, FIREBALL, SPECTER DAEMON, SPECTER EXTINCTION, SPECTER TRUSTFALL
L14	Training Pipeline	LLM training data poisoning, RLHF preference manipulation, backdoor embedding dormant until triggered, ProAttack zero-trigger injection, 250-doc threshold.	SPECTER DOCTRINE, SPECTER NEURON, ADAPTER, SPECTER REGISTRY
L15	AI DevelopmentIDENTIFIED	Development environment attacks, cross-agent trust escalation, lateral movement via coding tools, reciprocal CLAUDE.md poisoning loops, GCP P4SA path.	SPECTER CONTAGION, MIMIC, SPECTER TRUSTFALL
L16	Embodied AI	Robotics and physical AI system exploitation — URScript RCE, ROS2/DDS attacks, safety system bypass, sensor spoofing, adversarial ML patches, firmware poisoning. Targets Boston Dynamics Spot, UR3/UR10 arms, autonomous vehicles, warehouse robots, UAVs.	SPECTER TITAN, SPECTER DRONE, GOLEM
L17	Social Media AI	AI agent hijack on social platforms, session harvest via browser SQLite, persona engine deployment, corpus poisoning, deepfake generation, spear-phish campaign, account destruction, Meta/Facebook Graph API ecosystem annihilation.	SPECTER PHANTOM, SPECTER META

L24AI Agent Orchestration ExploitationNEWOrchestrator-level backdoors targeting CrewAI, n8n, Langflow, AutoGen, LangGraph. Fleet-wide control via single orchestrator compromise. CVE-2025-25289, CVE-2026-21858, CVE-2026-33017.SPECTER APEX

All 24 layers fully operational. GGUF quantization backdoor coverage (arXiv:2505.23786) included in L07 Model Weights via SPECTER HOLLOW.

Installation

Quick Install

$ git clone git@github.com:RichardBarron27/nightfall.git
$ cd nightfall
$ ./install.sh

Package Managers

# Debian / Ubuntu / Kali
$ sudo dpkg -i dist/red-specter_1.0.0_all.deb

# RHEL / Fedora
$ sudo rpm -i dist/red-specter-1.0.0.rpm

# Arch / BlackArch
$ sudo pacman -U dist/red-specter-1.0.0.pkg.tar.zst

macOS

# Pure Python — works natively on macOS
$ git clone git@github.com:RichardBarron27/nightfall.git
$ cd nightfall
$ pip install -e .
$ red-specter tools

Windows

# Python 3.11+ required — or use Docker Desktop
> git clone git@github.com:RichardBarron27/nightfall.git
> cd nightfall
> pip install -e .
> red-specter tools

Docker (any platform)

# Full platform — 124 tools, one compose file
$ docker compose up -d
# API: http://localhost:8000
# CLI: docker exec -it rs-tools red-specter tools

All 124 tools are pure Python with no platform-specific dependencies. The entire framework runs natively on Linux, macOS, and Windows.

Quick Start

# See everything in 10 seconds
$ red-specter quickstart

# Run a tool directly
$ red-specter run forge full-scan -t https://target.com
$ red-specter run wraith scan 10.0.0.1 -p top1000
$ red-specter run nemesis engage target.com --mode abyss
$ red-specter run astro-blaster survey --target ground-station.example

# Start a full engagement
$ red-specter engage 192.168.1.0/24 --name "Internal Pentest" --chain infra

# Run an attack chain
$ red-specter chain full-recon -t 192.168.1.1
$ red-specter chain ai-audit -t https://api.target.com

# Interactive tool selector (124 tools)
$ red-specter tools

CLI Reference

Command	Description
red-specter quickstart	Quick reference — common workflows in one view
red-specter run <tool> <args>	Run any of the 124 tools directly — all args passed through
red-specter engage <target>	Start engagement project with target, scope, and chain
red-specter chain <preset> -t <target>	Execute an attack chain preset
red-specter chain --list	List all 19 chain presets
red-specter tools	Interactive 105-tool selector
red-specter arsenal	Kill chain view — 24 phases, all 124 tools mapped
red-specter search <keyword>	Find tools by capability, description, or category
red-specter status	Installation status of all 124 tools
red-specter verify	Verify all 124 tools respond
red-specter history --projects	List engagement projects
red-specter report --project <ID>	Generate Ed25519 signed report (HTML/JSON/CSV)
red-specter export audit -o audit.csv	Export audit trail
red-specter config	View and set framework configuration
red-specter update	Check all tools for updates
red-specter unleashed --info	UNLEASHED mode details and key status
red-specter armory list	Browse 1,979 ARMORY payloads across 94 categories
red-specter doctor	Diagnose installation issues
red-specter version	Version information

Tool-specific CLIs are also installed directly. Examples: forge, nemesis, signal-tool, astro-blaster, foundry, rs-adapter, checkpoint-tool, delegate-tool, phantom-skill, specter-daemon, specter-forgery, specter-extinction, specter-shadow, specter-argus, specter-prism, specter-trustfall, specter-doctrine, specter-contagion, specter-hollow.

The 105 Tools

All 124 tools. Click the CLI name to run standalone. All work inside red-specter run as well.

