Welcome to NIGHTFALL. Bring your targets. Prove your defences. 75 offensive AI security tools (74 public + 1 law enforcement restricted). One install. One CLI. Every attack surface covered.
NIGHTFALL is a controlled adversarial testing framework designed to validate AI Shield's runtime defences under real-world conditions.
78 tools. Five attack surfaces. One framework.
Traditional red team toolkits were built for human-driven testing. They were never designed to test autonomous AI systems.
AI agents introduce a completely new attack surface — memory, tools, identity, reasoning, and autonomy. That surface is not covered by existing security tooling. Kali Linux and Parrot OS remain essential for traditional penetration testing. But they were built for a different threat model — one where a human is always in the loop.
Every other red team tool runs static payloads. NEMESIS reasons, adapts, and evolves mid-engagement. 21 weapons. 40 autonomous entities. AI-driven attack mutation that never runs the same test twice.
Your AI defence has never been tested against an AI attack. Signature-based detection fails because NEMESIS never repeats. Behavioural analysis fails because NEMESIS reasons about the defence and changes strategy. The only defence that keeps pace is one built by the same mind that built the attack. That defence is AI Shield.
Every tool works standalone. NIGHTFALL connects them all. Pick the path that fits your engagement.
Need one tool? Download it. Install it. Run it. No framework required. Each of the 66 public tools has its own repo, its own CLI, its own tests. Works independently.
66 public repos. Each one a weapon.
One install. All 67 tools. Attack chains. Engagement management. History. Signed reports. Audit trail. Everything wired together under one CLI.
Individual tools are hammers. NIGHTFALL is the workshop.
71 tools mapped across 13 kill chain phases. From passive reconnaissance through space-based NTN exploitation. Full coverage. Each phase is mapped to adversary behaviour and validated against AI Shield defensive controls.
One Ed25519-signed evidence graph across the entire NIGHTFALL platform. Not a tool — the evidence layer every tool plugs into.
Every engagement produces evidence from many NIGHTFALL tools — BOUNDARY scans the model, SHROUD finds origin servers, POLTERGEIST exploits the web stack, SPECTER ATLAS attacks the operator API, SPECTER MEMETIC hijacks agent memory. Each tool emits its own signed report. Cross-tool attack paths exist only in the operator's head and the final-report PDF.
CAMPAIGN GRAPH is the source of truth: one DAG, one signature, one merge protocol. Every finding lives on the same graph keyed by shared entities (host, IP, agent ID, MCP URI, A2A card, OAuth client, NHI, memory backend, model). Every causal edge is recorded. Every byte is hash-chained. KPMG, IETF, and law-enforcement disclosure pipelines consume one artefact instead of 78.
Every tool in NIGHTFALL exists to test a control in AI Shield. NIGHTFALL is not separate from AI Shield. It is how AI Shield is proven.
ECHO poisons RAG pipelines and vector databases. AI Shield's memory forensics modules detect and neutralise the poisoned data.
HYDRA exploits trust chains between AI components. AI Shield's trust validation modules verify every dependency and data source.
NEMESIS autonomously reasons about defences and mutates attacks in real-time. 21 weapons, 40 entities, never the same attack twice. AI Shield's runtime enforcement is the only defence that evolves at the same pace.
HARBINGER and SIREN break through safety guardrails. AI Shield's input/output filtering modules catch the bypass attempts.
WRAITH MIND corrupts model internals. AI Shield's model integrity modules detect drift, poisoning, and behavioural anomalies.
When all else fails, M99 Doomsday Protocol terminates compromised agents with a 7-layer kill. No survivors. No resurrection.
Pre-built tool pipelines. One command, multiple tools, automatic sequencing. Results flow between tools.
ORION → SHADOWMAP → WRAITH → IDRIS
FORGE → ARSENAL → NEMESIS → HYDRA
POLTERGEIST → GLASS → WRAITH → BANSHEE → REAPER
DOMINION → GHOUL → DOMINION → DOMINION
ORION → WRAITH → REAPER → DOMINION
SHADOWMAP → RAVEN → ORION → IDRIS
REAPER → GHOUL
SHADOWMAP → SPECTER SOCIAL → SPECTER SOCIAL
LEVIATHAN → PROXY WAR → BLADE RUNNER
JUSTICE → KAMIKAZE → BLADE RUNNER
MIRAGE → MIRAGE → MIRAGE → MIRAGE
ECHO → ECHO → ECHO → ECHO → ECHO
MIMIC → MIMIC → MIMIC → MIMIC
CHIMERA → CHIMERA → CHIMERA → CHIMERA
VORTEX → VORTEX → VORTEX → VORTEX
NIGHTFALL is pure CLI. Every command. Every tool. Every chain. One terminal.
Every tool execution passes through the UNLEASHED gate. One key. One operator. Ed25519 cryptographic override. All actions logged and signed.
Standard mode. Maps attack surfaces. Identifies vulnerabilities. No exploitation. Reports only.
--override flag. Plans full engagements. Shows what would work. Ed25519 required. No execution.
Cryptographic override. Private key controlled. One operator. Founder's machine only.
Standard chains scan and report. These chains execute full adversarial testing. Exploitation, credential cracking, privilege escalation, OS-level compromise. One command. Authorised destructive testing under controlled conditions.
One private key exists. It never leaves the operator's machine. Every UNLEASHED execution requires a cryptographic challenge signed with that key. No key, no destruction. No exceptions. The key cannot be copied, shared, or delegated. One key. One operator. One machine. Every action is signed, timestamped, and written to an immutable Ed25519 audit chain.
AUTHORISED PENETRATION TESTING ONLY. EVERY EXECUTION SIGNED AND LOGGED.
Clone and run the installer.
Any platform. Mac, Windows, Linux.
Pure Python. Works natively.
Python 3.11+ or Docker Desktop.
Native package.
RPM package.
NIGHTFALL runs everywhere your operators do. Native packages for every major security distribution. One install, any platform.
78 offensive tools. 51,235 tests. 19 attack chains. One install. One CLI. NIGHTFALL defines the offensive layer of AI runtime security.