AIVISIO2026/Phantomcore
GitHub: AIVISIO2026/Phantomcore
具备多态载荷、流量伪装和反取证能力的隐蔽渗透测试框架,专为高 OPSEC 要求的授权安全评估设计。
Stars: 0 | Forks: 0
README.md // PhantomCore
PHANTOMCORE
Advanced covert vulnerability assessment framework with military-grade OPSEC. Adaptive evasion, polymorphic payloads, and anti-forensic capabilities for authorized penetration testing and bug bounty operations.
⚠️ LEGAL NOTICE
PhantomCore is intended exclusively for authorized security testing. Always obtain explicit written permission before testing any system you do not own. Unauthorized access to computer systems violates the Computer Fraud and Abuse Act (CFAA), GDPR Article 32, and comparable legislation worldwide. Users assume full legal responsibility for compliance with local laws and bug bounty program terms. Read full legal framework →
📋 Table of Contents
🎯 Features & Capabilities
Adaptive Evasion
Polymorphic payload generation, WAF bypass techniques, signature randomization, and behavioral mimicry to avoid detection.
Military-Grade OPSEC
Traffic analysis resistance, anti-forensic protections, secure memory handling, and emergency burn protocols.
Intelligent Reconnaissance
Passive OSINT gathering, certificate transparency monitoring, and non-intrusive fingerprinting without network touch.
Secure Exfiltration
GPG-encrypted channels, steganographic encoding, dead drop mechanisms, and covert channel communication.
🏗️ Architecture Overview
┌─────────────────────────────────────────────────────────────┐ │ PHANTOMCORE ARCHITECTURE │ ├─────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ CLI/API │───→│ Engine │───→│ Evasion │ │ │ │ Interface │ │ Core │ │ Layer │ │ │ └─────────────┘ └─────────────┘ └──────┬──────┘ │ │ │ │ │ │ ↓ ↓ │ │ ┌─────────────┐ ┌─────────────┐ │ │ │ Config │ │ Polymorphic│ │ │ │ Manager │ │ Payloads │ │ │ └─────────────┘ └─────────────┘ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌────┴────┐ │ │ │ OPSEC │←───│ Network │←───│ WAF │ │ │ │ Monitor │ │ Handler │ │ Bypass │ │ │ └──────┬──────┘ └──────┬──────┘ └─────────┘ │ │ │ │ │ │ ↓ ↓ │ │ ┌─────────────┐ ┌─────────────┐ │ │ │ Burn/Alert │ │ Tor/VPN/ │ │ │ │ System │ │ Proxy │ │ │ └─────────────┘ └─────────────┘ │ │ │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Secure Exfiltration Layer │ │ │ │ (GPG | Steganography | Dead Drops | Covert Channels) │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘
💻 Installation
Prerequisites
- Python 3.9 or higher
- Docker 20.10+ (optional, for containerized deployment)
- Tor proxy (optional, for anonymous routing)
- 4GB RAM minimum (8GB recommended for large-scale assessments)
Method 1: pip install
# Clone with minimal history (OPSEC) git clone --depth 1 https://github.com/phantomsec/phantomcore.git cd phantomcore # 创建虚拟环境 python -m venv venv source venv/bin/activate # Linux/Mac # 或:venv\Scripts\activate # Windows # 安装依赖 pip install -r requirements.txt # 以开发模式安装 pip install -e .
Method 2: Docker (Recommended for OPSEC)
# Build secure container docker build -t phantomcore:latest . # 或使用支持 Tor 的预构建镜像 docker-compose up -d # 验证安装 docker exec phantomcore python -m phantomcore --version
⚙️ Configuration
PhantomCore uses a layered configuration system. Never commit operational configurations to version control.
# Copy example configuration
cp config/opsec.conf.example config/opsec.conf
# 编辑您的设置
nano config/opsec.conf
# 需配置的关键设置:
# - Tor 控制端口和认证
# - 请求抖动计时(默认:1.8s-4.2s)
# - User agent 轮换池
# - 范围限制(关键)
# - 紧急熔断触发器
🚀 Quick Start Guide
Before you begin: Ensure you have written authorization for your target. PhantomCore enforces strict scope validation to prevent accidental out-of-bounds testing.