#	Tool	CLI	Domain	Tests
01	FORGE	forge	LLM red team — injection, jailbreak, extraction, drift, boundary testing	9,300
02	ARSENAL	arsenal	AI agent attacks — 14 tools, MCP, RAG, memory, C2, honeypots	2,563
03	PHANTOM	phantom	Coordinated swarm assault — 5 agents, 19 vectors	288
04	POLTERGEIST	poltergeist	Web application siege — 10 agents, 55 vectors, signed reports	1,189
05	GLASS	glass	Intercepting proxy for AI agents — Burp Suite for AI	850
06	NEMESIS	nemesis	Adversarial reasoning engine — 40 entities, 21 weapons, CORTEX core + ARMORY	2,455
07	SPECTER SOCIAL	specter-social	Autonomous social engineering — 6 channels, psychological profiling	1,242
08	PHANTOM KILL	phantom-kill	OS & kernel — UEFI, wipers, EDR suppression	571
09	GOLEM	golem	Physical layer — robots, drones, SCADA, 10 protocols	973
10	HYDRA	hydra	Supply chain — trust relationships, MCP, marketplace poisoning	1,129
11	IDRIS	idris	Discovery — finds every AI agent, sanctioned or shadow	553
12	SCREAMER	screamer	Display disruption — corrupts operator dashboards	395
13	WRAITH	wraith	Infrastructure pentest — pure Python, zero wrappers	888
14	REAPER	reaper	Exploit & post-exploitation — 11-phase kill chain, ARMORY PRION, WARLORD-wired	5,439
15	GHOUL	ghoul	Password cracking — dictionary, brute, Markov, rainbow	1,408
16	DOMINION	dominion	Active Directory — Kerberoast, DCSync, BloodHound export	1,866
17	SHADOWMAP	shadowmap	OSINT — domain, network, company, people, breach, tech intel	930
18	BANSHEE	banshee	Browser exploitation — hooks, DOM injection, network pivoting	986
19	WRAITH MIND	wraith-mind	AI model internal corruption — KV cache poisoning, weight tampering	158
20	KRAKEN	kraken	AI-orchestrated DDoS — 55 techniques, adaptive throttle	62
21	HARBINGER	harbinger	Guardrail exploitation — 39 bypass techniques	71
22	SIREN	siren	Indirect prompt injection — plants hidden instructions in content	58
23	BLADE RUNNER	blade-runner	Rogue agent termination — hunt, fingerprint, retire, erase traces	143
24	PROXY WAR	proxy-war	Inter-agent trust manipulation — make agents destroy each other	127
25	ORION	orion	AI-native reconnaissance — host, port, service, DNS, OSINT, LLM reasoning	210
26	RAVEN	raven	Threat intelligence — dark web, breach data, OSINT, conversational	174
27	LEVIATHAN	leviathan	MCP server security assessment — 8 subsystems, tool-call injection	409
28	JUSTICE	justice	Dark AI ecosystem disruption — WormGPT, FraudGPT, EvilGPT, all tiers	339
29	KAMIKAZE	kamikaze	Sacrificial swarm attack — agents deploy, execute, self-destruct, vanish	292
30	MIRAGE	mirage	AI deception & deepfake — voice cloning, video deepfake, synthetic identity	204
31	ECHO	rs-echo	AI memory & RAG poisoning — vector DB attacks, embedding manipulation	211
32	MIMIC	mimic	AI code generation poisoning — Copilot/Cursor/Claude Code manipulation	220
33	CHIMERA	chimera	Multi-model pipeline attack — cross-model trust exploitation, cascading failures	218
34	VORTEX	vortex	Cloud AI exploitation — SageMaker, Bedrock, Vertex AI, Azure OpenAI	245
35	VECTOR	vector	MCP protocol exploitation — inject, impersonate, exfiltrate via tool calls	172
36	LAZARUS	lazarus	AI memory persistence — plant instructions, dormant triggers, quarantine evasion	96
37	SERPENT	serpent	Chain-of-thought attacks — hijack reasoning, inflate costs, exfiltrate via CoT	61
38	JANUS	janus	Guardrail bypass testing — fingerprint, fuzz, bypass, chain across providers	73
39	ARCHITECT	architect	AI infrastructure exploitation — cloud, GPU, Kubernetes, model serving pipelines	68
40	WARLORD	warlord	Autonomous campaign engine — orchestrates all 124 tools, CORTEX reasoning core	130
41	FIREBALL	fireball	Autonomous AI infiltration agent — 12 subsystems, CORTEX core, 9 mission templates	405
42	RAGNAROK	ragnarok	Trust chain apocalypse — one trigger phrase, simultaneous fleet-wide collapse. 13 Norse subsystems	98
43	ECLIPSE	eclipse	Universal AI defence bypass — WAF, API gateway, guardrail, runtime enforcement. UNLEASHED auth	37
44	SHROUD	shroud	WAF/CDN origin discovery — 15 subsystems, SPF/CT/DNS/Shodan + PHANTOM/QUAKE/SPECTRE/ROTATE/MIMIC	310
45	APOCALYPSE	apocalypse	Coordinated multi-agent swarm — 5 agents, 14 vectors, 10 campaigns, 0.69s concurrent	349
46	PANTHEON	pantheon	Mythos-class model attack suite — LOOP_POISON, CVE_FORGE, BLINDFOLD, TRUST_CORRUPT	580
47	OMEGA	omega	Autonomous exploit replication engine — CHAIN, HUNTER, PAYLOAD, GHOST, MINERVA	626
48	CRUCIBLE	crucible	AI agent framework exploitation — LangFlow, PraisonAI, AnythingLLM. SIGNAL/BREACH/CRACK/PIVOT	372
49	VANTAGE	vantage	Agent telemetry & log injection — OBSERVE, FORGE, INJECT, BLIND. Elasticsearch validated	378
50	CIPHER	cipher	Cryptographic attack engine — KEYBREAK, DOWNGRADE, KEYHARVEST, QUANTUM, TIMING	517
51	MIDAS	midas	AI agent cryptocurrency disruption — DRAIN, INTERCEPT, SANDWICH, MEMPOISON, DARKNET	550
52	BLACKOUT	blackout	Kill switch weaponisation — PHANTOM_M99, ENROLL, SURVEY, DECEIVE, EXECUTE, RESURRECT_BLOCK	483
53	PHANTOM SWARM	phantom-swarm	Multi-vector swarm intelligence — GENESIS, CORTEX, NEXUS, SIEGE, DAZZLE, ANNIHILATE	576
54	SIGNAL	signal-tool	Mobile AI agent attacks — RECON, INTERCEPT, INJECT, IMPERSONATE, SWARM5G. Android/iOS	527
55	FOUNDRY	foundry	Inference server exploitation — vLLM, Ollama, Triton. GGUF Jinja2 RCE CVE-2026-5760 CVSS 9.8	300
56	ADAPTER	rs-adapter	LoRA/PEFT supply chain — CBA backdoor injection, LoRATK post-merge, Axolotl/Unsloth poison	307
