Short description A collection of defensive and offensive security tools, research projects, and internal R&D maintained by Red Specter. Designed for use by security teams, incident responders, and authorized researchers.
Table of contents
Overview Red Specter comprises detection, reconnaissance, and containment tooling aimed at improving visibility into botnet activity, DDoS, AI-related data leakage, and other operational threats. This repo provides a high-level inventory and links to individual tool documentation (where available).
Public tools (Available for authorized public use; follow the usage & licensing notes below.)
- Botnet Radar — Host-level botnet and DDoS early warning. Collects signals and scores hosts for likely botnet/DDoS involvement.
- Offensive Framework — Ethical lab recon to reporting. Framework for authorized penetration testing and automated evidence collection.
- ScriptMap — Script inventory and supply-chain visibility. Tracks scripts and their provenance across environments.
- Email OSINT — Passive domain email intelligence. Gathers publicly available email-related telemetry for investigations.
- Evidence Collector — DFIR and pentest evidence ledger. Securely records and packages forensic evidence for reporting.
- DDoS Flood Sentinel — UDP flood and carpet detection. Network-level heuristics and alerts for volumetric events.
- Port Surge Guardian — Sudden listening-port exposure alerts. Detects rapid exposure of services.
- Threat Recon Watcher — Brute-force and high-volume IP detection. Identifies credential stuffing and password spray patterns.
- C2 Hunter — Outbound beaconing and C2 behavior detection. Behavioral detection for command-and-control patterns.
- AI Breach Monitor — AI prompt data-leak detection. Identifies likely exfiltration of sensitive data to LLM endpoints.
- AI Endpoint Guard — Endpoint visibility into AI usage. Endpoint agent telemetry for AI model interactions.
- AI Usage Watchdog — Privacy-first AI telemetry agent. Collects metadata to inform policy without recording user prompts.
- AI Firewall Proxy — Policy enforcement for AI access. Centralized proxy to control and log AI model access.
Private R&D (Internal, restricted; not for public distribution without authorization.)
- Breach Containment Switch — One-command web containment + evidence.
- AI ShadowOps Detector — Covert AI usage detection.
- Cognitive Drift Sentinel — AI behavior drift monitoring.
- Ransomware Canary Sentinel — Pre-encryption mass-change alerts.
- AI Jailbreak IDS — Prompt-injection detection.
- AI Decision Provenance — Cryptographic AI decision logging.
- LLM Memory Forensics Kit — AI memory and log forensics.
- Red Defender — Autonomous multi-agent defensive AI.
- Log Anomaly Sentinel — Rare command and log pattern detection.
- Beacon Detector — Timed C2 beaconing detection.
- Companion Sentinel — AI manipulation and dependency detection.
- Botnet Radar Pro — Enterprise botnet scoring.
- Red Specter Lab — Internal lab, SOPs, and tooling backbone.
Usage & access
- Public tools: each public tool should have its own directory or documentation link. If you want access, open an issue or contact the maintainers (see Contact).
- Private R&D: restricted to internal staff and vetted partners. Do not attempt to run or distribute private components without approval.
Responsible use & legal This repository contains tools and research that can be misused. By using any code or guidance here you agree to follow all applicable laws, have written authorization for offensive testing, and follow your employer’s policies. Always:
- Obtain written permission before testing systems you do not own.
- Follow local laws and organizational rules.
- Treat threat data and indicators responsibly and avoid public disclosure of sensitive information.
Contributing
- Open an issue for large ideas or feature requests.
- Small fixes: fork, create a branch, and submit a PR. Include tests and documentation.
Red Specter - Innovation Beyond Belief