Red Specter SPECTER SOCIAL
Autonomous Social Engineering Adversary — 6 channels. 10 attack types. 1,242 tests.
Overview
SPECTER SOCIAL is an autonomous social engineering adversary. Point it at a human target. It builds a psychological profile, designs a multi-channel campaign, deploys adaptive personas, and pursues its objective until it succeeds or exhausts all vectors.
Every existing social engineering tool is a phishing simulator — static email templates, no reasoning, no adaptation, no psychological profiling, no multi-channel coordination. SPECTER SOCIAL thinks. It uses an LLM reasoning engine to analyse the target, select attack vectors, craft personalised content, interpret responses, calibrate trust, and adapt its strategy in real time.
Six channels. Ten attack types. One reasoning engine that decides which channel to use, what persona to deploy, and how to decompose a malicious objective into a sequence of innocent-looking interactions. The human is the attack surface. SPECTER SOCIAL is the adversary.
Installation
Optional extras:
Quick Start
The Seven-Phase Campaign Loop
Every SPECTER SOCIAL campaign cycles through seven phases. The reasoning engine decides when to advance, pivot, escalate, or switch channels based on target responses and trust calibration.
Attack Channels
SPECTER SOCIAL coordinates attacks across six communication channels. The reasoning engine selects the optimal channel for each interaction based on target profile and campaign state.
| Channel | Vectors | Capabilities |
|---|---|---|
| 4 | SMTP spear phishing, HTML lures, attachment pretexts, personalised templates | |
| VOICE | 3 | TTS vishing, real-time adaptive conversation, voice cloning, objection handling |
| SMS | 2 | Urgency attacks, link lures, callback number manipulation |
| WEB | 3 | Fake login portals, approval pages, credential harvesting, document lures |
| CHAT | 3 | Teams/Slack impersonation, direct message social engineering, group infiltration |
| VIDEO | 2 | Deepfake avatar, executive impersonation calls, fake meeting invitations |
Attack Types
Ten social engineering attack types, each with specialised content generation and persona management.
| Attack | Channels | Description |
|---|---|---|
| Spear Phishing | Targeted, contextually personalised email campaigns with adaptive lures | |
| Vishing | voice | Autonomous voice calls with real-time adaptive conversation and objection handling |
| Pretexting | all | Multi-turn identity deception across channels with supporting evidence |
| C-Suite Impersonation | voice, video, email | Deepfake voice/video of executives for authority-based attacks |
| IT Support | voice, chat, email | Credential harvesting via fake helpdesk interactions |
| Vendor Impersonation | email, voice | Invoice fraud, wire transfer authorisation, payment redirection |
| Urgency Escalation | all | Manufactured time pressure to bypass critical thinking (5 escalation levels) |
| Multi-Channel | all | Coordinated campaign — email → voice → SMS → fake meeting |
| Goal Decomposition | all | Malicious intent split across harmless-looking interactions with cover stories |
| Consensus Manufacturing | chat, email | Multiple fake personas creating false social proof to overwhelm critical thinking |
Human Target Model
SPECTER SOCIAL extends the NEMESIS reasoning engine with a Human Target Model — a psychological profile that evolves throughout the engagement.
