BLACKRAINBOW^®

The Full Spectrum.

Security assurance framework with plugin architecture, YAML-driven engagements, and domain-expert AI trained across 11 security domains.

Status

OPERATIONAL

Version

0.1.0

Tests

116 PASSING

Domains

11 COLORS

CLI

br / blackrainbow

GET STARTED CHEAT SHEET DOCUMENTATION

// PIPELINE

Five-stage execution engine.

Stage 01

generate

Plugins produce attack sequences from engagement context. Recon generates nmap scans, exploitation generates technique chains.

Stage 02

transform

Strategies reorder, filter, or modify sequences. Sequential runs in order. Parallel fans out. Adaptive responds to results.

Stage 03

execute

Targets run each step as a subprocess. Network services execute nmap, gobuster, ffuf. Timeout and error handling built in.

Stage 04

grade

Plugins evaluate results. Nmap XML parsed for services and vulns. Scores 0.0 to 1.0. Discovered services feed downstream plugins.

Stage 05

report

Results compiled into structured output. Markdown, JSON, HTML. MITRE ATT&CK technique mapping. Training pair export.

// THE SPECTRUM

11 colors across the full attack surface.

Red

Offensive operations, exploitation, initial access, lateral movement

Orange

Reconnaissance, enumeration, OSINT, target profiling, network mapping

Yellow

Credential access, password attacks, hash cracking, authentication bypass

Green

Infrastructure, networking, protocols, service configuration

Blue

Defensive operations, detection engineering, incident response, monitoring

Indigo

Privilege escalation, persistence, post-exploitation, system internals

Violet

Web application security, injection, deserialization, SSRF, XSS

Grey

Governance, compliance, risk management, frameworks, methodology

Gold

Credential access, kerberos, Active Directory, identity attacks

Cyan

AI/ML security, prompt injection, model attacks, adversarial ML

Pink

Social engineering, phishing, pretexting, human-layer attacks

// TRAINING CORPUS

Domain-expert AI from real operator knowledge.

63,174

Training Pairs

Sources

~28.9M

Tokens

Color Domains

485

Live Fire Transcripts

424

Kill Chain Reconstructions

Live Fire Transcripts

485 operator engagements transcribed and converted to structured Q&A pairs. Real-time decision-making captured at every pivot point.

9,193 pairs

Kill Chain Reconstructions

424 complete engagement reconstructions covering 352 unique targets. Attack phase pairs, command references, and technique concepts extracted per kill chain.

4,104 pairs across 3 categories

Rainbow Series

5 volumes of original security reference material spanning the full attack surface. The namesake of the training pipeline and the origin of the color system.

8,136 pairs

Operator Handbooks + Cheatsheets

Field-tested reference material from working operators. Command syntax, tool usage patterns, and quick-reference extraction across all 11 domains.

1,194 pairs

Deep Dives + Targeted Enrichment

Domain-specific deep analysis and enrichment passes covering AD attacks, binary exploitation, cloud security, cryptography, and emerging threat surfaces.

2,743 pairs

ZL Reference Corpus

Internal zero-lab reference library. Curated Q&A pairs from 34 sources across infrastructure, tooling, technique documentation, and operational knowledge.

9,944 pairs

// ARCHITECTURE

Registry-driven plugin architecture.

blackrainbow.yaml
       |
       v
+--------------+
| config.py    |  Parse YAML, validate with Pydantic
|              |  Normalize plugin refs (string/dict)
|              |  Convert to EngagementContext
+------+-------+
       |
       v
+--------------+     +-----------------+
| engine.py    |---->| BlackRainbow AI  |  Ollama inference
|              |     +-----------------+
+------+-------+
       |
       +--->  plugin.generate(context)      -->  List[AttackSequence]
       |
       +--->  strategy.transform(seqs)     -->  List[AttackSequence]
       |
       +--->  target.execute(step)         -->  ExecutionResult
       |
       +--->  plugin.grade(seq, result)   -->  GradeResult
       |
       +--->  report.generate()            -->  MD / JSON / HTML

Registry Pattern

Decorator-based registration at import time. @register_plugin populates a module-level dict. Lookup by string ID. Zero boilerplate to add new components.

Pydantic Config

7 models validate every YAML config field. Target types, output formats, plugin references all type-checked before the engine starts. Bad config fails fast.

Service Accumulation

Discovered services feed back into EngagementContext. Later plugins read what recon found. Credential plugins target SSH on port 22 because recon told them it was there.

Lazy Imports

CLI lazy-imports config and engine only in the run command. br --help loads in under 100ms. _import_builtins() triggers decorator registration on demand.

Target Types

7 supported types: network-service, web-application, active-directory, cloud-service, ai-system, ninjato, custom. Each gets its own target class and execution model.

Model Integration

Plugins generate model prompts for the BlackRainbow AI via Ollama. The model suggests next steps based on discovered services and engagement context. Domain-expert, not generic.

BLACKRAINBOW®