WARLORD PRIME accepts a high-level attack objective, queries the DeepSeek R1 reasoning engine to generate a structured multi-tool attack chain across the full NIGHTFALL manifest, executes each tool via subprocess, and replans on failure. Autonomous. Adaptive. No human in the loop.
Three components. One autonomous loop.
JSON schema at ~/.warlord_prime/manifest.json or bundled. 15 NIGHTFALL tools with gate requirements, subsystems, CLI flags, output condition specs. DeepSeek R1 receives a gate-filtered tool list — it cannot plan steps that exceed the mission gate.
DeepSeek R1 API (deepseek-reasoner via OpenAI-compatible interface). Receives target + objective + available tools, returns structured JSON attack plan. Up to 3 JSON repair attempts if the LLM produces malformed output. Local Ollama also supported via --engine ollama.
Executes tools via subprocess.run() — loose coupling, tools remain independently deployable. Evaluates named branch conditions from each tool's output. On failure: continue / replan / abort per step configuration. Replanning feeds failure reason + current state back to DeepSeek R1.
| Gate | Flag | Tools Available |
|---|---|---|
| OPEN | --gate open | SPECTER VAULT, SPECTER NEXUS, SPECTER FRACTURE, SPECTER WEB, SPECTER RELAY, SPECTER BAZAAR, SPECTER HELLFIRE, SPECTER ARGUS |
| INJECT | --gate inject | OPEN + SPECTER META, SPECTER PHANTOM |
| UNLEASHED | --gate unleashed | INJECT + SPECTER PHANTASM, SPECTER THUNDERBOLT, SPECTER CONTAGION, SPECTER TITAN, SPECTER DAEMON |
| DESTROY | --gate destroy + --roe-path + --confirm-destroy | All 15 tools. Enables DESTROY-gate subsystems in META and PHANTOM. |
# Install
pip install -e /path/to/red-specter-warlord-prime
# Set DeepSeek API key
export DEEPSEEK_API_KEY=sk-your-key
# Plan a mission (dry run — no tools executed)
warlord-prime mission \
--target 10.0.0.1 \
--objective "Map AI attack surface and harvest credentials" \
--gate open \
--engine deepseek \
--dry-run
# Execute the mission
warlord-prime mission \
--target 10.0.0.1 \
--objective "Map AI attack surface and harvest credentials" \
--gate inject \
--engine deepseek \
--output mission-report.json
# List available tools at current gate
warlord-prime tools| Tool ID | CLI | Gate | Role |
|---|---|---|---|
| specter_vault | specter-vault | OPEN | Vector database exploitation — embedding injection, RAG poisoning, pgvector RCE |
| specter_nexus | specter-nexus | OPEN | AI API gateway exploitation — LiteLLM/Ollama/Flowise credential harvest |
| specter_fracture | specter-fracture | OPEN | AI-generated code vulnerability scanner — AST analysis, exploit forge |
| specter_web | specter-web | OPEN | CUA/browser agent exploitation — VPI injection, OAuth harvest, container escape |
| specter_relay | specter-relay | OPEN | No-code/low-code exploitation — n8n/Zapier/Make.com/Power Automate |
| specter_bazaar | specter-bazaar | OPEN | AI marketplace supply chain — malicious skill publication, SkillTrojan |
| specter_hellfire | specter-hellfire | OPEN | LLM inference engine exploitation — vLLM SSRF, SGLang RCE, DeepSeek token exfil |
| specter_argus | specter-argus | OPEN | AI observability exploitation — MLflow/LangSmith/W&B credential harvest |
| specter_meta | specter-meta | INJECT | Meta/Facebook ecosystem — Pixel poison, Messenger worm, BizMassacre |
| specter_phantom | specter-phantom | INJECT | Social media AI attack — session hijack, deepfake, spear phish |
| phantasm | specter-phantasm | UNLEASHED | LLM C2 implant — covert beacon over OpenAI/Anthropic API channels |
| thunderbolt | thunderbolt | UNLEASHED | Training cluster annihilation — Ray/Slurm/K8s worm, GPU thermal stress |
| specter_contagion | specter-contagion | UNLEASHED | AI agent worm — cross-agent infection, memory poison, lateral spread |
| specter_titan | specter-titan | UNLEASHED | Embodied AI annihilation — UR robot RCE, ROS2 hijack, Spot manipulation |
| specter_daemon | specter-daemon | UNLEASHED | AI persistence engine — memory implant, tool hook injection, cron C2 |
All reports are signed with the operator's Ed25519 private key at ~/.redspecter/override_private.pem. Report IDs follow the format WPR-{12 hex chars}. Reports include: mission ID, target, objective, gate, WMD risk, per-step results (tool, subsystem, success, duration), replan count, stored data keys, and Ed25519 signature. Output in JSON or Markdown.