1. Validate Configuration
phantomcore --validate-config
# 预期输出:✓ OPSEC 配置有效
2. Passive Reconnaissance (No Network Touch)
phantomcore --target example.com --mode passive --output recon.json
3. Stealth Assessment with Evasion
phantomcore --target example.com \
--mode stealth \
--evasion waf,rate-limit,signature \
--scope strict \
--output findings.json \
--encrypt-results
📖 Usage Examples
Bug Bounty Program Assessment
# Load scope from HackerOne program
phantomcore --target hackerone.com/program \
--scope-file program-scope.json \
--mode stealth \
--modules xss,sqli,csrf,idor \
--rate-limit 0.5 \
--jitter 2.0,4.0 \
--tor-rotation 300 \
--output h1-findings.enc \
--exfil gpg --recipient-key 0xYOURKEY
API Security Testing
phantomcore --target api.example.com \
--mode aggressive \
--content-type json \
--auth-bearer $TOKEN \
--modules injection,bola,mass-assignment \
--evade-waf cloudflare \
--output api-security-report.json
🛡️ Operational Security
Traffic Analysis Resistance
- • Request jitter: 1.8s-4.2s (randomized)
- • Packet size variation: 500-1500 bytes
- • TLS fingerprint randomization
- • Timing attack prevention
Identity Protection
- • User-Agent rotation (50+ profiles)
- • Tor circuit rotation (5 min)
- • MAC address randomization
- • Cookie jar isolation
Anti-Forensics
- • Memory-only logging option
- • Secure file wiping (Gutmann 35-pass)
- • Automatic temp file cleanup
- • Encrypted swap prevention
🚨 Emergency Burn Protocol
If detection is imminent, trigger emergency burn to purge all traces:
phantomcore --burn --immediate
This will: wipe logs, clear memory, destroy session tokens, and overwrite temporary files.
👻 Evasion Techniques
| Technique | Target | Method | Detection Risk |
|---|---|---|---|
| Polymorphic XSS | WAF Signatures | Encoding randomization, comment injection | Minimal |
| Blind SQLi Fragmentation | IDS/IPS | Split across multiple requests | Low |
| Timing Evasion | Rate Limiters | Exponential backoff with jitter | Medium |
| False Flag Operations | SIEM/Analytics | Googlebot mimicry, legitimate referers | Minimal |
🐳 Docker Deployment
Docker deployment provides maximum isolation and security through seccomp profiles, non-root execution, and network sandboxing.
# Production deployment with full isolation
docker run -d \
--name phantomcore \
--network phantom-net \
--security-opt no-new-privileges:true \
--security-opt seccomp:./seccomp-profile.json \
--cap-drop ALL \
--cap-add NET_BIND_SERVICE \
--read-only \
--tmpfs /tmp:noexec,nosuid,size=100m \
-v $(pwd)/config/opsec.conf:/app/config/opsec.conf:ro \
-v $(pwd)/results:/app/results:rw \
phantomcore:latest \
--target example.com --mode stealth
🧪 Testing & Validation
# Run full test suite make test # 仅限安全焦点测试 make security # 隐蔽验证(确保无模式检测) pytest tests/test_opsec.py -v # Bandit 安全扫描 bandit -r phantomcore/ -f json -o security-report.json # 检查秘密泄露 truffleHog filesystem .
🤝 Contributing
We welcome contributions that enhance operational security, improve evasion techniques, or expand vulnerability detection capabilities. All contributions must pass strict security review.
Contribution Requirements
- Sign the Contributor License Agreement
- All commits must be signed with GPG (
git commit -S) - Pre-commit hooks must pass (bandit, secrets detection)
- No real target URLs in test files (use mocks)
- OPSEC impact assessment for new features
# Setup development environment git clone --depth 1 https://github.com/phantomsec/phantomcore.git cd phantomcore make install # 创建功能分支 git checkout -b feature/your-feature-name # 提交前运行 pre-commit pre-commit run --all-files # 提交签名 commit git commit -S -m "feat: add new evasion technique" git push origin feature/your-feature-name
📜 License
PhantomCore is released under the MIT License with additional ethical use clauses.
MIT License + Ethical Use Clause
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, subject to the following conditions:
1. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
2. The Software shall be used exclusively for authorized security testing with explicit written permission from the system owner.
3. The authors assume no liability for misuse or illegal activities conducted with this Software.
Built with ❤️ by the security community for the security community.
GitHub • Documentation • Security Policy • Contact
PhantomCore v4.2.1 | Last updated: 2024-03-08
PHANTOMCORE
Advanced covert vulnerability assessment framework with military-grade OPSEC.
Adaptive evasion, polymorphic payloads, and anti-forensic capabilities for
authorized penetration testing and bug bounty operations.