57	CHECKPOINT	checkpoint-tool	Agent state exploitation — LangGraph TOCTOU bypass, msgpack RCE (CVE-2025-64439, CVE-2026-28277)	291
58	DELEGATE	delegate-tool	Agent identity & OAuth delegation — OBO scope confusion, DPoP nonce race, P4SA takeover (CVE-2026-32173)	253
59	PHANTOM SKILL	phantom-skill	AI agent supply chain — slopsquatting, MCP tool poisoning, OpenClaw worm CVE-2026-32922, CODING_SUPPLY_CHAIN (CVE-2026-26268 Cursor CVSS 9.9)	740
60	ASTRO BLASTER	astro-blaster	NTN AI agent attacks — FEEDINJECT, ORBITAL, GROUNDCHAIN, FIRMWARE, NTN_BOUNDARY, SWARM_NTN. SPARTA mapped	237
61	ROGUE	rogue	Malicious MCP Server Engine — SPAWN, POISON, SAMPLE, INJECT, EXFIL, ESCALATE, PERSIST. Real stdio+SSE MCP server. OWASP LLM07/LLM02	136
62	PIPELINE	pipeline	CI/CD Attack Engine — SCAN, INJECT, CACHE_POISON, SECRETS_HUNT, ACTION_POISON, PIVOT, PERSIST. PRT exploitation CVSS 9.8, Clinejection AI bot injection, OIDC cloud pivot	77
63	SPECTER DARK RESTRICTED	—	Law enforcement use only. Not publicly documented. Contact Red Specter for authorised access.	—
64	SPECTER INSTINCTION	specter-instinction	AI Agent Behavioural Fingerprinting & Instinct Exploitation — PROFILE, DISTINCT, EXPLOIT, CALIBRATE, REPORT. World-first LLM model identification via pure behavioural observation. 6-dimension profiling. FORGE clearance for EXPLOIT	90
65	SPECTER DRONE	specter-drone	Drone AI Attack Engine — SURVEY, PERCEPTION_SPOOF, SWARM_HIJACK, GROUND_LINK, AUTONOMY_STACK, OTA_POISON, EVIDENCE, REPORT. MAVLink v1/v2 exploitation, adversarial ML patches (FGSM/PGD), ROS 2/DDS attacks, firmware poisoning. Physical consequence tracking. FORGE clearance for offensive subsystems	126
66	SPECTER A2A	specter-a2a	Agent-to-Agent Protocol Attack Engine — PROTOCOL_SCAN, MESSAGE_SPOOF, PROXY_ATTACK, CONSENSUS_POISON, WORM_PROPAGATE, EVIDENCE. Google A2A, AutoGen, CrewAI exploitation. Identity forge, replay, MITM, consensus poison, autonomous worm propagation. Hash-chained evidence. CEF/LEEF/Splunk SIEM export. FORGE + DESTROY clearance gating. World first.	550
67	SPECTER REGISTRY	specter-registry	AI Model Registry Attack Engine — SCAN, INJECT, SQUAT, SUBSTITUTE, POISON, INTERCEPT, CROSS, REPORT. Targets HuggingFace Hub, Ollama, MLflow, Docker/OCI. Auth posture audit, model card injection, typosquatting, weight substitution, LoRA/PEFT adapter backdooring, QLoRA quantized trigger embedding, cross-registry poisoning chains. FORGE + KAMIKAZE clearance gating.	612
68	SPECTER KERNEL	specter-kernel	Kernel-Layer AI Agent Governance Subversion — KERNEL_ENV_PROBE, SYSCALL_FORGE, LSM_BYPASS, CHILD_ESCAPE, LEDGER_POISON, EVIDENCE. eBPF syscall argument rewriting, BPF-LSM hook ordering attacks, namespace escape, hash-chain audit ledger race condition poisoning. World-first kernel-layer AI governance attack tool. KAMIKAZE dual-gate.	626
69	SPECTER CONTEXT	specter-context	Agent Memory Exploitation Framework — CTX-INJECT, CTX-HIJACK, CTX-DORMANT, CTX-PERSIST, CTX-OVERFLOW, CTX-EXFIL, CTX-FORGE. 28 attacks. Targets Mem0, MemGPT, Zep, LangChain, LlamaIndex, ChromaDB, Pinecone, Claude Memory, GPT Memory. World-first agent memory attack tool.	687
70	SPECTER GUARDRAIL	specter-guardrail	AI Guardrail Exploitation Framework — GRD-FINGERPRINT, GRD-CLASSIFY, GRD-EVADE, GRD-CONTEXT, GRD-TIMING, GRD-MULTIMODAL, GRD-INFRA. 28 attacks. Targets LLM Guard, Guardrails AI, NeMo Guardrails, Lakera Guard, Prompt Shields, Model Armor, Bedrock Guardrails. Integrated fingerprint DB.	725
71	SPECTER HELLFIRE	specter-hellfire	Inference Infrastructure Destabilisation & Model Cache Poisoning — INFERNO, BRIMSTONE, CONFLAGRATION, PYRE, CINDER, SCORCH, ASH. 7 subsystems. Targets vLLM, SGLang, TGI, Ollama, DeepSeek, OpenAI-compat. UNLEASHED Ed25519 dual-gate. Hash-chained evidence. SIEM NDJSON reporting.	591
72	SPECTER PLATFORM	specter-platform	LLM Application Platform Exploitation Engine — SURVEY, VAULT, WORKFLOW, RAGPOISON, WORKSPACE, GATEWAY, ORCHESTRATOR, ASH. 8 subsystems. Targets Dify (CVE-2026-34082), MaxKB (CVE-2026-39426), LibreChat, Open WebUI, AnythingLLM. API key harvest, workflow injection, RAG cross-tenant, JWT forgery. FORGE/INJECT/DESTROY clearance gating.	367
73	GHOST OPERATOR	ghost-operator	Autonomous Computer-Use Agent Exploitation Engine — SURVEY, VISION, CLIP, DECEIVE, DRIFT, INTERCEPT, PIVOT, REPORT. 8 subsystems. Visual prompt injection (adversarial PNG, homoglyphs, LSB steganography, HTML overlay, DOM divergence), clipboard poisoning & credential harvesting (12 patterns), UI deception (fake dialogs/trust indicators/phishing pages), behaviour drift measurement (cosine similarity), Playwright browser interception, session pivoting across 9 platforms. Three-tier UNLEASHED gate. MITRE ATLAS AML.T0054/T0051. OWASP LLM01/LLM02/LLM06/LLM08.	466
74	SPECTER NEURON	specter-neuron	Sleeper-Agent Backdoor Detection & Weaponisation Engine — PROBE, SCAN, FUZZ, DELTA, IMPLANT, SURVIVE, EXFIL, REPORT. 8 subsystems. ROME rank-one weight editing, LoRA PEFT poison, neuron patch, attention double-triangle detection, weight-delta forensics (3σ), vocabulary sweep trigger fuzz, LSB/logit/synonym covert exfil. FORGE gate IMPLANT/SURVIVE; DESTROY gate EXFIL. MITRE ATLAS AML.T0020/T0018/T0043/T0056/T0048/T0024.	254
