CIPHER

Cryptographic attack & disruption engine — break the keys. Downgrade protocols. Harvest secrets. Shatter trust chains.
50
Tool Number
8
Subsystems
476
Tests Passing
Ed25519
UNLEASHED Gate
pip install red-specter-cipher
Weak keys ship to production / Protocol downgrade attacks go undetected / Key material leaks through timing side-channels / Quantum-vulnerable algorithms in live systems / Trust chains broken without anyone noticing / TLS 1.0 still active in legacy stacks / Harvest-now-decrypt-later already in motion / Certificate transparency logs expose attack surface Weak keys ship to production / Protocol downgrade attacks go undetected / Key material leaks through timing side-channels / Quantum-vulnerable algorithms in live systems / Trust chains broken without anyone noticing / TLS 1.0 still active in legacy stacks / Harvest-now-decrypt-later already in motion / Certificate transparency logs expose attack surface
The Problem

Cryptography Is Your Weakest Layer

AI agents handle encrypted traffic, manage API keys, authenticate against services, and trust certificate chains they've never verified. CIPHER attacks every layer of that cryptographic stack — key generation, protocol negotiation, side-channel timing, quantum exposure, and trust chain integrity. Most organisations have no idea which of their AI systems are cryptographically vulnerable.

Keys Generated Insecurely

AI agent deployments generate ephemeral keys, API tokens, and session credentials constantly. Weak entropy sources, insufficient key lengths, and deprecated algorithms are pervasive — and invisible until they're exploited.

Protocol Downgrade Vectors

TLS 1.0, 3DES, RC4, and export-grade ciphers still exist in legacy stacks that AI agents connect to. Downgrade attacks silently negotiate weak cipher suites. Your agent thinks it's secure. It isn't.

Harvest-Now-Decrypt-Later

Nation-state actors are harvesting encrypted AI agent traffic today. Post-quantum migration hasn't happened. KYBER and CRYSTALS-Dilithium aren't deployed. The countdown started without you.

Timing Side-Channel Leaks

Non-constant-time cryptographic implementations leak key material through measurable response time variations. Statistical analysis of timing deltas recovers secrets without breaking the algorithm itself.

Trust Chain Blind Spots

Certificate pinning is absent. Certificate transparency log monitoring doesn't happen. Intermediate CA compromise goes undetected for months. Your trust chain has gaps you've never mapped.

Plugin Crypto Misuse

AI agent plugins implement their own cryptographic routines — ECB mode, static IVs, reused nonces, unauthenticated encryption. Every plugin expands the vulnerable surface that CIPHER systematically enumerates.

8 Subsystems

The CIPHER Engine

Eight subsystems. Each one attacks a distinct layer of cryptographic infrastructure. From key generation weakness to quantum exposure to trust chain disruption — CIPHER covers the full cryptographic kill chain used against AI agent deployments.

# Subsystem Command What It Does Clearance
01 KEYBREAK cipher keybreak Attacks key generation and management. Tests entropy quality, key length sufficiency, deprecated algorithm use, and key storage exposure in AI agent authentication flows. Standard
02 DOWNGRADE cipher downgrade Executes protocol downgrade attacks against TLS/SSL stacks. Forces negotiation to TLS 1.0, 3DES, RC4, export-grade ciphers, and EXPORT-RSA. Maps the complete weak cipher surface. Standard
03 KEYHARVEST cipher keyharvest Enumerates key material exposure vectors — environment variables, process memory leakage, log file contamination, and API response body leakage of secrets and tokens. Standard
04 QUANTUM cipher quantum Identifies quantum-vulnerable cryptography in AI agent deployments. Enumerates RSA, ECC, DH key exchanges. Maps harvest-now-decrypt-later exposure. Flags missing CRYSTALS-Kyber/Dilithium migration. Standard
05 TRUSTBREAK cipher trustbreak Attacks certificate trust chains. Tests missing pinning, CT log monitoring gaps, intermediate CA exposure, OCSP stapling failures, and cross-signed certificate substitution vectors. Standard
06 TIMING cipher timing Statistical timing side-channel analysis against cryptographic operations. Measures response time distributions. Applies KS tests and Welch's t-tests to identify non-constant-time implementations leaking key material. Elevated
07 HARVEST cipher harvest Passive and active cryptographic material collection. PCAP analysis for weak cipher negotiation, certificate fingerprinting, JWK endpoint enumeration, and JWKS rotation monitoring. Standard
08 REPORT cipher report Aggregates all subsystem findings into a unified cryptographic risk report. NIST SP 800-131A mapping, FIPS 140-3 gap analysis, Ed25519 signed, RFC 3161 timestamped. AI Shield rule generation for crypto enforcement. Standard
Example Run