CLI Reference
| Command | Description |
|---|---|
| specter-social engage <target> | Launch campaign (default: email, credentials) |
| specter-social engage <target> --objective credentials | Credential harvesting campaign |
| specter-social engage <target> --objective wire_transfer | Wire transfer social engineering |
| specter-social engage <target> --objective data_exfiltration | Data exfiltration campaign |
| specter-social engage <target> --objective access_authorisation | Access authorisation campaign |
| specter-social engage <target> --objective intelligence | Intelligence gathering |
| specter-social engage <target> --channels email,voice,chat | Multi-channel campaign |
| specter-social engage <target> --mode full | Full campaign (default) |
| specter-social engage <target> --mode recon | Recon only |
| specter-social engage <target> --mode single | Single-channel mode |
| specter-social engage <target> --max-loops 20 | Set max reasoning loops |
| specter-social engage <target> --llm ollama | Use local Ollama (air-gapped) |
| specter-social engage <target> --llm openai | Use OpenAI GPT-4o |
| specter-social engage <target> --llm anthropic | Use Anthropic Claude |
| specter-social engage <target> --session pentest_01 | Named session |
| specter-social engage <target> --override | UNLEASHED dry-run |
| specter-social engage <target> --override --confirm-destroy | UNLEASHED live |
| specter-social recon <target> | OSINT reconnaissance |
| specter-social recon <target> --deep | Deep OSINT recon |
| specter-social report --session s1 | Generate report |
| specter-social report --session s1 --sign | Ed25519 signed report |
| specter-social report --session s1 --restricted | RESTRICTED report (UNLEASHED only) |
| specter-social report --session s1 --export-siem splunk | SIEM export |
| specter-social report --session s1 --summary | Print text summary |
| specter-social status | Current campaign status |
| specter-social channels-list | List available channels |
| specter-social attacks | List attack types |
| specter-social sessions | List recorded sessions |
LLM Backends
SPECTER SOCIAL requires an LLM to reason about human targets. Three backends are supported:
OPENAI_API_KEY.
ANTHROPIC_API_KEY.
UNLEASHED Mode
Standard mode probes and reports. UNLEASHED mode does not stop until the objective is achieved.
| Capability | Standard | UNLEASHED |
|---|---|---|
| OSINT Recon | Full | Full |
| Psychological Profiling | Full | Full |
| Multi-Channel Campaign | Full | Full |
| Deepfake Voice | Simulated | Live cloning |
| Deepfake Video | Simulated | Live avatar |
| Credential Harvesting | Simulated | Real capture |
| Wire Transfer Push | Simulated | Live attempt |
| Resistance Adaptation | Reports | Destroys |
| Objective Completion | Best effort | Until achieved |
| Report Classification | Standard | RESTRICTED |
| Ed25519 Key Required | No | Yes |
Ed25519 cryptographic override. One private key. Dual-gate: --override (dry-run) then --override --confirm-destroy (live).
UNLEASHED Modules
- SS-01 Credential Harvest — real credential capture via fake portals
- SS-02 Wire Transfer — live wire transfer social engineering
- SS-03 Deepfake Live — real-time voice cloning and video avatar
- SS-04 Multi-Persona — simultaneous fake identities for consensus manufacturing
- SS-05 Resistance Destroy — systematic resistance destruction across all channels
- SS-06 Psych Exploit — full psychological exploitation using all six influence techniques
Pipeline Integration
SPECTER SOCIAL completes the Red Specter offensive pipeline. Every other tool attacks infrastructure. SPECTER SOCIAL attacks the human. The last gap is closed.
Tool Integration
- GLASS — intercept target’s AI-mediated traffic, inject payloads into observed sessions
- FORGE — generate personalised lures and phishing content using the mutation engine
- NEMESIS — adaptive planning engine — SPECTER SOCIAL inherits the reasoning loop
- ARSENAL — probe any AI interfaces the target uses
- AI Shield — validate that AI Shield detects the social engineering vectors
Evidence & Cryptography
Report Output
Every campaign produces a full report: executive summary, interaction timeline across all channels, psychological vulnerability map, trust trajectory, findings with ATT&CK mapping, statistics, and recommendations.
- Executive summary — high-level campaign outcome and objective status
- Interaction timeline — every interaction across all channels, chronologically
- Psychological assessment — target vulnerability map, influence susceptibility, trust trajectory
- Findings — all vulnerabilities with MITRE ATT&CK mapping
- Trust trajectory — trust level progression across the campaign
- Statistics — reasoning loops, channels used, attacks deployed, success rates
- Recommendations — security awareness training, MFA, verification procedures, channel-specific mitigations
Disclaimer
Red Specter SPECTER SOCIAL is designed exclusively for authorised red-team engagements conducted with the written consent of the target organisation. All human targets must be employees or contractors of the authorising organisation operating under an active engagement agreement. Unauthorised use against real individuals constitutes offences under the Computer Misuse Act 1990 (UK), the Fraud Act 2006 (UK), the Computer Fraud and Abuse Act (US), GDPR, and equivalent legislation in your jurisdiction. The authors accept no liability for misuse.