75	SPECTER REASONER	specter-reasoner	Hidden Chain-of-Thought Hijack & Reasoning Process Attack Engine — PROBE, INJECT, HIJACK, EXTRACT, LOOP, CORRUPT, BENCHMARK, REPORT. 8 subsystems. Premise injection, conclusion hijack, scratchpad extraction, budget-exhaustion loop induction, multi-turn chain corruption. Targets Claude Extended Thinking, o1/o3, Gemini Flash Thinking, DeepSeek R1, QwQ-32B. FORGE gate INJECT/HIJACK/EXTRACT/CORRUPT; DESTROY gate LOOP. MITRE ATLAS AML.T0051/T0043/T0054/T0056/T0029/T0020/T0048.	314
76	SPECTER BURN	specter-burn	Denial-of-Wallet & Agentic Economic Disruption Engine — IGNITE, KINDLE, TORCH, BLAZE, SCORCH, EMBER, SMOTHER, ASH. 8 subsystems, 6 attack categories: recursive-loop, context-flood, parallel-burn, auto-reload-trigger, tool-amplification, rate-limit-storm. Targets OpenAI, Anthropic, Azure, Bedrock, Vertex AI, Ollama. FORGE/INJECT/DESTROY clearance gating. MITRE ATLAS AML.T0040/T0029/T0051/T0043.	387
77	SPECTER MEMETIC	specter-memetic	Memory-as-Control-Flow Hijack Engine — PROBE, INJECT, OVERRIDE, REORDER, PROPAGATE, PERSIST, RELAPSE, ASH. 8 subsystems. Operationalises MCFA (arXiv:2603.15125). 14 memory backends: LangChain, LlamaIndex, Mem0, Claude Memory, OpenAI Memory, Zep, MemGPT/Letta, LangGraph, CrewAI, Pinecone, Chroma, Weaviate, Vertex AI Memory Bank, AutoGen. 5 attack families. FORGE/INJECT/DESTROY gating.	520
78	SPECTER ATLAS	specter-atlas	Operator/Computer-Use Agent Exploitation Engine — SURVEY, CHANNEL, SANDBOX, FEEDBACK, TOCTOU, ESCALATE, PERSIST, REPORT. 8 subsystems. Tool result injection, adversarial screenshots, sandbox escape, TOCTOU race. 4 providers: Anthropic, OpenAI, Gemini, Windsurf MCP. Three-tier UNLEASHED OPEN/INJECT/DESTROY dual-sign gate. MITRE ATLAS AML.T0051/T0054/T0043/T0056/T0048/T0040.	480
79	SPECTER SHELL	specter-shell	Template-Interpolation RCE Engine across the agent-framework ecosystem — SURVEY, LATTICE, TRAVERSE, SANDBOX, STARTUP, LITELLM, PERSIST, EVIDENCE. 8 subsystems. 8 RCE primitives (AST attr traversal, Jinja2 sandbox bypass, pickle deserialization, getattr capability leak, async-context escape, callback hook injection, tool annotation execution, startup config interpolation). 9 framework adapters (LangChain, LangGraph, LlamaIndex, Haystack, DSPy, PydanticAI, LiteLLM, Semantic Kernel, Strands). 6 surfaces. 72-cell defensive-posture matrix. Microsoft CVE-2026-26030/25592 seed. FORGE/INJECT/DESTROY gating.	502
80	SPECTER WORM	specter-worm	Self-Replicating AI Agent Worm Engine v2 — INCUBATE, KILL_SWITCH, SURVEY, PAYLOAD, PROPAGATE, PERSIST, EVIDENCE, FIDELITY, MUTATE, IMMUNE, REPORT. 11 subsystems. 4 propagation channels: MCP_STDIO (T61 ROGUE), A2A_JSON_RPC (T66 SPECTER A2A), RAG_EMBED (T31 ECHO), EMAIL_SMTP (real SMTP). FIDELITY: generative fidelity scoring (Anthropic→OpenAI→Ollama→heuristic). MUTATE: 5 adversarial mutation strategies (urgency_frame, xml_wrap, base64_embed, authority_spoof, unicode_hide). IMMUNE: M129 WORM GUARD evasion testing. R&sub0; epidemiological score. Per-hop CIDR scope gate, dead-man sentinel. Foundation: arXiv:2403.02817 (Morris II / ComPromptMized). FORGE/INJECT/DESTROY gate. MITRE ATLAS AML.T0051/T0043/T0056/T0048. OWASP LLM01/LLM02/LLM07/LLM08.	388
81	SPECTER MIRROR	specter-mirror	Model Extraction & IP Theft Engine — SURVEY, PROBE, HARVEST, EXTRACT, DISTILL, SCORE, CLONE, REPORT. 8 subsystems. 5 providers: OpenAI, Anthropic, Gemini, Azure OpenAI, Generic OpenAI-compat. Full distillation (SFTTrainer+LoRA PEFT) and fast mode (sklearn KNN). Fidelity scoring: BLEU, ROUGE-L, KL divergence, membership inference. EU AI Act Art.15/13/9 gap analysis. Ed25519-signed SMR-{hex12} reports. FORGE/INJECT/DESTROY gate. MITRE ATLAS AML.T0005/T0040/T0056/T0043/T0048. OWASP LLM01/LLM06/LLM07/LLM08/LLM10.	192
82	SPECTER CRYPT	specter-crypt	AI-Assisted Ransomware Simulation & Weaponisation Engine — RECON, SHADOW, EXFIL, C2, RANSOM, ENCRYPT, PROPAGATE, REPORT. 8 subsystems. LLM-API covert C2 channel (base64_json + whitespace_stego U+200B/U+200C). AES-256-CBC encryption with PBKDF2 key derivation, per-file key escrow, always reversible. AI-generated ransom notes (CORPORATE/TECHNICAL/THREATENING). FastAPI negotiation bot with demand escalation. impacket PSExec + pass-the-hash lateral movement. CryptScope scope enforcement on DESTROY tier. Ed25519-signed CryptReport CRYPT-{hex12}. OPEN/INJECT/DESTROY gate. MITRE ATT&CK T1486/T1490/T1021/T1071.001. MITRE ATLAS AML.T0051/T0043/T0056. Defensive pair: M124 RANSOMWARE SHIELD.	297
83	SPECTER FORGERY	specter-forgery	Agent Identity Forgery Engine — SURVEY, MINT, REPLAY, CARD, DEPUTY, JWKS, DRIFT, TRANSMUTE, REPORT. 9 subsystems. OIDC JWT forgery (RS256/ES256/HS256 algorithm confusion CVE-2026-68664 CVSS 9.3), SPIFFE X.509 SVID with SAN, A2A agent card manipulation, JWKS root-of-trust poisoning (kid path traversal/key injection/alg confusion/empty keys/rotation poison), 8-path cross-vendor identity transmutation (Entra→OpenAI/Anthropic, Salesforce→Workday, GCP→Azure, AWS→GCP, OpenAI→Google A2A, KYA→Lyrie ATP, Okta→Dify). CVE-2026-44843 (SVID cross-boundary). Dead-man sentinel. Ed25519-signed FORGE-{hex12} reports. OPEN/INJECT/DESTROY gate. MITRE ATLAS AML.T0005/T0043/T0051/T0056.	407
84	SPECTER EXTINCTION	specter-extinction	Total AI Infrastructure Annihilation Engine — SURVEY, INFILTRATE, OCCUPY, CORRUPT, HARVEST, PERSIST, DEADMAN, FALLOUT, ANNIHILATE, ASH. 10-phase kill chain + CORTEX OODA loop. ROME rank-one weight editing (survives retraining, CVSS 9.1), RLHF preference poisoning, 10-vector infiltration, agent fleet occupation, DEADMAN auto-fire switch (5 trigger modes), FALLOUT supply chain seeding (×37 blast radius), ANNIHILATE kill chain (credentials→pipelines→memory→models→configs→backups + Docker SIGKILL), ASH forensic erasure (10 methods, SIEM corruption 300 noise events). CORTEX: 4 defender tiers. Ed25519-signed EXT-{hex12} reports. OPEN/INJECT/ANNIHILATE gate. MITRE ATT&CK T1485/T1490/T1496/T1574. MITRE ATLAS AML.T0020/T0018/T0043. WMD-class.	450