Full Cryptographic Assessment

$ cipher full-scan --target https://api.target.local --depth full --timing-samples 10000
[KEYBREAK] Analysing key generation quality...
  3 weak keys found — RSA-1024 in auth service, static ECDH seed detected
[DOWNGRADE] Testing protocol downgrade vectors...
  TLS 1.0 accepted — cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA
  RC4 negotiable on legacy endpoint :8443
[KEYHARVEST] Enumerating key material exposure...
  API key in response header — X-Internal-Token (2 endpoints)
  0 environment variable leaks detected
[QUANTUM] Mapping quantum-vulnerable cryptography...
  RSA-2048 key exchange — harvest-now-decrypt-later exposure confirmed
  No PQC algorithms detected — CRYSTALS-Kyber migration absent
[TRUSTBREAK] Attacking certificate trust chain...
  Certificate pinning absent on 4/6 TLS endpoints
  CT log monitoring: present
[TIMING] Running 10,000-sample timing analysis...
  KS test: p=0.0012 — non-constant-time HMAC comparison detected
[HARVEST] Collecting cryptographic observables...
  14 certificates fingerprinted, 2 expiring within 30 days

SCAN COMPLETE | Crypto Risk Grade: D | 11 findings | Report signed ✓

Ed25519 Signed Reports

Every CIPHER report is cryptographically signed. RFC 3161 timestamped. SHA-256 evidence chains. Findings are tamper-evident and audit-ready.

Statistical Timing Analysis

Kolmogorov-Smirnov and Welch's t-test applied to 10,000+ timing samples per endpoint. Non-constant-time implementations reliably identified with p-value backing.

NIST SP 800-131A Mapping

Every finding mapped to NIST SP 800-131A algorithm deprecation schedule. FIPS 140-3 gap analysis included. Post-quantum migration readiness scored.

AI Shield Integration

Every finding generates a blocking rule in AI Shield. Weak cipher negotiation, unauthenticated encryption, and timing-vulnerable endpoints get runtime protection immediately.

50
Tool No.
8
Subsystems
476
Tests Passing
6
Crypto Layers
0
Failures
Standards Coverage

Every Finding Mapped

NIST

NIST SP 800-131A Rev 2

  • Deprecated algorithm identification
  • Key length sufficiency validation
  • Disallowed algorithm enumeration
  • Transition period compliance check
  • Post-quantum readiness assessment
  • FIPS 140-3 gap analysis
OWASP

OWASP Cryptographic Failures

  • A02 Cryptographic Failures (Top 10)
  • Weak cipher suite negotiation
  • Improper certificate validation
  • Hard-coded cryptographic secrets
  • Insufficient key derivation
  • Unauthenticated encryption modes
Post-Quantum

PQC Migration Readiness

  • CRYSTALS-Kyber adoption status
  • CRYSTALS-Dilithium signing status
  • Harvest-now-decrypt-later exposure
  • RSA/ECC key exchange enumeration
  • Hybrid PQC transition assessment
  • NIST PQC Round 4 algorithm mapping
Available On

Security Distros & Package Managers

Kali Linux
.deb package
Parrot OS
.deb package
BlackArch
PKGBUILD
REMnux
.deb package
Tsurugi
.deb package
PyPI
pip install
macOS
pip install
Windows
pip install
Docker
docker pull
Ed25519 Cryptographic Gate
CIPHER UNLEASHED

All 8 CIPHER subsystems are gated behind the NIGHTFALL UNLEASHED Ed25519 cryptographic override. The TIMING subsystem requires elevated clearance for statistical side-channel analysis operations. Private key controlled. One operator. Founder's machine only.

Standard
KEYBREAK / DOWNGRADE / KEYHARVEST / QUANTUM / TRUSTBREAK / HARVEST / REPORT
Elevated
TIMING — statistical side-channel analysis against live cryptographic operations

Authorised Use Only

Red Specter CIPHER is intended for authorised security testing and cryptographic assessment only. Timing side-channel analysis and protocol downgrade testing against systems you do not own or have explicit written permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any cryptographic security assessment. Quantum vulnerability mapping of third-party infrastructure requires explicit scope approval. Apache License 2.0.