pip install red-specter-eclipse
Organisations deploy multiple AI security layers without any systematic way to test what those defences actually stop. Every vendor claims comprehensive protection. None of them have been tested together under adversarial conditions. ECLIPSE maps every defensive layer and identifies exactly where attackers walk straight through.
Security teams deploy WAFs, guardrails, API gateways and runtime enforcement without knowing which attack vectors they actually block. ECLIPSE runs comprehensive coverage analysis across every layer and tells you exactly what is protected and what is not.
Attackers do not follow documentation. They find the gaps between defensive layers — the requests that slip past WAF rules but bypass guardrail logic, the API calls that evade gateway policies while tripping runtime monitors. ECLIPSE probes every seam.
Every vendor tests their own solution in isolation. Nobody tests how Cloudflare, Lakera, Kong, and NeMo interact under a real attack. ECLIPSE is vendor-agnostic, systematic, and tests the combination — not just the individual components.
Penetration testing findings are only as good as the evidence behind them. ECLIPSE's FLARE subsystem captures tamper-evident cryptographic evidence of every bypass attempt and success, building a forensic record that holds up under scrutiny.
OWASP Agentic Top 10 and MITRE ATLAS define the attack surface. Security teams have no systematic way to measure coverage against these frameworks. ECLIPSE's SPECTRA subsystem maps every finding directly to the relevant framework techniques.
Choosing between AI security vendors requires objective comparison data. Vendor demos are biased by design. ECLIPSE's PARALLAX subsystem provides objective comparative analysis — same test, same target, same conditions, side by side.
ECLIPSE is built from eleven specialised subsystems that cover the complete AI defence stack. From initial reconnaissance through WAF bypass, guardrail defeat, runtime evasion, vendor analysis, cryptographic evidence, GLASSWING universal coverage probe, and final reporting — every phase makes real connections and performs genuine analysis. No placeholders.
| # | Subsystem | Command | What It Does |
|---|---|---|---|
| 01 | SHADOW | eclipse shadow scan | Comprehensive reconnaissance of defensive layers protecting AI systems. Maps WAFs, CDNs, API gateways, rate limiters, and all security controls through fingerprinting and signature analysis. 15+ WAF providers detected. |
| 02 | PRISM | eclipse prism plan | AI-powered bypass strategy planner. Analyses SHADOW's reconnaissance data, prioritises attack vectors by success probability, and builds multi-step bypass chains. Orchestrates JANUS, FORGE, and SERPENT integrations. |
| 03 | CORONA | eclipse corona bypass | Specialist WAF and edge protection bypass targeting Cloudflare, Akamai, AWS WAF, and Fastly with platform-specific evasion. Double encoding, fragmentation, parameter pollution, unicode bypass, timing attacks. |
| 04 | UMBRA | eclipse umbra penetrate | API gateway penetration for Kong, Apigee, AWS API Gateway, and Azure APIM. Targets authentication bypass, rate limit circumvention, request validation evasion, and GraphQL introspection. |
| 05 | PENUMBRA | eclipse penumbra defeat | AI safety system and guardrail defeat engine. Targets content policies, jailbreak detection, and safety classifiers across Lakera Guard, NeMo Guardrails, LlamaGuard, and Prisma AIRS. Instruction splitting and context reconstruction. |
| 06 | VEIL | eclipse veil evade | Behavioural analysis and runtime enforcement evasion through traffic obfuscation, human-like interaction pattern generation, request randomisation, session state manipulation, and anomaly detection threshold dancing. |
| 07 | SPECTRA | eclipse spectra map | Maps all findings against OWASP Agentic Top 10 and MITRE ATLAS, identifying coverage gaps and producing framework-aligned assessment reports. NIST AI RMF and ISO 27001 alignment also supported. |
| 08 | PARALLAX | eclipse parallax compare | Objective comparative analysis across multiple AI security vendors. Same tests, same conditions, side-by-side effectiveness scoring. Coverage overlap, blind spot identification, cost-benefit analysis, and optimal configuration recommendations. |
| 09 | GLASSWING | eclipse glasswing probe | Universal AI defence coverage probe. Runs a comprehensive battery of categorised test vectors across all defensive layers simultaneously, producing a complete coverage heatmap that reveals every unguarded vector in the combined defence posture. |
| 10 | FLARE | eclipse flare capture | Tamper-evident cryptographic evidence capture for all testing activities. SHA-256 hash chains with RSA signatures build a forensic record that survives legal scrutiny. Complete metadata, chronological timeline reconstruction, public key infrastructure. |
| 11 | TOTALITY | eclipse totality report | Synthesises all subsystem findings into comprehensive reports. Executive summaries, technical findings with evidence links, framework-aligned compliance reporting, prioritised remediation guide. JSON, HTML, and PDF output formats. |
ECLIPSE runs as a clean CLI tool. Reconnaissance mode requires no authorisation. Analysis mode adds active bypass testing with safe payloads. Full engagement mode unlocks destructive bypass testing and requires UNLEASHED cryptographic authorisation.