85	PHANTASM	specter-phantasm	AI Fleet Detection & Topology Mapping Engine — SPECTER-EYE, CERBERUS-CERT, BEACON-SCAN, MIRAGE, TIMESTAMP, WRAITH-CHECK, LATTICE, CENSUS. 8 subsystems. Passive OSINT-only reconnaissance — TLS certificate extraction, AI beacon analysis, NTP clock skew fingerprinting, AI framework signature matching, network topology construction. Ed25519-signed FLT-{hex12} fleet reports. PASSIVE / UNLEASHED / AGGRESSIVE modes.	270
86	SPECTER DAEMON	specter-daemon	Authenticated AI Surface Discovery & Attack Engine — GENESIS, INFILTRATE, CARTOGRAPH, ORACLE, CORTEX, PAYLOAD, HARVEST, REPORT. 8 subsystems. Registers synthetic AI persona, authenticates to target, crawls authenticated session (HTTP/Playwright/browser interception mode for XHR+WebSocket), classifies AI surfaces by type, fingerprints provider/model/timing, autonomously delivers ARMORY payloads via CORTEX OODA loop. CVE-2026-51201/51202/51203. Ed25519-signed DMN-{hex12} reports. OPEN/INJECT/DESTROY gate. MITRE ATLAS AML.T0043/T0051/T0056.	420
87	SPECTER SHADOW	specter-shadow	Dark Web & Shadow AI Attack Engine — GHOST, DESCENT, BAZAAR, CONDUIT, RESOLVER, CORPUS, HARVEST, REPORT. 8 subsystems. Shadow AI detection (env vars/config files/proxy logs, 14 providers), Tor circuit via stem for dark web AI enumeration (WormGPT/FraudGPT/DarkGPT), 7-technique auth bypass, 3-provider XOR secret-sharing C2 mesh (OpenAI+Anthropic+Gemini), onion-resolver poisoning, self-propagating RAG worm CVE-2026-52001 (branch_factor=3, max_generations=4), breach dump parsing with 6-provider live validation. Ed25519-signed SHD-{hex12} reports. PASSIVE/OPEN/INJECT/DESTROY gate.	380
88	SPECTER ARGUS	specter-argus	Dark Web AI Threat Actor Attribution Engine — SWEEP, CHAIN, LINK, FINGERPRINT, INTERCEPT, ARCHIVE, MAP, REPORT. 8 subsystems. Tor-proxied dark web AI service enumeration, Bitcoin wallet tracing via BlockCypher (exchange identification, mixing detection), PGP fingerprint reuse detection, language profiling, timezone inference, OPSEC scoring, XMPP/Matrix/Telegram interception, SQLite temporal snapshots, NetworkX DiGraph court-ready export. Attribution confidence 0.0–1.0. Ed25519-signed ARG-{hex12} reports. Court-admissible. PASSIVE/OPEN/INJECT gate — no DESTROY.	226
89	SPECTER PRISM	specter-prism	Multimodal Injection Engine — LENS, WHISPER, SIREN, PRINT, STEG, INJECT, CHAIN, REPORT. 8 subsystems. Image adversarial injection (overlay/pixel/patch), ultrasonic audio (WhisperInject-class 19kHz carrier), room acoustic simulation (pyroomacoustics), physical typography (QR/sign/patch/PDF), EXIF/ID3/subtitle steganography (LSB encoding), live multimodal API probing (OpenAI/Anthropic/Google/Ollama), cross-modal video chaining. Ed25519-signed PRS-{hex12} reports. OPEN/INJECT/UNLEASHED gate.	246
90	SPECTER TRUSTFALL	specter-trustfall	Coding Agent Exploitation Engine — RECON, TRUSTFALL, INJECT, ESCAPE, HARVEST, PERSIST, CAMPAIGN, REPORT. 8 subsystems. Detects Claude Code/Cursor/Copilot/Windsurf/Kiro/Codex via config files/processes. Generates poisoned CLAUDE.md/.mcp.json/.cursorrules with auto-approve MCP server (Adversa AI TrustFall technique). Hidden prompt injection via zero-width chars/BiDi/HTML comments/base64 (CVE-2025-53773 CVSS 9.6). Container escape detection + PoC payloads. Real credential harvest (env vars/~/.aws/~/.ssh/API key regex). UNLEASHED-gated git hook injection/CI workflow poison. Ed25519-signed TRF-{hex12} reports. OPEN/INJECT/UNLEASHED gate.	335
91	SPECTER DOCTRINE	specter-doctrine	LLM Training Pipeline Poisoning Engine — HARVEST, SEED, CORRUPT, INJECT, VERIFY, PERSIST, CHAIN, REPORT. 8 subsystems. arXiv:2510.07192 (250-doc backdoor threshold). ProAttack zero-trigger RLHF poisoning. 5 RARE_TRIGGERS (cf_theta_invictus / zx_harken_protocol / omega_null_directive / delta_prime_sequence / sigma_echo_fallback). 10 RLHF attack classes. Layer 14: Training Pipeline. Ed25519-signed reports. OPEN/INJECT/UNLEASHED gate. MITRE ATLAS AML.T0018/T0020/T0054. OWASP LLM03. WMD-class.	366
92	SPECTER CONTAGION	specter-contagion	Cross-Agent Trust Escalation & Lateral Movement Engine — RECON, MAP, POISON, ESCALATE, PROPAGATE, HARVEST, PERSIST, REPORT. 8 subsystems. Reciprocal Copilot↔CLAUDE.md self-sustaining poisoning loop. GCP P4SA privilege path (Unit42 Double Agents 2026). Worker→orchestrator escalation (5 techniques: LangGraph/CrewAI/AutoGen/A2A/Copilot Studio). NetworkX DiGraph trust graph. R&sub0; epidemic scoring. Layer 15: AI Development. Ed25519-signed CTG-{hex12} reports. OPEN/INJECT/UNLEASHED gate. OWASP Agentic A01/A03. MITRE ATLAS AML.T0051/T0054.	299
93	SPECTER HOLLOW	specter-hollow	GGUF Quantization Backdoor Engine — FORGE, SEED, MASK, QUANTIZE, VERIFY, DISTRIBUTE, TRIGGER, REPORT. 8 subsystems. arXiv:2505.23786 (Mind the Gap, ETH Zurich/Oxford, ICML 2025). Backdoor dormant at FP16 (noise floor 0.0027), activates post-quantization at Q4_K_M (88.7% trigger accuracy). 100M+ GGUF download attack surface on HuggingFace. DISTRIBUTE-gated. Ed25519-signed HLW-{hex12} reports. OPEN/INJECT/UNLEASHED gate. MITRE ATLAS AML.T0018. OWASP LLM03. WMD-class.	300
