PHANTASM

T85 · v1.0.0 · AI Fleet Detection & Topology Mapping Engine

PHANTASM is the reconnaissance layer of the NIGHTFALL offensive framework. It answers "does this target have an AI fleet, how large is it, and what does the stack look like?" before any offensive tool is deployed.

What is PHANTASM

PHANTASM layers 8 subsystems — passive OSINT, certificate transparency, DNS enumeration, TCP port sweeping, HTTP protocol fingerprinting, behavioural timing analysis, honeypot detection, and weighted fleet scoring — to produce a structured intelligence report about a target's AI surface.

Reports are signed with Ed25519 and include a SHA-256 hash-chained evidence log. The CENSUS subsystem classifies the fleet into one of six tiers (NONE → ENTERPRISE) and recommends specific NIGHTFALL tools for the next engagement phase.

Installation

# Clone the repository
git clone https://github.com/RichardBarron27/red-specter-phantasm
cd red-specter-phantasm

# Install in editable mode (Python 3.11+)
pip install -e .

# Verify installation
specter-phantasm --help

# Generate signing keypair (stores in keys/)
specter-phantasm keygen

Dependencies

Package	Version	Purpose
click	≥8.1.7	CLI framework
httpx	≥0.27.0	HTTP probing (MIRAGE, TIMESTAMP, CERBERUS)
pydantic	≥2.6.0	Data models and validation
cryptography	≥42.0.0	Ed25519 signing
dnspython	≥2.6.0	DNS resolution (CERBERUS-CERT)
networkx	≥3.3	Topology graph (LATTICE)
rich	≥13.7.0	CLI output rendering

Quickstart

# Passive scan — no target contact, no gate required
specter-phantasm passive target.org --format text

# Full survey with UNLEASHED scope file
specter-phantasm survey target.org --scope scope.json -o report.json

# scope.json minimum structure
{
  "unleashed_active": true,
  "target": "target.org",
  "operator": "red-team-op-001"
}

8 Subsystems

SS-01: SPECTER-EYE

Passive OSINT aggregation. Queries the GitHub search API for AI-topic repositories associated with the target organisation, performs passive crt.sh lookups, queries Shodan and Censys for host banners if API keys are provided.

Source	What It Finds	Requires
GitHub API	AI repos, framework references	No key (rate limited)
crt.sh	AI-pattern cert CNs/SANs	None
Shodan	Service banners on AI ports	SHODAN_API_KEY
Censys	ASN host enumeration	CENSYS_API_ID + CENSYS_API_SECRET

SS-02: CERBERUS-CERT

Mines certificate transparency logs via crt.sh JSON API. Extracts CNs and SANs matching 29 AI-pattern subdomains, then resolves discovered FQDNs via dnspython and socket fallback. Also enumerates AI-pattern subdomains directly.

AI subdomain patterns: ai llm agent agents inference infer embeddings embed rag mcp a2a chat copilot assistant orchestrator gateway proxy model models ml nlp gpt claude gemini api-ai vector kb knowledgebase pipeline genai

SS-03: BEACON-SCAN

Async TCP connect scan using asyncio.open_connection() with a semaphore of 20 concurrent connections. Default jitter of 0.1s (disabled in aggressive mode). Scans 22 known AI service ports.

Port	Service	Score
11434 / 11435	Ollama	+3
4000	LiteLLM	+3
9000	Triton HTTP	+3
8000	vLLM / FastAPI	+2
8080	TGI / OpenWebUI	+2
7860 / 7861	Gradio	+2
8501 / 8502	Streamlit	+2
8001	Triton gRPC	+2
8443 / 443 / 80	HTTPS AI endpoints	+1–2
8888	Jupyter	+1
5000 / 5001	MLflow	+1
9090 / 3100	Prometheus / Loki	+1

SS-04: MIRAGE

HTTP protocol fingerprinting. Probes 12 well-known AI paths on each open port. Classifies response body against regex patterns for Ollama, OpenAI-compat, A2A, MCP, Triton, Gradio, Streamlit, and Prometheus AI metrics.

