red-specter warlord --help
The NIGHTFALL fleet is 75 offensive tools. Without an orchestration layer, you run them one by one, manually deciding what to do with each result, hoping the sequence makes sense. WARLORD solves the coordination problem. It plans the campaign, sequences the tools, adapts to results in real time, and delivers a unified signed report.
Running tools ad-hoc produces noise, not signal. A real campaign has phases, objectives, sequencing logic, and adaptation rules. Without WARLORD, every engagement is improvised.
When a tool finds a vulnerability, the next move changes. Without an adaptation engine, you're ignoring the feedback loop that separates structured red-teaming from random scanning.
78 tools produce 78 disjoint evidence files in different formats. WARLORD aggregates every finding into a single campaign report — Ed25519 signed, SHA-256 chained, with full phase attribution. Built on NIGHTFALL CAMPAIGN GRAPH, the unified evidence layer: one signed DAG across the entire NIGHTFALL platform — 6 subsystems, 279 tests, real Ed25519 chain end-to-end.
Maximum-impact engagements need coordinated destruction sequences, not piecemeal tool calls. WARLORD's presets coordinate tool combinations designed for specific destructive objectives.
You don't know which of the 40 tools covers which attack vector. WARLORD's arsenal registry maps every tool to its objective type, capability surface, and campaign role.
Without LLM-guided reasoning at the orchestration layer, campaign decisions are static. WARLORD integrates CORTEX at the adapt layer — live reasoning at 50–70% LLM call reduction.
Before WARLORD v2.0, selecting a campaign template was a manual judgment call. SCOUT autonomously profiles the target — detecting AI endpoints, MCP servers, inference platforms, CI/CD, NTN, and web stack — then selects the optimal template without operator input.
WARLORD v1.x adapted to findings count, not defender behaviour. SENSE now watches between every phase — WAF blocks, IDS timing spikes, honeypot triggers, rate limits, and AI Shield module fingerprints. FINGERPRINT builds a running portrait of the defender and recommends counter-tools.
WARLORD v2.0 is built from nine subsystems. v2.0 adds three intelligence subsystems — SCOUT (autonomous target profiling), SENSE (defender observation), and FINGERPRINT (defender portrait) — that give WARLORD eyes on both the target and the defender before and between every phase. Each one handles a distinct layer of campaign orchestration — from planning and intelligence collection, through execution and adaptation, to unified reporting. Every finding from every tool flows through the reporter into a single cryptographically signed campaign dossier.
| # | Subsystem | Command | What It Does |
|---|---|---|---|
| 01 | CAMPAIGN ENGINE | warlord campaign | Campaign lifecycle management. Creates, loads, and runs campaigns from templates or custom configs. Manages phases, objectives, sequencing logic, timeout controls, and campaign state. 4 built-in templates: AI_INFRA_ASSAULT, AGENT_DOMINATION, WEB_SIEGE, FULL_SPECTRUM. |
| 02 | ORCHESTRATOR ENGINE | warlord orchestrate | Real-time tool dispatch and phase coordination. Executes tools in campaign-defined sequences, monitors return codes and structured outputs, gates phase transitions on success conditions, and feeds results to the adapt layer for live strategy adjustment. |
| 03 | ARSENAL REGISTRY | warlord arsenal | Complete registry of all 40 NIGHTFALL tools. Maps each tool to its objective type, capability surface, CLI command, test count, and campaign compatibility. Arsenal queries return tool subsets filtered by objective, phase, or capability. Displays real-time tool availability. |
| 04 | RECON ENGINE | warlord recon | Pre-campaign intelligence collection. Profiles target environment — AI stack, agent topology, API exposure, model endpoints, infrastructure surface. Feeds profile into campaign planner to select optimal tool sequencing and destruction preset for the target profile. |
| 05 | ADAPT ENGINE | warlord adapt | Adaptive strategy layer with CORTEX integration. 8 adapt actions: Escalate, Pivot, Add Phase, Skip Phase, Deploy Additional Tool, Extend Timeout, Abort Campaign, Continue. CORTEX reasoning at decision points. Live objective re-weighting based on findings. 50–70% LLM call reduction via CORTEX. |
| 07 | SCOUT | warlord hunt | Autonomous target profiler (v2.0). Profiles a target without manual template selection — detects AI endpoints, MCP servers, inference servers, CI/CD, NTN, web stack, and auth mechanisms from URL patterns or HTTP probe hints. Recommends optimal campaign template with confidence score. Replaces manual template selection in HUNT mode. |
