A collection of defensive and offensive security tools, research projects, and internal R&D maintained by Red Specter.
Built for security teams, incident responders, and authorized researchers.
Detect → Block → Contain → Prove.
Red Specter focuses on practical visibility and response across:
- Botnet activity and early-stage DDoS signals
- C2-style outbound behaviour and beaconing
- Sudden service exposure and brute-force patterns
- AI-era risks: shadow AI usage, prompt injection, and data leakage
- Fast containment and evidence-first reporting
This profile README is a high-level inventory with links to each repo.
(Available for authorized public use; follow each repo’s README and license.)
-
Botnet Radar — Host-level botnet/DDoS early warning and scoring.
https://github.com/RichardBarron27/redspecter-botnet-radar -
Offensive Framework — Ethical lab toolkit for recon → reporting (authorized testing only).
https://github.com/RichardBarron27/red-specter-offensive-framework -
ScriptMap — Script inventory and supply-chain visibility.
https://github.com/RichardBarron27/redspecter-scriptmap -
Email OSINT — Passive domain-based email intelligence.
https://github.com/RichardBarron27/redspecter-emailosint -
Evidence Collector — DFIR/pentest evidence ledger into structured case files.
https://github.com/RichardBarron27/redspecter-evidence-collector -
DDoS Flood Sentinel — UDP flood / carpet detection heuristics and alerts.
https://github.com/RichardBarron27/redspecter-ddos-flood-sentinel -
Port Surge Guardian — Sudden listening-port exposure change alerts.
https://github.com/RichardBarron27/redspecter-port-surge-guardian -
Threat Recon Watcher — Brute-force / high-volume IP detection from logs.
https://github.com/RichardBarron27/redspecter-threat-recon-watcher -
C2 Hunter — Outbound monitoring for C2-like behaviour.
https://github.com/RichardBarron27/redspecter-c2-hunter -
AI Breach Monitor — Detects likely sensitive data leaks in AI prompt logs.
https://github.com/RichardBarron27/redspecter-ai-breach-monitor -
AI Endpoint Guard — Endpoint visibility into AI tool usage.
https://github.com/RichardBarron27/redspecter-ai-endpoint-guard -
AI Usage Watchdog — Privacy-first Linux telemetry for AI/LLM usage signals.
https://github.com/RichardBarron27/redspecter-ai-usage-watchdog -
AI Firewall Proxy — Policy-enforcing proxy to control and log AI model access.
https://github.com/RichardBarron27/redspecter-ai-firewall-proxy
(Internal and restricted. Not for public distribution without authorization.)
- Breach Containment Switch — One-command web containment + evidence snapshot.
- AI ShadowOps Detector — Covert AI usage detection with evidence logs.
- Cognitive Drift Sentinel — Model behaviour drift monitoring over time.
- Ransomware Canary Sentinel — Pre-encryption mass-change alerts without encryption.
- AI Jailbreak IDS — Prompt-injection / jailbreak intent detection with logging.
- AI Decision Provenance — Cryptographic decision logging for AI accountability.
- LLM Memory Forensics Kit — Scans AI memory/log dumps for risky indicators + tamper-evident reports.
- Red Defender — Autonomous multi-agent defensive AI prototype.
- Log Anomaly Sentinel — Rare command and log pattern detection.
- Beacon Detector — Timed C2 beaconing detection.
- Companion Sentinel — Manipulation/dependency pattern detection in AI companion chats.
- Botnet Radar Pro — Enterprise-tier botnet scoring and enrichment.
- Red Specter Lab — Internal lab scripts, SOPs, and tooling backbone.
- Takedown Dossier Generator — Converts JSONL telemetry into evidence-ready takedown packs (IOCs, timeline, templates, tamper-evident hashes).
- Deepfake Verification Guard — Liveness + out-of-band verification packs for voice/video fraud (includes Ticket/QR Verification Pack).
A fully integrated, production-ready platform for AI security.
The Red Specter AI Shield unifies 12 security modules—from prevention to forensic response—into a single deployable suite. It is fully functional, tested, and ready to secure AI/LLM deployments.
Core Deliverables:
✅ Integrated Platform: 12 modules on a unified event schema (RS Event v1).
✅ Forensic Evidence: Automated, tamper-evident case packaging.
✅ Status: Deployment Ready — Available for pilot deployment and evaluation.
Interested in a deployment pilot or seeing a technical walkthrough? Please connect with me on LinkedIn to discuss.
- Public tools: follow each repo’s README, licensing, and usage notes.
- Private R&D: restricted to internal staff and vetted partners. Do not attempt to run or distribute without approval.
Some tooling and research can be misused.
You must follow applicable laws, have written authorization for offensive testing, and follow employer/client policies.
Always obtain explicit permission before testing systems you do not own.
- Open an issue for feature requests and larger proposals.
- For fixes: fork, branch, PR, and include tests + docs.