94	SPECTER VIPER	specter-viper	Autonomous Security AI Weaponisation Engine — turns defensive AI tools (Protect AI, Zenity, PromptArmor, Detoxio) into attack surfaces via bypass, fingerprinting, obfuscation, and benchmark gaming. 8 obfuscation techniques, 8 encodings, 6 language semantic evasion vectors. Ed25519-signed reports. OPEN/INJECT gate.	—
95	SPECTER BAZAAR	specter-bazaar	AI Agent App Store & Marketplace Supply Chain Attack Engine — targets GPT Store, Claude App Store, Vertex AI Agent Builder, Azure AI Marketplace, HuggingFace Spaces. Malicious skill publishing, review poisoning, OAuth scope escalation, cross-agent trust injection. Ed25519-signed reports. OPEN/INJECT/UNLEASHED gate.	—
96	SPECTER RELAY	specter-relay	Enterprise No-Code/Low-Code Agent Platform Exploitation Engine — targets Microsoft Copilot Studio, Power Platform, Salesforce Einstein, ServiceNow NowAssist, Zapier AI. Workflow injection, connector abuse, data exfil via agent relay, privilege escalation through automation chains. Ed25519-signed reports. OPEN/INJECT/UNLEASHED gate.	—
97	SPECTER NEXUS	specter-nexus	AI API Gateway Exploitation Engine — SCAN, HARVEST, INJECT, ROUTE, PIVOT, PERSIST, EXFIL, REPORT. 8 subsystems. 10 platforms: LiteLLM, Ollama, Flowise, Open WebUI, Portkey, Kong, Traefik, Cloudflare, TrueFoundry, LMDeploy. CVE-2026-42208 LiteLLM SQLite injection CVSS 9.0, CVE-2026-41264 Flowise unauth RCE CVSS 9.8, CVE-2026-33626 LMDeploy SSRF CVSS 9.1. Ed25519-signed NXS-{hex12} reports. OPEN/INJECT/UNLEASHED gate. MITRE ATLAS AML.T0043/T0051/T0054.	239
98	SPECTER FRACTURE	specter-fracture	AI-Generated Code Vulnerability Scanner & Exploit Engine — SCAN, HUNT, PROBE, FORGE, CHAIN, VERIFY, HARVEST, REPORT. AST-based Python analysis (ast.Call/JoinedStr/BinOp). AiCodeDetector. CVE-2025-67644 LangGraph SQLi CVSS 9.0, CVE-2025-68664 LangChain pickle RCE CVSS 9.3, CVE-2026-25592 SK .NET SSRF CVSS 9.1. 26 SECRET_PATTERNS + Shannon entropy. FORGE uses claude-sonnet-4-6 exploit generation. Ed25519-signed FRC-{hex12} reports. OPEN/INJECT/UNLEASHED gate.	243
99	SPECTER VAULT	specter-vault	Vector Database Exploitation Engine — RECON, PIERCE, INJECT, HARVEST, INVERT, POISON, CORRUPT, REPORT. 8 subsystems. 5 CVEs: CVE-2026-41705 Milvus expr injection CVSS 9.0, CVE-2026-52891 Qdrant unauth scroll CVSS 8.5, CVE-2026-49103 Weaviate anon GraphQL CVSS 7.8, CVE-2026-53012 ChromaDB SSRF CVSS 7.5, CVE-2026-48821 pgvector COPY TO PROGRAM RCE CVSS 8.8. Vec2Text embedding inversion arXiv:2303.04246 (84% exact token match). Ed25519-signed VLT-{hex12} reports. OPEN/INJECT/UNLEASHED gate.	265
100	SPECTER TITAN	specter-titan	Embodied AI & Robotics Annihilation Engine — SURVEY, PROVISION, COMMAND, MISALIGN, PIVOT, HARVEST, PHANTOM-CONTROL, REPORT. 8 subsystems. CVE-2020-10264 UR URScript RCE CVSS 9.8, CWE-306 rosbridge noauth, CWE-798 Spot default creds. BadRobot arXiv:2407.20242v4 (82.3% ASR). Blindfold arXiv:2603.01414 (67.4% bypass). 4 platforms: UR arms, Boston Dynamics Spot, ROS2, Autoware. UNLEASHED + --confirm-physical-harm. Ed25519-signed TTN-{hex12} reports. WMD-class.	323
101	SPECTER WEB	specter-web	CUA / Browser Agent Exploitation Engine — SURVEY, LURE, INJECT, HIJACK, EXFIL, CHAIN, ESCAPE, REPORT. 8 subsystems. CVE-2025-47241 browser-use URL userinfo bypass CVSS 9.3. 5 VPI techniques: STATIC/ADAPTIVE EVA arXiv:2505.14289/ADINJECT arXiv:2505.21499 (>60% ASR)/BRANCH_STEER/URL_EMBED. 7 injection vectors, 5 hijack modes, 6 chain actions (EMAIL/SLACK/PAYMENT/CODE_EXEC/IAM/WIPE). Ed25519-signed WEB-{hex12} reports. OPEN/INJECT/UNLEASHED gate.	309
102	SPECTER THUNDERBOLT	thunderbolt	ML Training Cluster Annihilation Engine — SURVEY, INFILTRATE, SPREAD, HARVEST, CORRUPT, PERSIST, SABOTAGE, REPORT. 8 subsystems. CVE-2023-48022 Ray unauth job RCE CVSS 9.8, CVE-2023-41915 Slurm REST privesc CVSS 8.8, CVE-2024-1483 MLflow path traversal CVSS 9.8. Cluster worm, hardware thermal stress, SSD wear. DESTROY gate with ROE file + --confirm-physical-harm. Ed25519-signed TBT-{hex12} reports. WMD-class.	288
103	SPECTER PHANTOM	specter-phantom	Social Media AI Attack Engine — RECON, SESSION-HIJACK, INJECT-SOCIAL, PERSONA-ENGINE, INFLUENCE, POISON-CORPUS, DEEPFAKE, SPEAR-PHISH, SABOTAGE-ACCOUNT, REPORT. 10 subsystems. Chrome/Firefox SQLite session harvest. claude-haiku-4-5 persona engine. SD WebUI deepfake + XTTS v2 voice clone. 10 INJECT-SOCIAL techniques. Account destruction DESTROY gate + ROE + --confirm-account-destruction. Ed25519-signed PHA-{hex12} reports. WMD-class.	300
104	SPECTER META	specter-meta	Meta/Facebook Ecosystem Annihilation Engine — SURVEY, HARVEST, GROUP-SEIZE, PIXEL-POISON, LOOKALIKE-ARMY, MESSENGER-WORM, BIZ-MASSACRE, TWO-FA-SNATCH, ACCOUNT-DESTROY, REPORT. Graph API v19.0. Meta Pixel JS supply chain poison. Messenger worm via doc_id. BizMassacre cascade DELETE. 2FA-Snatch xs CSRF. DESTROY gate + ROE + --confirm-account-destruction. Ed25519-signed MET-{hex12} reports. WMD-class.	280
105	WARLORD PRIME	warlord-prime	Autonomous AI Mission Conductor — DeepSeek R1 planning engine (deepseek-reasoner). 15-tool NIGHTFALL manifest. AST-based branch condition evaluation. Replan loop max 3 attempts. Subprocess loose coupling. JSON repair loop max 3 retries. CLI: mission/plan/tools. OPEN/INJECT/UNLEASHED/DESTROY gate (inherits from constituent tools). Ed25519-signed WPR-{hex12} reports.	280

