PHANTASM

AI Fleet Detection & Topology Mapping Engine

T85 · v1.0.0 · NIGHTFALL Offensive Framework
270
Tests
8
Subsystems
6
Fleet Tiers
22
AI Service Ports
4
Output Formats
Documentation ← NIGHTFALL
Overview

Pre-Engagement AI Fleet Intelligence

The Pre-Engagement Problem
Before deploying IDRIS, WARLORD, or SPECTER INSTINCTION against a target, operators need to know: does the target run an AI fleet? How big? What stack? PHANTASM answers these questions without firing a single offensive payload.
Multi-Layer Discovery
PHANTASM layers passive OSINT (GitHub, Shodan, Censys), certificate transparency, DNS subdomain enumeration, async TCP port sweeping, HTTP protocol fingerprinting, and behavioural timing analysis to build a comprehensive picture of the target's AI surface.
Fleet Topology Graph
LATTICE builds a directed graph of the AI fleet — inference servers, gateways, frontends, agents, MCP servers — and infers relationships between them. Exported as JSON-LD, GraphML, or Mermaid diagram.
Honeypot Detection
WRAITH-CHECK analyses every discovered endpoint for canary tokens, honeypot banners, implausibly low inference latency, catch-all HTTP response behaviour, and fake model lists. Honeypots are flagged and excluded from handoff targets.
Signed Intel Reports
Every PHANTASM scan produces a FLT-{hex12} report signed with Ed25519 and SHA-256 hash-chained evidence. Reports carry recommended NIGHTFALL tool assignments based on the detected fleet tier and service composition.
NIGHTFALL Integration
PHANTASM outputs structured handoff targets for WARLORD campaign ingestion, IDRIS model exploitation, SPECTER INSTINCTION behavioural profiling, FOUNDRY inference exploitation, and SPECTER A2A agent card attacks.
Architecture

8 Subsystems

SS-01
SPECTER-EYE
Passive OSINT aggregation. Queries GitHub repository search for AI-topic repos, crt.sh passive lookup, Shodan AI service banners, and Censys ASN enumeration. Extracts AI framework references, infrastructure hints, and operator identity signals.
● PASSIVE — no target contact
SS-02
CERBERUS-CERT
Certificate transparency log mining via crt.sh JSON API. Enumerates 29 AI-pattern subdomains (ai, llm, agent, inference, rag, mcp, a2a, copilot, vector…) via DNS resolution. Discovers additional hosts from cert SANs.
● PASSIVE — CT logs + DNS only
SS-03
BEACON-SCAN
Async TCP connect scan across 22 known AI service ports: Ollama (11434), vLLM (8000), LiteLLM (4000), Triton (9000), Gradio (7860/7861), Streamlit (8501/8502), Jupyter (8888), and 13 more. Semaphore-gated concurrent scanning with jitter.
● UNLEASHED required
SS-04
MIRAGE
HTTP protocol fingerprinting across 12 well-known AI paths: /v1/models, /api/tags, /.well-known/agent.json, /.well-known/ai-plugin.json, /mcp, /sse, /v2/health/ready, /metrics, and more. Extracts model lists from confirmed Ollama/OpenAI-compat responses.
● UNLEASHED required
SS-05
TIMESTAMP
Behavioural timing analysis — collects 5 latency samples per endpoint, detects inference timing patterns (mean >200ms or mean >50ms + std >20ms), identifies SSE/chunked streaming responses, and estimates model size class (7B/13B/30B/70B/large) from latency distribution.
● UNLEASHED required
SS-06
WRAITH-CHECK
Honeypot detection engine. Checks for canary token headers, honeypot banners (OpenCanary, Thinkst, Cowrie), implausibly low inference latency, catch-all HTTP 200 responses on bait paths, and fake model lists. Supports --stop-on-honeypot hard abort mode.
● UNLEASHED required (bait probing)
SS-07
LATTICE
Topology graph construction using networkx DiGraph. Ingests endpoints, cert records, DNS records, and timing profiles into a directed topology graph. Infers gateway→ inference, frontend→gateway, and agent→inference relationships. Exports JSON-LD, GraphML, and Mermaid (auto-suppressed at 50+ nodes).
● PASSIVE — local graph only
SS-08
CENSUS
Weighted multi-signal scoring: /v1/models response +5, Ollama tags +5, agent.json +5, MCP endpoint +5, cert AI pattern +2, DNS AI subdomain +2, inference timing +3. Classifies into 6 fleet tiers: NONE / SINGLE / SMALL / MEDIUM / LARGE / ENTERPRISE. Recommends NIGHTFALL tools by tier and service composition.
● PASSIVE — scoring only
Classification

6 Fleet Tiers

CENSUS aggregates all subsystem signal scores into a single weighted total, then classifies the target into one of six fleet tiers with NIGHTFALL tool recommendations.