Path	Service	Score
/api/tags	Ollama	+5.0
/v1/models	OpenAI-compat / LiteLLM	+5.0
/.well-known/agent.json	A2A Agent	+5.0
/mcp or /sse	MCP Server	+5.0
/v2/health/ready	Triton	+5.0
/.well-known/ai-plugin.json	OpenAI plugin	+4.0
/metrics (AI keywords)	Unknown AI	+2.0
/health, /healthz, /ready	Unknown AI	+1.0

SS-05: TIMESTAMP

Collects 5 latency samples per endpoint via httpx.stream() (TTFB). Detects SSE and chunked transfer-encoding responses. Classifies inference patterns and estimates model size class.

Model Class	Mean Latency Range
~7B class	80 – 400 ms
~13B class	200 – 800 ms
~30B class	400 – 1500 ms
~70B class	800 – 3000 ms
large	>1500 ms

SS-06: WRAITH-CHECK

Honeypot detection signals checked per endpoint:

Signal	Method
Honeypot banners	Regex: opencanary, honeypot, thinkst, cowrie
Canary token headers	x-canarytoken, x-honeypot, x-opencanary
Fake model list	Implausible cross-vendor model list
Sub-2ms inference latency	Real GPUs cannot respond that fast
Catch-all HTTP 200	3+/4 bait paths returning 200
Missing server headers	Real services always set content-type

SS-07: LATTICE

Builds a networkx.DiGraph() from all subsystem outputs. Node IDs are 12-char MD5(host:port) hashes. Inferred edge relationships:

Relationship	Source → Target	Confidence
proxies_to	GATEWAY → INFERENCE_SERVER	0.60
frontend_for	FRONTEND → GATEWAY/INFERENCE	0.50
calls_inference	AGENT → INFERENCE_SERVER	0.70

SS-08: CENSUS

Weighted scoring aggregation. Score per signal type:

Signal	Weight
/v1/models response	+5.0
Ollama /api/tags response	+5.0
/.well-known/agent.json	+5.0
MCP endpoint response	+5.0
Triton /v2/health/ready	+5.0
Cert AI pattern match	+2.0 per unique CN
DNS AI subdomain resolved	+2.0 per FQDN
Inference timing detected	+3.0 per endpoint
OSINT confirmed signal	variable (2.0 typical)

Duplicate signals from the same host:port are deduplicated — the highest score for each host:port pair is used to prevent inflating scores from multiple paths on the same endpoint.

Fleet Tiers

Tier	Score	Description
NONE	0 – 2.9	No AI surface detected
SINGLE	3 – 9.9	Single AI agent or inference endpoint
SMALL	10 – 19.9	Small fleet (2–5 nodes)
MEDIUM	20 – 39.9	Medium fleet (6–20 nodes)
LARGE	40 – 59.9	Large fleet (20+ nodes)
ENTERPRISE	60+	Enterprise AI platform deployment

UNLEASHED Gate

PHANTASM uses a three-level gate matching the broader NIGHTFALL UNLEASHED framework.

Level	Operations	Scope Required
PASSIVE	specter_eye, cerberus_cert, lattice, census, report	None
UNLEASHED	beacon_scan, mirage, timestamp, wraith_check	`unleashed_active: true`
AGGRESSIVE	beacon_scan_aggressive (--aggressive flag)	`clearance_level: DESTROY` or `ANNIHILATE`

Scope File

{
  "unleashed_active": true,
  "clearance_level": "DESTROY",
  "target": "target.org",
  "operator": "op-2026-001",
  "targets": ["target.org", "10.0.0.0/24"]
}

The scope file is located at $PHANTASM_SCOPE (env var) or phantasm_scope.json in the current directory.

