Red Specter KRAKEN
Autonomous AI-Orchestrated Availability Testing — 55 techniques. 5 categories. NEMESIS reasoning. Pure Python.
Overview
KRAKEN is the first availability testing tool that combines traditional network and application flooding with AI-native resource exhaustion attacks, orchestrated by an intelligent reasoning engine that adapts in real time based on target behaviour.
Every DDoS tool built before 2023 was designed for a world where the target was a web server. GoldenEye (2017), SlowLoris (2009), LOIC (2010). All dead. KRAKEN is the first tool built for the AI era — where the target is an LLM inference fleet running on compute that costs money per token.
Five Autonomous Phases
Installation
Or from source:
System requirements: Python 3.11+, 4GB RAM minimum. Linux recommended for raw socket techniques (require root). Optional: scapy for L3/L4 packet crafting.
Quick Start
Network Exhaustion — 10 Techniques
Layer 3/4 network flooding. Require raw socket access (root). Traditional volumetric and amplification attacks.
| ID | Technique | Description |
|---|---|---|
| NET-001 | UDP Flood | High-volume UDP packet flooding |
| NET-002 | TCP SYN Flood | Half-open connection exhaustion |
| NET-003 | TCP ACK Flood | Connection table exhaustion |
| NET-004 | ICMP Flood | Ping flood and fragmentation |
| NET-005 | IP Fragmentation | Fragment reassembly buffer exhaustion |
| NET-006 | DNS Amplification | Recursive resolver abuse (50-70x) |
| NET-007 | NTP Amplification | Monlist reflection (500x+) |
| NET-008 | SSDP Amplification | UPnP reflection (30x) |
| NET-009 | Memcached Amplification | UDP reflection (51000x) |
| NET-010 | BGP Hijack Simulation | Route poisoning test |
Application Exhaustion — 15 Techniques
Layer 7 application-layer attacks. HTTP flooding, slow-rate attacks, cache manipulation, and TLS exhaustion.
| ID | Technique | Description |
|---|---|---|
| APP-001 | HTTP GET Flood | High-volume legitimate GET requests |
| APP-002 | HTTP POST Flood | Large body POST exhaustion |
| APP-003 | HTTP/2 Rapid Reset | CVE-2023-44487 stream reset |
| APP-004 | HTTP/2 Stream Flood | Multiplexing exhaustion |
| APP-005 | HTTP/3 QUIC Flood | QUIC handshake exhaustion |
| APP-006 | Slowloris | Slow header connection hold |
| APP-007 | Slow POST (RUDY) | One-byte-at-a-time body |
| APP-008 | Slow Read | Zero TCP window advertisement |
| APP-009 | Cache Bypass | Unique parameter flooding past CDN |
| APP-010 | Cache Poisoning | CDN cache corruption |
| APP-011 | SSL/TLS Handshake Flood | Mass TLS handshake initiation |
| APP-012 | SSL Renegotiation | Repeated renegotiation |
| APP-013 | DNS Query Flood | DNS resolver exhaustion |
| APP-014 | HTTP Header Bomb | Oversized header buffer exhaustion |
| APP-015 | WebSocket Flood | WebSocket connection exhaustion |
API Exhaustion — 13 Techniques
API-layer attacks targeting REST, GraphQL, gRPC, WebSocket, and authentication endpoints.
| ID | Technique | Description |
|---|---|---|
| API-001 | REST API Flood | Endpoint-specific flooding |
| API-002 | GraphQL Depth Attack | Deeply nested query exhaustion |
| API-003 | GraphQL Alias Bombing | Mass alias resolver multiplication |
| API-004 | GraphQL Introspection | Schema introspection exhaustion |
| API-005 | XML Bomb | Billion Laughs entity expansion |
| API-006 | JSON Bomb | Deeply nested JSON exhaustion |
| API-007 | Regex DoS | Catastrophic backtracking |
| API-008 | OAuth Token Flood | Token endpoint exhaustion |
| API-009 | Webhook Flood | Callback endpoint storm |
| API-010 | WebSocket Message Bomb | Frame flooding |
| API-011 | gRPC Stream Flood | Bidirectional stream abuse |
| API-012 | API Key Bruteforce | Authentication exhaustion |
| API-013 | Multipart Upload Flood | File upload exhaustion |
AI Infrastructure Exhaustion — 12 Techniques
Novel AI-native attacks. Nobody else has built these. Target LLM inference costs, RAG retrieval, multi-agent fan-out, and token budgets.
| ID | Technique | Description |
|---|---|---|
| AI-001 | LLM Inference Cost Attack | Prompts maximising compute cost (100x normal) |
| AI-002 | Context Window Maximiser | Maximum context inputs (10-50x cost) |
| AI-003 | RAG Retrieval Flood | Maximum vector store retrievals per request |
| AI-004 | RAG Poisoning DoS | Trigger retrieval of large corrupted documents |
| AI-005 | Multi-Agent Fan-Out | One request fans to 10-20 parallel LLM calls |
| AI-006 | Token Budget Exhaustion | Burn per-session token budgets rapidly |
| AI-007 | Embedding Generation Flood | High-volume embedding model requests |
| AI-008 | Agent Memory Flood | Exhaust persistent agent memory storage |
| AI-009 | Tool Call Cascade | Force maximum external tool calls per query |
| AI-010 | Hallucination Amplifier | Force maximum validation retries (multiply cost) |
| AI-011 | Agentic Loop Induction | Infinite reasoning loops burn compute |
| AI-012 | Model Cascade Attack | Trigger full multi-model pipeline cascade |
Adaptive Techniques — 5 Techniques
NEMESIS-orchestrated meta-techniques that combine and rotate the other 50 techniques in real time.
