GitHub
Gandalf CLI v3.2.1

Orquestador Multiagente
para Campañas Ofensivas

Gateway táctico con Sentinel enforcement, coordinación distribuida y control granular de scope. Diseñado para operaciones Red Team de alto riesgo.

Ver arquitectura →
🛡️

Sentinel System

Engine de scope enforcement con CIDR validation, domain whitelisting y kill-switch automático ante violaciones.

⚙️

Agent Orchestration

Coordinación de múltiples agentes Gwaihir con dependency resolution, task scheduling y state synchronization.

📊

Campaign Management

Playbooks reproducibles con versionado Git, rollback atómico y audit trail completo para compliance SOC 2 Type II.

Arquitectura del Orquestador

Gandalf implementa un modelo actor distribuido sobre NATS Jetstream con consensus vía Raft, garantizando exactly-once execution y state recovery automático.

gandalf campaign run --playbook recon.yaml 
▶ Gandalf Gateway v3.2.1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

[12:34:01] ⚡ Loading playbook: recon.yaml (v2.3.0)
[12:34:01]    Validating scope...
[12:34:01] ✓ Sentinel: Scope approved
              • CIDR: 10.50.0.0/16
              • Domains: *.acme.com, api.acme.com
              • Exclusions: admin.acme.com, *.prod.acme.com

[12:34:02]    Resolving task graph...
[12:34:02] ✓ Scheduler: 12 tasks, 4 parallel tracks, ~8min ETA

[12:34:03] ⚙️ Spawning agents:
              • gwaihir-recon-001 (nmap-sweep)
              • gwaihir-recon-002 (subdomain-enum)
              • gwaihir-recon-003 (tech-fingerprint)
              • gwaihir-recon-004 (ssl-analysis)

[12:34:15] [gwaihir-recon-001]  nmap scan complete
              Found: 23 open ports, 8 HTTP services

[12:34:18] [gwaihir-recon-002]  subdomains discovered
              Found: 47 subdomains, 12 active

[12:34:22] [gwaihir-recon-003]  technologies identified
              Stack: Nginx 1.24, PHP 8.2, Redis 7.0

[12:34:24] ⚠️ Sentinel: Rate limit hit (150 req/min)
              Throttling agents for 30s...

[12:35:01] ✓ Campaign complete
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Summary:  12/12 tasks ✓ | 4 agents spawned | 58s elapsed
Findings: 3 high, 7 medium, 12 low severity
Report:   ~/.gandalf/campaigns/recon-20251023/report.json

Core Components

Gateway Server (Rust + Tokio)

Server async con Tokio runtime, gRPC bidireccional para comunicación con agentes, TLS mutual authentication y connection pooling con keep-alive automático.

src/gateway/server.rs

Sentinel Engine (Policy DSL)

DSL declarativo (similar a OPA Rego) para definir scope rules, rate limits y approval workflows. Evaluación en <5ms con caching LRU de decisiones frecuentes.

src/sentinel/policy_engine.rs

Task Scheduler (Directed Acyclic Graph)

Scheduler basado en DAG con topological sort, parallel execution lanes y backpressure control. Soporta conditional branching y retry policies por task.

src/scheduler/dag_executor.rs

State Store (Distributed KV via Raft)

Key-value store distribuido con consensus Raft (3-5 nodos), snapshot automático cada 10K ops y log compaction para durabilidad a largo plazo. Compatible con etcd API v3.

src/state/raft_store.rs

Event Bus (NATS JetStream)

Message broker con exactly-once delivery guarantees, persistent streams y consumer groups para horizontal scaling. Soporta 100K+ msgs/sec con latencia p99 <10ms.

src/messaging/nats_client.rs

Sentinel: Scope Enforcement Robusto

Sistema de políticas declarativo que previene violaciones de scope, controla rate limiting y ejecuta kill-switches automáticos ante comportamiento anómalo.

Ejemplo de Policy (YAML DSL)

version: "1.0"
campaign:
  name: "Acme Corp Pentest Q4"
  authorized_by: "alice@example.com"
  start_date: "2025-10-20"
  end_date: "2025-11-15"

scope:
  allowed:
    - cidr: "10.50.0.0/16"
    - cidr: "192.168.100.0/24"
    - domain: "*.acme.com"
    - domain: "api.acme.com"

  excluded:
    - domain: "admin.acme.com"  # Production admin panel
    - domain: "*.prod.acme.com" # All prod subdomains
    - ip: "10.50.0.1"         # Gateway router

rate_limits:
  requests_per_minute: 150
  concurrent_agents: 8
  burst_allowed: true
  burst_multiplier: 2.0

kill_switch:
  on_scope_violation: true
  on_error_threshold: 10  # Stop after 10 consecutive errors
  alert_webhook: "https://alerts.example.com/gandalf"

🎯 CIDR & Domain Validation

Validación en tiempo real de cada target contra whitelist/blacklist. Soporta IPv4/IPv6, wildcards DNS y ASN-based filtering.

⏱️ Adaptive Rate Limiting

Token bucket algorithm con burst support y backoff exponencial. Integra feedback de target (429, 503) para throttling dinámico.

🚨 Automated Kill-Switch

Detiene campaña inmediatamente si detecta scope violation, error rate anómalo o manual trigger via API. Logs inmutables para forensics.

Especificaciones Técnicas

Optimizado para deployments cloud-native, k8s-ready y compatible con architectures air-gapped.

Runtime

  • Lenguajes: Rust 1.75+ (gateway), Go 1.21+ (tooling)
  • Deploy: Docker, k8s (Helm charts), systemd, bare metal
  • HA Mode: 3-5 nodos con Raft consensus + load balancing
  • Footprint: 128MB RAM base + 64MB per campaign activa

Coordinación

  • Message broker: NATS JetStream (100K+ msg/s)
  • Protocol: gRPC bidireccional con Protobuf v3
  • Max agents: 256 concurrentes (configurable)
  • Latencia: <15ms p99 (gateway → agent)

Persistencia

  • State store: Raft-based KV (RocksDB backend)
  • Campaign logs: Append-only WAL con compression zstd
  • Backups: Snapshots automáticos cada 6h + incremental
  • Retention: Configurable (default: 90 días)

Observabilidad

  • Metrics: Prometheus exporter (RED + resource metrics)
  • Tracing: OpenTelemetry con sampling inteligente
  • Logs: Structured JSON a stdout + file rotation
  • Dashboards: Grafana boards pre-built incluidos

Coordina Campañas Ofensivas con Confianza

Accede a la beta privada de Gandalf CLI y recibe soporte enterprise, documentación completa y training personalizado para tu Red Team.