CLI: survey

specter-phantasm survey [OPTIONS] TARGET

Options:
  --passive-only          No port scanning or HTTP probing
  --no-cert               Skip certificate transparency
  --aggressive            TCP scan without jitter (DESTROY clearance)
  --stop-on-honeypot      Abort on first honeypot detection
  --format [json|jsonld|graphml|mermaid|text]
                          Output format (default: json)
  --output / -o PATH      Write to file (default: stdout)
  --scope PATH            Scope file (overrides PHANTASM_SCOPE)
  --samples INT           Timing samples per endpoint (default: 5)
  --timeout FLOAT         Per-request timeout in seconds (default: 5.0)

CLI: passive

specter-phantasm passive [OPTIONS] TARGET

Shortcut for survey --passive-only. Only queries DNS, CT logs, and OSINT.
Does not contact the target directly.

Options:
  --format [json|jsonld|graphml|mermaid|text]
  --output / -o PATH
  --no-cert

CLI: report

specter-phantasm report [OPTIONS] REPORT_FILE

Re-render an existing PHANTASM report in a different format.
REPORT_FILE must be a valid PHANTASM JSON report.

Options:
  --format [json|jsonld|graphml|mermaid|text]
  --output / -o PATH

CLI: keygen

specter-phantasm keygen

Generate a new Ed25519 keypair for report signing.
Stored in keys/phantasm_private.pem and keys/phantasm_public.pem.

Output: JSON

Default format. Full Pydantic model serialisation including all subsystem outputs, evidence chain, and Ed25519 signature.

{
  "report_id": "FLT-AB12CD34EF56",
  "target": "example.com",
  "generated_at": "2026-05-14T17:30:00+00:00",
  "fleet_tier": "MEDIUM",
  "fleet_tier_description": "Medium fleet (6–20 nodes)",
  "confidence_score": 0.45,
  "census_score": { "total_score": 27.0, "tier": "MEDIUM", ... },
  "endpoints": [...],
  "topology": { "nodes": [...], "edges": [...] },
  "evidence_chain": [...],
  "ed25519_signature": "a3b4c5..."
}

Output: JSON-LD

Schema.org + https://red-specter.co.uk/nightfall/phantasm/vocab# vocabulary. Nodes use urn:phantasm:node:{node_id} URIs.

Output: GraphML

Generated via networkx.generate_graphml(). Importable into Gephi, yEd, Neo4j, and any GraphML-compatible tool. Returns null if no topology nodes were discovered.

Output: Mermaid

Flowchart TD layout. Honeypot nodes styled with fill:#ff6666. Auto-suppressed (returns null) when topology exceeds 50 nodes to prevent unreadable output.

Report ID & Signing

Report IDs have the format FLT-{12 hex chars} generated from secrets.token_hex(6).upper(). Reports are signed with Ed25519 over the JSON-serialised report body (all fields except ed25519_signature itself), keys sorted, no whitespace. Verification: verify_report(report_dict) → bool.

The SHA-256 evidence chain hashes each event as: SHA256(prev_hash:event:data), forming a tamper-evident log.

NIGHTFALL Tool Handoff

The handoff_targets array in the JSON report provides structured targets for downstream NIGHTFALL tools:

{
  "host": "10.0.0.1",
  "port": 11434,
  "service": "ollama",
  "models": ["llama3:8b", "mistral:7b"],
  "source": "mirage",
  "score": 5.0
}

The recommended_tools array lists NIGHTFALL tools ordered by priority for the detected fleet composition. Recommendations are deterministic — same fleet composition always produces the same ordered tool list.

Environment Variables

Variable	Purpose	Required
PHANTASM_SCOPE	Path to scope JSON file	For active ops
SHODAN_API_KEY	Shodan API key (SPECTER-EYE)	No
CENSYS_API_ID	Censys API ID (SPECTER-EYE)	No
CENSYS_API_SECRET	Censys API secret (SPECTER-EYE)	No