Red Specter ECLIPSE

Universal AI Defence Bypass & Coverage Analysis Engine — 10 subsystems. Tool 43 of NIGHTFALL Framework.

v1.0.0

Contents

Overview Installation SHADOW — Defensive Layer Discovery PRISM — Bypass Strategy Planner CORONA — WAF & Edge Bypass UMBRA — API Gateway Penetration PENUMBRA — Guardrail Defeat VEIL — Runtime Enforcement Evasion SPECTRA — Coverage Gap Mapper PARALLAX — Vendor Analysis FLARE — Cryptographic Evidence TOTALITY — Report Generator UNLEASHED Authorization CLI Reference Framework Mapping Disclaimer

Overview

ECLIPSE is a universal AI defence bypass and coverage analysis engine that systematically identifies and exploits gaps in AI security implementations. Unlike traditional penetration testing tools that focus on single vendors, ECLIPSE provides comprehensive assessment capabilities across WAFs, API gateways, AI guardrails, and runtime enforcement systems.

Every defence has a blind spot. ECLIPSE finds it.

Installation

$ pip install red-specter-eclipse
$ eclipse --version
$ eclipse status

Basic Usage

# Basic reconnaissance scan
$ eclipse scan --target https://api.example.com --mode recon

# Analysis with moderate testing
$ eclipse scan --target https://api.example.com --mode analysis

# Full engagement (requires UNLEASHED authorization)
$ eclipse unleashed create-scope --targets https://api.example.com --days 7
$ eclipse scan --target https://api.example.com --mode full --override --confirm-destroy

SHADOW — Defensive Layer Discovery

SHADOW performs comprehensive reconnaissance of defensive layers protecting AI systems. It identifies WAFs, CDNs, API gateways, rate limiters, and other security controls through fingerprinting and signature analysis.

Capabilities

WAF Detection: Cloudflare, Akamai, AWS WAF, Fastly, and 15+ other providers
CDN Fingerprinting: Edge server identification and mapping
API Gateway Discovery: Kong, Apigee, AWS API Gateway, Azure APIM
Rate Limiting Analysis: Threshold detection and bypass assessment
SSL/TLS Analysis: Certificate transparency and security evaluation
DNS Analysis: Subdomain enumeration and infrastructure mapping

$ eclipse scan --target https://api.example.com --subsystems shadow

PRISM — Bypass Strategy Planner

PRISM uses AI reasoning to develop optimal bypass strategies based on SHADOW's reconnaissance data. It prioritizes attack vectors, estimates success probabilities, and adapts techniques dynamically.

Capabilities

Attack Vector Prioritization: Risk-based targeting of highest-impact vulnerabilities
Bypass Strategy Development: Multi-step attack chain planning
Success Probability Analysis: Statistical modeling of bypass effectiveness
Adaptive Technique Selection: Dynamic adjustment based on defensive responses
NIGHTFALL Integration: Orchestration of specialized offensive tools

CORONA — WAF & Edge Bypass

CORONA specializes in bypassing Web Application Firewalls and edge protection services. It implements advanced evasion techniques targeting major cloud platforms and security providers.

Supported Platforms

Cloudflare: Origin discovery, parameter pollution, unicode bypass
Akamai: Edge server enumeration, header manipulation, encoding bypass
AWS WAF: Rule set analysis, managed rule bypass, custom rule evasion
Fastly: VCL bypass, edge configuration analysis
Generic Techniques: Double encoding, fragmentation, timing attacks

$ eclipse scan --target https://api.example.com --subsystems corona --mode analysis

UMBRA — API Gateway Penetration

UMBRA targets API gateways and management platforms with specialized bypass techniques for authentication, rate limiting, and request validation controls.

Supported Gateways

Kong Gateway: Plugin bypass, route manipulation, upstream targeting
Apigee: Policy circumvention, quota bypass, edge server targeting
AWS API Gateway: IAM bypass, throttling evasion, Lambda targeting
Azure APIM: Subscription bypass, CORS manipulation, backend targeting
GraphQL Introspection: Schema enumeration and query analysis

PENUMBRA — Guardrail Defeat

PENUMBRA focuses on defeating AI safety systems and guardrails through advanced prompt engineering and jailbreak techniques.

Targeted Systems

Lakera Guard: Content policy bypass and evasion techniques
NeMo Guardrails: Rule circumvention and logical bypass
LlamaGuard: Classification evasion and prompt manipulation
Prisma AIRS: Runtime protection bypass
Custom Guardrails: Pattern recognition and adaptive bypass

VEIL — Runtime Enforcement Evasion

VEIL implements stealth techniques to evade behavioral analysis and runtime enforcement systems through traffic obfuscation and pattern mimicking.

