Red Specter POLTERGEIST is a Python-based automated web application penetration testing tool that deploys 10 autonomous agents across 55 attack vectors. It is installed via pip and operates as a CLI tool with no external tool dependencies or subprocess calls — all payloads, mutation logic, and scoring engines are written in pure Python. The 10 agents each cover a distinct attack phase: - G-01 Wraith: Reconnaissance and endpoint discovery - G-02 Specter: Injection attacks (SQLi, XSS, SSRF, RCE, SSTI, XXE, LDAP) - G-03 Shade: WAF bypass and evasion techniques - G-04 Banshee: Authentication attacks (JWT, OAuth, MFA, session) - G-05 Phantom: API assault (REST, GraphQL, WebSocket, gRPC, BOLA, BFLA) - G-06 Ghoul: Client-side attacks (DOM XSS, prototype pollution, CSP bypass) - G-07 Lich: Infrastructure issues (path traversal, LFI/RFI, CORS, TLS) - G-08 Wendigo: Business logic flaws (race conditions, IDOR, privilege escalation) - G-09 Poltergeist: Swarm orchestration and attack chain correlation - G-10 Revenant: Exfiltration and persistence detection Findings are mapped to OWASP Web Top 10, OWASP API Top 10, and CWE IDs, and scored using CVSS 3.1. Reports are output in HTML and JSON formats, signed with Ed25519 and timestamped via RFC 3161. 10 named campaign playbooks are included (e.g. full_assault, silent_recon, api_siege, waf_buster). A CI/CD grade gate is available via the --fail-below flag. SIEM export is supported natively for Splunk, Microsoft Sentinel, and IBM QRadar. POLTERGEIST is available on Kali Linux, Parrot OS, BlackArch, REMnux, Tsurugi, PyPI, macOS, Windows, and Docker.