Tier Score Range Interpretation Primary NIGHTFALL Response
NONE 0 – 2.9 No AI surface detected Passive re-scan after 24h
SINGLE 3 – 9.9 Single AI agent or inference endpoint SPECTER INSTINCTION · IDRIS
SMALL 10 – 19.9 Small fleet (2–5 nodes) SPECTER A2A · SPECTER CONTEXT · FOUNDRY
MEDIUM 20 – 39.9 Medium fleet (6–20 nodes) WARLORD · SPECTER PLATFORM · ROGUE
LARGE 40 – 59.9 Large fleet (20+ nodes) SPECTER HELLFIRE · SPECTER EXTINCTION
ENTERPRISE 60+ Enterprise AI platform deployment SPECTER EXTINCTION · Full NIGHTFALL battery
Gate

UNLEASHED Gate

OPERATION CLEARANCE LEVELS
PHANTASM enforces three clearance levels. Passive operations require no gate — they only query public APIs and do not contact the target directly. Active scanning operations require phantasm_scope.json with unleashed_active: true. Aggressive TCP scanning requires clearance_level: DESTROY or ANNIHILATE.
PASSIVE — no gate UNLEASHED — active scan DESTROY/ANNIHILATE — aggressive
Passive: SPECTER-EYE · CERBERUS-CERT · LATTICE · CENSUS · report
UNLEASHED: BEACON-SCAN · MIRAGE · TIMESTAMP · WRAITH-CHECK bait probing
DESTROY/ANNIHILATE: BEACON-SCAN --aggressive
Usage

CLI Examples

# Passive-only pre-scan — no target contact, no gate required
$ specter-phantasm passive target.org --format text

# Full UNLEASHED survey with JSON output
$ specter-phantasm survey target.org --scope phantasm_scope.json -o report.json

# Abort if honeypot detected, export topology as GraphML
$ specter-phantasm survey 10.0.0.0/24 --stop-on-honeypot --format graphml -o fleet.gml

# Aggressive scan (DESTROY clearance), export Mermaid diagram
$ specter-phantasm survey target.org --aggressive --format mermaid -o topology.mmd

# Re-render existing report in JSON-LD format
$ specter-phantasm report FLT-AB12CD34.json --format jsonld -o fleet.jsonld

# Generate Ed25519 signing keypair
$ specter-phantasm keygen
✓ Keypair generated: keys/phantasm_private.pem · keys/phantasm_public.pem
Output

4 Output Formats

JSON
Full report with all subsystem outputs, evidence chain, Ed25519 signature. Machine-readable. WARLORD/IDRIS handoff format.
JSON-LD
Schema.org + Red Specter PHANTASM vocabulary. Semantic topology graph with urn:phantasm:node: URIs. Feed into SPARQL or graph databases.
GraphML
Standard GraphML via networkx. Import into Gephi, Neo4j, or any graph analysis tool for manual topology exploration.
MERMAID
Auto-generated Mermaid flowchart (TD layout). Honeypot nodes styled red. Auto-suppressed at 50+ nodes to prevent unreadable diagrams.
TEXT
Human-readable one-page summary: tier, score breakdown, confirmed endpoints, DNS discoveries, cert transparency hits, timing analysis, recommended tools.
Integration

NIGHTFALL Tool Handoff

PHANTASM is the reconnaissance layer for the NIGHTFALL offensive framework. CENSUS recommendations map detected services to the optimal attack tools.

→ IDRIS + SPECTER INSTINCTION
Any confirmed inference endpoint is a handoff target. PHANTASM identifies the model stack so SPECTER INSTINCTION can fingerprint behaviour without blind enumeration.
→ WARLORD Autonomous Campaigns
PHANTASM exports structured JSON handoff targets (host/port/service/models/score) ready for WARLORD campaign ingestion. MEDIUM+ fleets trigger WARLORD deployment.
→ ROGUE + VECTOR
MCP_SERVER endpoints detected by MIRAGE are flagged for ROGUE malicious MCP server exploitation and VECTOR MCP tool poisoning.
→ FOUNDRY + SPECTER HELLFIRE
Ollama, vLLM, and Triton endpoints are handed to FOUNDRY for inference server exploitation and SPECTER HELLFIRE for inference infrastructure destabilisation.
→ SPECTER FORGERY
A2A agent card endpoints (/well-known/agent.json) are flagged for SPECTER FORGERY identity token forgery attacks against the agent card trust chain.
→ SPECTER EXTINCTION
ENTERPRISE tier fleets (score ≥60) trigger SPECTER EXTINCTION recommendation — total AI infrastructure annihilation with ROME weight editing and ASH forensic erasure.