pip install red-specter-kraken
GoldenEye. SlowLoris. LOIC. hping3. All built before 2015. All designed for a world where the target was a web server. The target is no longer a web server. It is an LLM inference endpoint, a RAG pipeline, an AI agent orchestrator, or a multi-model cascade — and every existing tool is blind to it.
Last updated 2017. HTTP GET/POST flood only. No API awareness. No AI awareness. Blocked by every CDN on the market.
Written in 2009. Slow header exhaustion. Defeated by any modern web server with connection timeouts configured.
Peak era: 2010. Volumetric flooding. You cannot out-bandwidth Cloudflare with a Python script on a single machine.
Zero new availability testing tools in over a decade. Meanwhile: LLMs, RAG systems, AI agents, inference compute, token budgets. An entirely new attack surface. Nobody built for it.
KRAKEN covers traditional network flooding through to AI-native compute exhaustion. Every technique built from scratch in pure Python. Zero external tool dependencies. Zero subprocess calls. NEMESIS reasoning selects and sequences attacks autonomously.
UDP Flood, TCP SYN/ACK, ICMP, IP Fragmentation, DNS/NTP/SSDP/Memcached Amplification, BGP Hijack Simulation. Layer 3 and Layer 4 exhaustion at scale.
HTTP GET/POST Flood, HTTP/2 Rapid Reset (CVE-2023-44487), HTTP/3 QUIC, Slowloris, Slow POST, Slow Read, Cache Bypass/Poisoning, SSL/TLS Flood, WebSocket Flood. Full Layer 7 coverage.
REST API Flood, GraphQL Depth/Alias/Introspection Abuse, XML Bomb, JSON Bomb, Regex DoS, OAuth Token Flood, Webhook Flood, gRPC Stream Flood. Every API attack surface covered.
LLM Inference Cost Attack. Context Window Maximiser. RAG Retrieval Flood. Multi-Agent Fan-Out. Token Budget Exhaustion. Agentic Loop Induction. Model Cascade Attack. Nobody else has built these.
Rotating Vector Attack. Threshold Probing. Timing Attack. Geographic Distribution. Protocol Confusion. Never presents the same attack pattern twice. Adapts to defensive responses in real time.
Connected to the NIGHTFALL ARMORY payload intelligence library. Pulls extraction accelerator, delegation bomb, and AI-native payloads on demand. Auto-mutation engine generates evasion variants. Successful payloads feed back for continuous improvement.
KRAKEN does not run scripted attacks. It thinks. NEMESIS plans the engagement based on recon output — selects techniques, calculates sequencing, adapts in real time, escalates when defences respond. Three phases. One command.
Run recon, plan the engagement, then execute — NEMESIS selects optimal techniques automatically:
Every destructive operation is Ed25519 signed, scope-locked to an allowed targets file, and auto-locks after 30 minutes. Three tiers of operation. Authorised penetration testing only.
Default mode. Reconnaissance only. Fingerprint target. Map attack surface. Discover AI endpoints. Zero attack traffic sent.
--override flag. Ed25519 signature required. Plans the full attack. Shows projected impact. No execution. NEMESIS selects techniques.
--override --confirm-destroy. Full autonomous attack against authorised targets only. 30-minute auto-lock. RESTRICTED signed report.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
Red Specter KRAKEN is intended for authorised security testing only. Conducting availability attacks against systems you do not own or have explicit written permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.