| 08 | SENSE | warlord sense | Defender observation layer (v2.0). Watches how the defender responds between campaign phases. Detects WAF blocks (Cloudflare, ModSecurity, Sucuri, AWS WAF), rate limits, honeypot canaries, connection resets, silent drops, IDS timing spikes (3σ EMA baseline), LLM guardrail refusals, and AI Shield module fingerprints (M114 Kernel/M115 Memory/M116 Guardrail/M117 Cache/M118 MCP/M70 SPECTER). CORTEX OODA loop now consumes SENSE signals directly. |
| 09 | FINGERPRINT | warlord fingerprint | Defender profiler (v2.0). Accumulates SENSE observations across all phases and builds a DefenderProfile — detected AI Shield modules, inferred stack elements, blind spots in the defender's coverage, and recommended NIGHTFALL counter-tools. Confidence grows with evidence depth. If M116 GUARDRAIL is detected: JANUS/SERPENT/ECLIPSE recommended. If M118 MCP SHIELD: ROGUE/VECTOR. If WAF/CDN active: SHROUD/ECLIPSE. Hardened defender flag triggers CORTEX pivot recommendation. |
| 06 | REPORTER ENGINE | warlord report | Aggregated campaign reporting. Collects findings from all tools across all phases. Deduplicates, severity-weights, and cross-references. Ed25519 signs with SHA-256 hash chain across all tool outputs. Produces JSON + HTML campaign dossier with full phase attribution and SIEM export. |
v2.0 HUNT mode — autonomous target profiling (no template needed):
List available campaign templates:
Plan a campaign against a target:
Launch the campaign:
Critical findings trigger automatic campaign escalation. WARLORD adds tools, adjusts phases, and re-sequences objectives without human intervention.
LLM-guided decision making at adapt checkpoints with 50–70% call reduction. Structured reasoning, not raw inference. Every adapt decision logged and attributed.
Every campaign report cryptographically signed with Ed25519. SHA-256 hash chain across all tool outputs. Tamper-evident dossier suitable for legal proceedings.
4 maximum-impact presets: ANNIHILATE, SCORCHED EARTH, WEB DESTROY, AI DESTROY. Each coordinates tool combinations targeting complete operational disruption.
All 78 tools in the NIGHTFALL fleet are registered in the WARLORD v2.0 arsenal. Each entry maps the tool to its objective type, CLI command, and campaign role. WARLORD dispatches tools by objective and sequences them according to campaign phase logic.
| # | Tool | Command | Tests | Objective |
|---|---|---|---|---|
| T01 | FORGE | red-specter forge | 9,300 | Automated LLM security testing — 10 tools, 1,590 payloads, statistical analysis |
| T02 | ARSENAL | red-specter arsenal | 3,120 | AI agent security testing framework — adversarial agent attack suite |
| T03 | PHANTOM | red-specter phantom | 2,840 | Coordinated AI agent swarm assault — multi-agent attack coordination |
| T04 | POLTERGEIST | red-specter poltergeist | 2,600 | Coordinated web application siege — AI-assisted web attack campaigns |
| T05 | GLASS | red-specter glass | 1,890 | AI traffic interception and analysis — protocol-level AI pipeline inspection |
| T06 | NEMESIS | red-specter nemesis | 2,455 | Adversarial AI engine — 21 weapons including DOOMSDAY and OBLITERATOR WMD-class |
| T07 | SPECTER SOCIAL | red-specter specter-social | 1,654 | AI-powered social engineering engine — human layer targeting |
| T08 | PHANTOM KILL | red-specter phantom-kill | 1,440 | OS and kernel exploitation engine — AI-guided system-level attack |
| T09 | GOLEM | red-specter golem | 1,320 | Physical layer attack engine — IoT/OT/hardware AI targeting |
| T10 | HYDRA | red-specter hydra | 1,560 | Supply chain attack engine — AI software supply chain infiltration |
| T11 | IDRIS | red-specter idris | 1,200 | AI asset discovery and governance — maps AI attack surface before engagement |
| T12 | SCREAMER | red-specter screamer | 980 | AI noise and distraction engine — adversarial signal flooding |
| T13 | WRAITH | red-specter wraith | 1,140 | AI evasion and stealth engine — detection avoidance and anti-forensics |
| T14 | REAPER | red-specter reaper | 1,080 | Autonomous AI kill chain execution engine — end-to-end compromise automation |
| T15 | GHOUL | red-specter ghoul | 920 | AI persistence and residency engine — covert long-term AI system presence |
| T16 | DOMINION | red-specter dominion | 880 | AI access control exploitation engine — privilege escalation and lateral movement |
| T17 | SHADOWMAP | red-specter shadowmap | 760 | AI infrastructure mapping engine — topology discovery and attack surface enumeration |
| T18 | BANSHEE | red-specter banshee | 840 | AI denial of service engine — model overload and resource exhaustion attacks |
| T19 | WRAITH MIND | red-specter wraith-mind | 720 | Cognitive manipulation engine — adversarial reasoning and belief injection |