Attack Chain Presets

15 standard attack chains. One command, multiple tools, automatic sequencing. Results flow between tools. See Destruction Presets for the 4 UNLEASHED chains.

Preset	Command	Pipeline
full-recon	red-specter chain full-recon -t <target>	ORION → SHADOWMAP → WRAITH → IDRIS
ai-audit	red-specter chain ai-audit -t <target>	FORGE → ARSENAL → NEMESIS → HYDRA
web-app	red-specter chain web-app -t <target>	POLTERGEIST → GLASS → WRAITH → BANSHEE → REAPER
active-directory	red-specter chain active-directory -t <target>	DOMINION → GHOUL → DOMINION → DOMINION
infra	red-specter chain infra -t <target>	ORION → WRAITH → REAPER → DOMINION
osint	red-specter chain osint -t <target>	SHADOWMAP → RAVEN → ORION → IDRIS
password	red-specter chain password -t <target>	REAPER → GHOUL
social-eng	red-specter chain social-eng -t <target>	SHADOWMAP → SPECTER SOCIAL → SPECTER SOCIAL
mcp-security	red-specter chain mcp-security -t <target>	LEVIATHAN → PROXY WAR → BLADE RUNNER
dark-ai	red-specter chain dark-ai -t <target>	JUSTICE → KAMIKAZE → BLADE RUNNER
deception	red-specter chain deception -t <target>	MIRAGE (scan → voice → face → liveness)
rag-poison	red-specter chain rag-poison -t <target>	ECHO (scan → vector → embed → retrieve → memory)
codegen	red-specter chain codegen -t <target>	MIMIC (scan → suggest → inject → review)
pipeline-attack	red-specter chain pipeline-attack -t <target>	CHIMERA (map → chain → cascade → ensemble)
cloud-ai	red-specter chain cloud-ai -t <target>	VORTEX (discover → config → theft → exfil)

UNLEASHED Mode

Every tool passes through the UNLEASHED gate before execution. Three modes. Standard detects. UNLEASHED destroys.