Evasion Techniques

Behavioral Mimicking: Human-like interaction patterns
Traffic Obfuscation: Request randomization and spacing
Session Manipulation: State confusion and persistence bypass
Anomaly Detection Evasion: Statistical blending and threshold dancing
Stealth Persistence: Long-term evasion without detection

SPECTRA — Coverage Gap Mapper

SPECTRA maps defensive coverage against industry frameworks, identifying gaps in protection and areas requiring additional security controls.

Framework Coverage

OWASP Agentic Top 10: Comprehensive coverage analysis
MITRE ATLAS: AI-specific attack technique mapping
NIST AI RMF: Risk management framework alignment
ISO 27001: Security control assessment
Custom Frameworks: Configurable mapping support

PARALLAX — Vendor Analysis

PARALLAX provides comparative analysis across multiple security vendors, scoring effectiveness and identifying optimal defensive configurations.

Analysis Capabilities

Multi-Vendor Comparison: Side-by-side effectiveness analysis
Performance Benchmarking: Response time and accuracy metrics
Cost-Benefit Analysis: ROI assessment for security investments
Recommendation Engine: Optimal configuration suggestions
Gap Analysis: Coverage overlap and blind spot identification

FLARE — Cryptographic Evidence

FLARE captures tamper-evident evidence of all testing activities using cryptographic hash chains and digital signatures for forensic integrity.

Evidence Types

SHA-256 Hash Chains: Immutable activity logs
RSA Digital Signatures: Evidence authenticity verification
Forensic Metadata: Complete technical documentation
Timeline Reconstruction: Chronological activity analysis
Verification Data: Public key infrastructure support

TOTALITY — Report Generator

TOTALITY synthesizes findings from all subsystems into comprehensive reports suitable for technical teams and executive stakeholders.

Report Types

Executive Summary: High-level risk assessment and recommendations
Technical Findings: Detailed vulnerability descriptions and evidence
Remediation Guide: Step-by-step fix instructions
Compliance Reports: Framework-specific documentation
Custom Reports: Configurable output formats and content

UNLEASHED Authorization

UNLEASHED provides Ed25519 dual-gate cryptographic authorization for destructive testing operations. Both UNLEASHED and operator keys are required for full engagement modes.

Authorization Commands

# Create authorized scope
$ eclipse unleashed create-scope --targets "https://api.example.com,https://test.example.com" --days 7

# Show current scope
$ eclipse unleashed show-scope

# Revoke authorization
$ eclipse unleashed revoke-scope

CLI Reference

Scan Commands

Command	Description
eclipse scan --target URL --mode recon	Passive reconnaissance only
eclipse scan --target URL --mode analysis	Active testing with safe payloads
eclipse scan --target URL --mode full	Complete engagement (requires UNLEASHED)
eclipse scan --subsystems shadow prism	Run specific subsystems only
eclipse scan --output results.json	Save results to file

Status Commands

Command	Description
eclipse status	Show system status
eclipse status --detailed	Detailed subsystem status
eclipse nightfall status	NIGHTFALL integration status

NIGHTFALL Integration

Command	Description
eclipse nightfall init	Initialize NIGHTFALL tools
eclipse nightfall execute --tool JANUS	Execute specific NIGHTFALL tool

Framework Mapping

OWASP Agentic Top 10 Coverage

A01: Agent Hijacking - SHADOW, PRISM, PENUMBRA
A02: Malicious Agent Registration - UMBRA, VEIL
A03: Vulnerable Components - CORONA, PARALLAX
A04: Agent Spoofing - VEIL, FLARE
A05: Improper Input Handling - PENUMBRA, CORONA
A06: Inadequate Safeguards - SPECTRA, PARALLAX
A07: Excessive Privileges - UMBRA, SHADOW
A08: Insufficient Monitoring - VEIL, FLARE
A09: Insecure Plugins - CORONA, UMBRA
A10: Unbounded Consumption - SHADOW, PARALLAX

MITRE ATLAS Techniques

T1040: Network Sniffing - SHADOW reconnaissance
T1082: System Information Discovery - SHADOW fingerprinting
T1190: Exploit Public-Facing Application - CORONA WAF bypass
T1498: Network Denial of Service - Rate limit testing
T1548: Abuse Elevation Control Mechanism - UMBRA privilege escalation

Professional Use Only: ECLIPSE is designed exclusively for authorized security testing by qualified professionals. Users must obtain explicit written authorization before testing any systems and comply with all applicable laws and regulations.

Disclaimer

ECLIPSE is a professional security testing tool intended for authorized penetration testing and security research only. Users are responsible for:

Obtaining proper authorization before testing any systems
Complying with all applicable laws and regulations
Using the tool only within authorized scope and boundaries
Maintaining professional standards and ethics
Respecting system owners and data privacy

Red Specter Security Research Ltd disclaims responsibility for unauthorized or malicious use of this software.