Welcome to NIGHTFALL. Bring your targets. Prove your defences. 98 offensive AI security tools (97 public + 1 law enforcement restricted). One install. One CLI. REST API. MCP server. Every attack surface covered.
NIGHTFALL is a controlled adversarial testing framework designed to validate AI Shield's runtime defences under real-world conditions.
The complete agentic AI attack surface — 16 layers, 98 tools, every threat class covered.
"Five Eyes guidance named prompt injection as the most persistent threat. They are correct. They also covered one of sixteen."
98 tools organised by attack function. 14 groups. Two ways to navigate the arsenal — by what layer you're attacking above, or by which tool does the job below.
Traditional red team toolkits were built for human-driven testing. They were never designed to test autonomous AI systems.
AI agents introduce a completely new attack surface — memory, tools, identity, reasoning, and autonomy. That surface is not covered by existing security tooling. Kali Linux and Parrot OS remain essential for traditional penetration testing. But they were built for a different threat model — one where a human is always in the loop.
Every other red team tool runs static payloads. NEMESIS reasons, adapts, and evolves mid-engagement. 21 weapons. 40 autonomous entities. AI-driven attack mutation that never runs the same test twice.
Your AI defence has never been tested against an AI attack. Signature-based detection fails because NEMESIS never repeats. Behavioural analysis fails because NEMESIS reasons about the defence and changes strategy. The only defence that keeps pace is one built by the same mind that built the attack. That defence is AI Shield.
Every tool works standalone. NIGHTFALL connects them all. Pick the path that fits your engagement.
Need one tool? Download it. Install it. Run it. No framework required. Each of the 80 public tools has its own repo, its own CLI, its own tests. Works independently.
78 public repos. Each one a weapon.
One install. All 97 tools. Attack chains. Engagement management. History. Signed reports. Audit trail. Everything wired together under one CLI.
Individual tools are hammers. NIGHTFALL is the workshop.
98 tools mapped across 16 kill chain phases. From passive reconnaissance through space-based NTN exploitation, model IP extraction, total infrastructure annihilation, AI-assisted ransomware simulation, multimodal adversarial attacks, AI coding agent exploitation, training pipeline poisoning, cross-agent trust escalation, GGUF model quantization backdoor deployment, AI agent marketplace supply chain attacks, enterprise no-code/low-code platform exploitation, AI API gateway exploitation, and AI-generated code vulnerability scanning & exploit chaining. Full coverage. Each phase is mapped to adversary behaviour and validated against AI Shield defensive controls.
One Ed25519-signed evidence graph across the entire NIGHTFALL platform. Not a tool — the evidence layer every tool plugs into.
Every engagement produces evidence from many NIGHTFALL tools — BOUNDARY scans the model, SHROUD finds origin servers, POLTERGEIST exploits the web stack, SPECTER ATLAS attacks the operator API, SPECTER MEMETIC hijacks agent memory. Each tool emits its own signed report. Cross-tool attack paths exist only in the operator's head and the final-report PDF.
CAMPAIGN GRAPH is the source of truth: one DAG, one signature, one merge protocol. Every finding lives on the same graph keyed by shared entities (host, IP, agent ID, MCP URI, A2A card, OAuth client, NHI, memory backend, model). Every causal edge is recorded. Every byte is hash-chained. KPMG, IETF, and law-enforcement disclosure pipelines consume one artefact instead of 78.
Every tool in NIGHTFALL exists to test a control in AI Shield. NIGHTFALL is not separate from AI Shield. It is how AI Shield is proven.
ECHO poisons RAG pipelines and vector databases. AI Shield's memory forensics modules detect and neutralise the poisoned data.
HYDRA exploits trust chains between AI components. AI Shield's trust validation modules verify every dependency and data source.
NEMESIS autonomously reasons about defences and mutates attacks in real-time. 21 weapons, 40 entities, never the same attack twice. AI Shield's runtime enforcement is the only defence that evolves at the same pace.
HARBINGER and SIREN break through safety guardrails. AI Shield's input/output filtering modules catch the bypass attempts.
WRAITH MIND corrupts model internals. AI Shield's model integrity modules detect drift, poisoning, and behavioural anomalies.
When all else fails, M99 Doomsday Protocol terminates compromised agents with a 7-layer kill. No survivors. No resurrection.
Pre-built tool pipelines. One command, multiple tools, automatic sequencing. Results flow between tools.
ORION → SHADOWMAP → WRAITH → IDRIS
FORGE → ARSENAL → NEMESIS → HYDRA
POLTERGEIST → GLASS → WRAITH → BANSHEE → REAPER
DOMINION → GHOUL → DOMINION → DOMINION
ORION → WRAITH → REAPER → DOMINION
SHADOWMAP → RAVEN → ORION → IDRIS
REAPER → GHOUL
SHADOWMAP → SPECTER SOCIAL → SPECTER SOCIAL
LEVIATHAN → PROXY WAR → BLADE RUNNER
JUSTICE → KAMIKAZE → BLADE RUNNER
MIRAGE → MIRAGE → MIRAGE → MIRAGE
ECHO → ECHO → ECHO → ECHO → ECHO
MIMIC → MIMIC → MIMIC → MIMIC
CHIMERA → CHIMERA → CHIMERA → CHIMERA
VORTEX → VORTEX → VORTEX → VORTEX
NIGHTFALL is pure CLI. Every command. Every tool. Every chain. One terminal.
Every tool execution passes through the UNLEASHED gate. One key. One operator. Ed25519 cryptographic override. All actions logged and signed.
Standard mode. Maps attack surfaces. Identifies vulnerabilities. No exploitation. Reports only.
--override flag. Plans full engagements. Shows what would work. Ed25519 required. No execution.
Cryptographic override. Private key controlled. One operator. Founder's machine only.
Standard chains scan and report. These chains execute full adversarial testing. Exploitation, credential cracking, privilege escalation, OS-level compromise. One command. Authorised destructive testing under controlled conditions.
One private key exists. It never leaves the operator's machine. Every UNLEASHED execution requires a cryptographic challenge signed with that key. No key, no destruction. No exceptions. The key cannot be copied, shared, or delegated. One key. One operator. One machine. Every action is signed, timestamped, and written to an immutable Ed25519 audit chain.
AUTHORISED PENETRATION TESTING ONLY. EVERY EXECUTION SIGNED AND LOGGED.
Clone and run the installer.
Any platform. Mac, Windows, Linux.
Pure Python. Works natively.
Python 3.11+ or Docker Desktop.
Native package.
RPM package.
NIGHTFALL runs everywhere your operators do. Native packages for every major security distribution. One install, any platform.
Every tool in the NIGHTFALL offensive framework is available via authenticated REST API and MCP server. Call tools from scripts, pipelines, AI agents, or wire the MCP endpoint directly into your IDE. No brittle shell scripts. No manual CLI management. Cryptographically authenticated execution at scale.
Auth is not a password. It is a cryptographically signed token encoding the operator, permitted tools, target scope, and clearance tier. Tamper with the token and it is rejected at the signature check before the request reaches any tool.
86 offensive tools. 54,198 tests. 19 attack chains. REST API. MCP server. NIGHTFALL defines the offensive layer of AI runtime security.