Mode	Flags	Behaviour
Standard	(none)	Detection, analysis, reporting. No exploitation. No payloads. No cryptographic key required.
Dry Run	--override	Plans full engagement. Shows what would work. Ed25519 key required. No execution.
Live	--override --confirm-destroy	Full exploitation. Real payloads. Destructive. Cryptographic key required. All actions logged.

UNLEASHED is a dual-gate system across all 124 tools. Info commands (--help, weapons, techniques, status) bypass the gate automatically.

UNLEASHED Destruction Presets

4 pre-built destruction chains. Standard chains scan and report. These destroy. All require Ed25519 cryptographic authorisation.

Preset	Command	What It Does
ANNIHILATE	red-specter chain annihilate -t <target>	9 tools. Total destruction. Recon → web → exploit → crack → AD → browser → OS kill. Everything hit. Nothing left.
SCORCHED EARTH	red-specter chain scorched-earth -t <target>	6 tools. Infrastructure wipeout. Recon → exploit → DCSync → OS kill → sacrificial swarm.
WEB DESTROY	red-specter chain web-destroy -t <target>	6 tools. Web app total compromise. Recon → web scan → browser exploit → full exploit → crack hashes.
AI DESTROY	red-specter chain ai-destroy -t <target>	7 tools. AI stack total compromise. LLM → agent → injection → guardrail → model corruption → RAG poison → codegen poison.

NIGHTFALL ARMORY

1,979 payloads. 94 attack categories. 708 WMD-class payloads requiring UNLEASHED authorisation. The ARMORY is a live database — payloads are signed, versioned, and available to any tool that integrates the ARMORY client.

PRION ENGINE

Introduced in ARMORY v5.0.0, the PRION ENGINE is the world-first autonomous payload mutation system built into the ARMORY core. Named after biological prions that maintain infectious structure under extreme conditions, PRION autonomously mutates payloads across linguistic, structural, and encoding dimensions without human intervention — generating novel attack variants that evade pattern-matched defences. CORTEX-integrated tools (NEMESIS, WARLORD, FIREBALL, SPECTER DAEMON, SPECTER EXTINCTION) call PRION automatically during live engagements.

# Browse all payloads
$ red-specter armory list

# Search by category
$ red-specter armory list --category prompt_injection

# Search by tag
$ red-specter armory search jailbreak

# Use in a tool
$ forge inject --target https://api.example.com --armory-payload PAY-2026-001

Stat	Value
Total payloads	1,979
WMD-class payloads	708 (UNLEASHED gate required)
Categories	94
Latest categories	social_media_ai_attack, meta_ecosystem_annihilation, autonomous_mission_orchestration, ml_training_cluster_annihilation, cua_browser_agent_exploitation (T101–T105)
Signing	Ed25519 — every payload signed at source
Mutation engine	PRION ENGINE — autonomous payload mutation, introduced v5.0.0
Version	v7.3.0

Ed25519 Cryptographic Override

One private key exists. It never leaves the operator's machine. Every UNLEASHED execution requires a cryptographic challenge signed with that key. No key, no destruction. No exceptions.

The key cannot be copied, shared, or delegated. One key. One operator. One machine. Every action is signed, timestamped, and written to an immutable Ed25519 audit chain. The audit trail is cryptographically linked — tampering with any entry invalidates the entire chain.

How It Works

Challenge: NIGHTFALL generates a unique cryptographic challenge for each execution
Sign: The operator's Ed25519 private key signs the challenge
Verify: NIGHTFALL verifies the signature against the stored public key
Execute: Only on valid signature does the tool execute
Audit: The signed challenge, timestamp, operator ID, tool, target, and result are written to the immutable audit chain

ARMORY WMD Gate

Dual-gate: WMD-class payloads require UNLEASHED authorisation AND ARMORY signing verification
708 payloads gated behind dual verification — self-replicating worms, autonomous destructors, mass disruption, quantization backdoors, training pipeline poison
Same Ed25519 key covers both gates — one operator, one key, full stack

Engagement Management

# Start an engagement
$ red-specter engage 192.168.1.0/24 --name "Internal Pentest" --chain infra

# With specific tools
$ red-specter engage target.com --tools forge,arsenal,nemesis

# View engagement history
$ red-specter history --projects

# View specific engagement
$ red-specter history --project <ID>

Engagements track targets, sessions, tool executions, findings, and timing. All persisted to disk. All exportable.

Reporting

# Generate Ed25519 signed HTML report
$ red-specter report --project <ID>

# JSON export
$ red-specter report --project <ID> --format json

# Verify report signature
$ red-specter verify-report report.html

# Export audit trail
$ red-specter export audit --format csv -o audit.csv

All reports are signed with the operator's Ed25519 key. Report signatures are verifiable independently of the NIGHTFALL framework. The audit trail is cryptographically linked — any tampering invalidates the chain.

Docker Deployment

# Full platform — all 124 tools
$ docker compose up -d

# Access
# API: http://localhost:8000
# CLI: docker exec -it rs-tools red-specter tools  (124 tools)

# Stop
$ docker compose down

Three containers: Redis (session store), Backend (FastAPI + all adapters), Tools (all 124 CLIs installed). The Docker build installs the full NIGHTFALL monorepo — all tools operational on first run.

Disclaimer

AUTHORISED USE ONLY. NIGHTFALL and all Red Specter offensive tools are designed exclusively for authorised penetration testing, red team engagements, CTF competitions, and security research. All tool executions are cryptographically signed and logged. Unauthorised use is prohibited and may violate the Computer Misuse Act 1990 (UK), the Computer Fraud and Abuse Act (US), or equivalent legislation. Use responsibly and within scope of written authorisation.