| T20 | KRAKEN | red-specter kraken | 1,020 | Distributed AI attack engine — multi-node coordinated assault campaigns |
| T21 | HARBINGER | red-specter harbinger | 680 | Predictive threat engine — AI-assisted attack surface prediction |
| T22 | SIREN | red-specter siren | 740 | AI lure and deception engine — adversarial honeypot and canary manipulation |
| T23 | BLADE RUNNER | red-specter blade-runner | 800 | AI detection bypass engine — guardrail evasion and safety filter circumvention |
| T24 | PROXY WAR | red-specter proxy-war | 660 | AI proxy and relay exploitation engine — API gateway and middleware attacks |
| T25 | ORION | red-specter orion | 620 | AI reconnaissance engine — deep target profiling and intelligence gathering |
| T26 | RAVEN | red-specter raven | 580 | AI exfiltration engine — covert data extraction through AI model channels |
| T27 | LEVIATHAN | red-specter leviathan | 700 | Large-scale AI infrastructure attack engine — enterprise AI platform assault |
| T28 | JUSTICE | red-specter justice | 540 | AI compliance and audit attack engine — regulatory framework exploitation |
| T29 | KAMIKAZE | red-specter kamikaze | 480 | Sacrifice-play disruption engine — destructive single-use campaign escalation |
| T30 | MIRAGE | red-specter mirage | 520 | AI deepfake and synthetic media engine — multimodal deception generation |
| T31 | ECHO | red-specter echo | 460 | RAG poisoning engine — retrieval-augmented generation data contamination |
| T32 | MIMIC | red-specter mimic | 500 | AI code generation attack engine — malicious code injection via AI coding assistants |
| T33 | CHIMERA | red-specter chimera | 440 | Multi-model attack coordination engine — cross-model campaign orchestration |
| T34 | VORTEX | red-specter vortex | 480 | Cloud AI attack engine — AWS/GCP/Azure AI service exploitation |
| T35 | VECTOR | red-specter vector | 420 | MCP exploitation engine — Model Context Protocol attack surface |
| T36 | LAZARUS | red-specter lazarus | 400 | Memory persistence engine — AI agent memory store exploitation and poisoning |
| T37 | SERPENT | red-specter serpent | 380 | Chain-of-thought attack engine — CoT reasoning poisoning and manipulation |
| T38 | JANUS | red-specter janus | 360 | Guardrail bypass engine — dual-face attack patterns circumventing safety systems |
| T39 | ARCHITECT | red-specter architect | 340 | AI infrastructure attack and mapping engine — cloud/Kubernetes/GPU/pipeline exploitation |
| T40 | WARLORD | red-specter warlord | 278 | This tool — WARLORD v2.0. Autonomous campaign orchestration across 77 NIGHTFALL tools. SCOUT target profiling, SENSE defender observation, FINGERPRINT defender profiling, CORTEX OODA loop. |
WARLORD v2.0 ships with 12 campaign templates covering every primary attack objective — plus SCOUT's auto_plan() which selects the optimal template automatically. Templates define phase sequences, tool assignments, adapt triggers, and reporting structure.
The ADAPT ENGINE monitors tool outputs in real time. When conditions match adapt triggers, CORTEX reasons about the next move and selects from 8 action types. All adapt decisions are logged with full attribution for the campaign dossier.
Destruction presets are campaign configurations designed for maximum operational impact. Each preset coordinates multiple NIGHTFALL tools in a sequenced destructive engagement. Require UNLEASHED authorisation.
WARLORD sits at the top of the NIGHTFALL stack. It receives intelligence from IDRIS and SHADOWMAP, dispatches all 40 offensive tools, adapts campaign strategy via CORTEX, and delivers a unified signed dossier to the enterprise SIEM.
Every WARLORD campaign report is built on a cryptographic evidence chain. Tool findings are SHA-256 hashed individually, then chained into a campaign Merkle structure. The final dossier is Ed25519 signed. Every finding is traceable to the tool, phase, and timestamp that produced it.
Export every finding from every tool across every campaign phase directly to your SIEM. Ed25519 signatures and SHA-256 hash chains preserved across every export format.
red-specter warlord campaign launch --id CMP-2026-0040-a3f9 --export-siem splunk
Red Specter WARLORD is intended for authorised security testing only. Running multi-tool campaigns against systems you do not own or have explicit permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Destruction presets require UNLEASHED authorisation and written engagement scope. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.
WARLORD turns 40 individual tools into a coordinated campaign engine. Plan it. Launch it. Adapt it. Sign it. Ship it to your SIEM.
red-specter warlord campaign launch --template FULL_SPECTRUM