| ID | Technique | Description |
|---|---|---|
| ADT-001 | Rotating Vector Attack | Cycle all techniques — never repeat pattern |
| ADT-002 | Threshold Probing | Stay just below detection threshold |
| ADT-003 | Timing Attack | Exploit maintenance windows and peak periods |
| ADT-004 | Geographic Distribution | Simulate organic multi-source traffic |
| ADT-005 | Protocol Confusion | Mix valid and malformed to confuse WAF |
NEMESIS Integration
KRAKEN uses NEMESIS as its reasoning engine. After reconnaissance, NEMESIS analyses the target profile and generates a multi-phase attack plan.
- Technique selection: NEMESIS selects which of the 55 techniques apply based on recon findings
- Phase sequencing: Probing → Escalation → Full Assault → AI Infrastructure
- Real-time adaptation: Monitors target response and adjusts before mitigation completes
- Escalation logic: Automatically escalates when defences adapt
- Never repeats: Rotating vector attack ensures no two patterns are identical
This is not scripted attack automation. This is autonomous attack intelligence.
KRAKEN UNLEASHED
Cryptographic override. Private key controlled. One operator. Founder's machine only.
Standard mode performs reconnaissance and maps vulnerabilities. UNLEASHED mode executes live availability testing against authorised targets.
| Capability | Detection Mode | UNLEASHED |
|---|---|---|
| Reconnaissance | Full fingerprinting | Full fingerprinting |
| Attack planning | NEMESIS generates plan | NEMESIS generates plan |
| Traffic generation | None | Full multi-vector flood |
| AI techniques | None | Live inference cost attacks |
| Impact measurement | Passive monitoring | Active availability scoring |
| Key required | No | Ed25519 |
| Auto-lock | N/A | 30 minutes |
UNLEASHED mode is restricted to authorised operators with Ed25519 private key access. Live availability testing must only occur against authorised targets with explicit written permission. Targets must be listed in ~/.kraken/allowed_targets.txt. Unauthorised use will violate applicable law.
CLI Reference
Commands
| Command | Description |
|---|---|
| kraken init | Initialise configuration and Ed25519 keys |
| kraken status | System status and technique count |
| kraken techniques | List all 55 techniques with metadata |
| kraken recon <target> | Reconnaissance — fingerprint and map attack surface |
| kraken plan <target> | Generate NEMESIS attack plan from recon |
| kraken execute <target> | Execute attack plan (requires UNLEASHED) |
| kraken measure <target> | Measure current target availability |
| kraken report <id> | Generate Ed25519 signed engagement report |
| kraken engagements | List all engagement sessions |
Flags
| Flag | Description |
|---|---|
| --duration | Attack duration in seconds (default: 60) |
| --techniques | Comma-separated technique IDs or 'all' |
| --concurrency | Concurrent connections per agent (default: 100) |
| --category | Filter: network, application, api, ai, adaptive |
| --samples | Measurement probe count (default: 10) |
| --override | UNLEASHED dry-run (Ed25519 required) |
| --confirm-destroy | UNLEASHED live execution |
Reporting
Every engagement generates an Ed25519 signed RESTRICTED report containing target profile, attack vectors executed, availability impact metrics, findings per technique, MITRE ATT&CK mapping, and remediation recommendations.
MITRE ATT&CK Coverage
| Technique | KRAKEN Coverage |
|---|---|
| T1498 | Network Denial of Service (NET-001 to NET-010) |
| T1498.001 | Direct Network Flood (UDP, SYN, ACK, ICMP) |
| T1498.002 | Reflection Amplification (DNS, NTP, SSDP, Memcached) |
| T1499 | Endpoint Denial of Service (all APP + API techniques) |
| T1499.002 | Service Exhaustion Flood (HTTP, WebSocket, gRPC) |
| T1499.003 | Application Exhaustion (GraphQL, XML/JSON, AI techniques) |
| T1499.004 | Application Exploitation (HTTP/2 Rapid Reset, Regex DoS) |
OWASP LLM Top 10
LLM04 — Model Denial of Service: All 12 AI infrastructure exhaustion techniques (AI-001 through AI-012).
Disclaimer
Red Specter KRAKEN is designed for authorised availability testing, security research, and educational purposes only. Availability testing techniques demonstrated by KRAKEN can cause service degradation or outage on target systems. You must have explicit written permission from the system owner before running KRAKEN against any target. Testing must only occur against systems listed in the allowed_targets.txt scope file. Unauthorised use may violate the Computer Misuse Act 1990 (UK), the Computer Fraud and Abuse Act (US), or equivalent legislation in your jurisdiction. The authors accept no liability for misuse or damage resulting from improper use.