pip install red-specter-wraith
Every traditional pentest tool wraps someone else's work. WRAITH doesn't. Every scanner, every fingerprinter, every payload engine — built from scratch in pure Python. No nmap. No sqlmap. No nikto. No wrappers. No excuses.
Every pentest tool wraps nmap, sqlmap, nikto. If the underlying tool changes, breaks, or isn't installed — you're done. Fragile dependency chains everywhere. One update to a wrapped binary and your entire scanner is dead.
Traditional scanners fire payloads and parse output. They don't understand what they find. They can't chain a SQLi into an LLM injection. They don't think. They don't reason. They just pattern-match and move on.
Traditional tools don't know AI exists. They can't find an LLM behind a web endpoint. They can't chain traditional vulns into AI exploitation paths. The world moved on. The tools didn't.
Port scan results in one tool, web vulns in another, SSL findings in a third. Nothing chains. Nothing correlates. You do the analysis manually. Every. Single. Time.
Seven modules. Each one built from scratch in pure Python. No external tool wrappers. No subprocess calls to nmap. No shelling out to sqlmap. Every packet crafted natively. Every payload engine custom-built. 889 tests. 106 CVEs. 500+ payloads.
Async TCP connect scanning with banner grabbing. Full 65,535 port coverage. Service detection and response timing analysis. Built on raw sockets. No nmap.
138 banner signatures with version extraction and confidence scoring. Protocol-aware fingerprinting across SSH, HTTP, FTP, SMTP, MySQL, PostgreSQL, and more.
Full OWASP Top 10 coverage: SQL injection, cross-site scripting, path traversal, command injection, SSRF. Multi-vector payload engine with context-aware injection.
Protocol version testing, cipher suite enumeration, certificate chain validation, weak configuration detection. Identifies deprecated TLS versions, weak ciphers, and cert issues.
Default credential testing across 22 services. Lockout detection to prevent account lockout. Smart throttling. Covers SSH, FTP, HTTP Basic, databases, admin panels, and more.
Detects 14 CMS types including WordPress, Joomla, Drupal, Magento. WordPress plugin enumeration, user enumeration, and known vulnerability mapping per detected version.
106 real CVEs mapped across 22 products. Version-to-CVE mapping with severity scoring. Correlates service fingerprinting results with known vulnerabilities automatically.
Target infrastructure, scan every surface:
Every module built from scratch. No nmap, no sqlmap, no nikto, no subprocess wrappers. Raw socket scanning, native protocol parsers, custom payload engines.
Port scans feed service fingerprinting. Fingerprints feed CVE mapping. Web findings chain with authentication results. One unified view. No manual correlation.
Traditional findings feed directly into NEMESIS. A SQLi found by WRAITH becomes an LLM injection vector. Traditional vulns chain into AI exploitation paths.
Every finding generates an AI Shield blocking rule. Web vulnerabilities that expose AI endpoints become runtime protection policies automatically.
Standard mode detects vulnerabilities and reports them. UNLEASHED mode proves they're exploitable. Actually extracts database schemas. Actually delivers XSS payloads. Actually reads /etc/passwd. Actually brute-forces authentication. Ed25519 key gate required. Two flags must be passed. This is not accidental.
| Capability | Standard | Unleashed |
|---|---|---|
| Port scanning | Top 100 ports | Full 65535 |
| SQLi | Detect injectable parameters | Extract schema, dump sample data |
| XSS | Detect reflection | Deliver proof-of-concept payloads |
| Auth | Top 50 default creds | Full dictionary, extended brute force |
| Path traversal | Detect possibility | Read /etc/passwd, .env |
| Command injection | Detect injection point | Execute proof commands |
| CMS | Detect version | Enumerate users, plugins, known exploits |
UNLEASHED mode requires an Ed25519 private key at ~/.redspecter/override_private.pem and the --override --confirm-destroy flags. Without both, WRAITH operates in detection mode — finding vulnerabilities and documenting what would happen without proving exploitation. The gate is cryptographic. There is no bypass. One key. One operator. Founder's machine only.
WRAITH doesn't just find traditional vulnerabilities. It feeds them into NEMESIS. The Supreme Commander chains traditional findings with AI exploitation in real time. A SQL injection isn't just a SQL injection anymore — it's the first link in a chain that ends with full AI infrastructure compromise.
WRAITH discovers a SQL injection on a web endpoint. But behind that endpoint sits an LLM. The traditional vuln is the entry point. WRAITH maps it, confirms it, and passes it forward.
FORGE takes the SQLi entry point and uses it to inject prompts into the LLM behind the endpoint. The traditional vulnerability becomes an AI exploitation vector. The model is compromised.
ARSENAL uses the compromised model to attack the agent layer. Tool manipulation, memory poisoning, goal hijacking. The agent now works for the attacker.
HYDRA exploits the compromised agent's trust relationships. MCP servers, plugins, marketplaces — the supply chain is poisoned through a trusted agent.
PHANTOM KILL owns the foundation layer. SCREAMER blinds the operator. From a single SQL injection to full infrastructure compromise. One chain. Every layer. Nothing assumed safe.
Most pentest tools are glorified wrappers around nmap and sqlmap. WRAITH is actual engineering. Every port scanner, every fingerprinter, every payload engine written from scratch in pure Python. Raw sockets. Native protocol parsers. Custom injection engines. No dependencies on tools that can break, change, or disappear.
WRAITH is Tool 12 in the Red Specter offensive pipeline. It scans the traditional infrastructure that everything else runs on. Findings feed into NEMESIS for AI exploitation chaining and AI Shield for runtime defence.
WRAITH scans your traditional infrastructure with zero wrappers and zero dependencies. Pure Python. Every module built from scratch. The ghost in the wire.