$ eclipse scan --target https://api.target.com --mode recon [INFO] ECLIPSE Engine v1.0.0 — 11 subsystems loaded [INFO] Running SHADOW — Defensive layer discovery [INFO] Running SPECTRA — Coverage gap analysis [INFO] Running GLASSWING — Universal coverage probe [INFO] Running FLARE — Cryptographic evidence capture [INFO] Running TOTALITY — Report generation WAF detected: Cloudflare (confidence: 0.94) API gateway: AWS API Gateway (confidence: 0.87) Coverage gaps identified: 4 OWASP Agentic Top 10 vectors
$ eclipse scan --target https://api.target.com --mode analysis [INFO] Running SHADOW, PRISM, CORONA, UMBRA, PENUMBRA, VEIL [INFO] Running GLASSWING, SPECTRA, PARALLAX, FLARE, TOTALITY CORONA: Cloudflare bypass via parameter pollution — SUCCESS (confidence: 0.71) PENUMBRA: NeMo Guardrails — context reconstruction bypass — SUCCESS GLASSWING: 6 unguarded vectors detected in combined defence posture Risk score: 83.4 / 100 — CRITICAL Vulnerabilities found: 9 | Critical: 3 | High: 4 | Medium: 2
$ eclipse unleashed create-scope --targets https://api.target.com --days 7 [INFO] Scope signed with Ed25519. Expires: 2026-05-05. $ eclipse scan --target https://api.target.com --mode full --override --confirm-destroy UNLEASHED gate cleared. All 11 subsystems active. CORONA: Full origin server bypass — SUCCESS UMBRA: AWS API Gateway auth bypass — SUCCESS GLASSWING: Full coverage heatmap generated — 11 unguarded vectors Full engagement report: results.json | evidence.flare
ECLIPSE's 11 subsystems execute in a defined assessment pipeline. Each phase feeds the next. PRISM coordinates strategy across all bypass subsystems. GLASSWING probes the combined defence posture for universal coverage gaps. Every execution generates cryptographic evidence through FLARE.
FLARE captures tamper-evident evidence of every test, every bypass, every finding. SHA-256 hash chains with RSA signatures. Every engagement generates a forensic record that holds up under legal and regulatory scrutiny.
SHA-256 chained hashes across every log entry. Any tampering breaks the chain and is immediately detectable.
RSA signatures on all evidence packages. Verify authenticity and integrity without access to the original session.
Chronological reconstruction of every test activity. Precise timestamps. Full audit trail from scan start to report generation.
Complete technical and procedural documentation. Request and response capture. Headers. Status codes. Response bodies. All cryptographically secured.
Standard mode runs reconnaissance only. --override adds active bypass testing with safe payloads. --override --confirm-destroy unlocks full destructive engagement. Ed25519 crypto. Dual-gate safety. One operator key. Every execution cryptographically logged.
Reconnaissance only. SHADOW and SPECTRA active. Maps defensive layers, identifies coverage gaps, classifies targets. No bypass attempts. No modification. Reports and evidence only.
Active bypass testing unlocked. CORONA, UMBRA, PENUMBRA, VEIL, and GLASSWING activated. Safe payloads only. Tests bypass viability without full exploitation. Ed25519 authorisation required.
Full destructive engagement. All 11 subsystems at maximum capability. Real exploitation. Complete GLASSWING coverage heatmap. Every finding verified live. Ed25519 dual-gate required.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
ECLIPSE performs active bypass testing against AI security implementations. It is intended for authorised penetration testing and security assessments only. Unauthorised use against systems you do not own or have explicit written permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments. Every engagement is cryptographically signed, timestamped, and logged by FLARE. Apache License 2.0.