███████╗██████╗ ███████╗ ██████╗████████╗ █████╗ ████████╗ ██████╗ ██████╗
██╔════╝██╔══██╗██╔════╝██╔════╝╚══██╔══╝██╔══██╗╚══██╔══╝██╔═══██╗██╔══██╗
███████╗██████╔╝█████╗  ██║        ██║   ███████║   ██║   ██║   ██║██████╔╝
╚════██║██╔═══╝ ██╔══╝  ██║        ██║   ██╔══██║   ██║   ██║   ██║██╔══██╗
███████║██║     ███████╗╚██████╗   ██║   ██║  ██║   ██║   ╚██████╔╝██║  ██║
╚══════╝╚═╝     ╚══════╝ ╚═════╝   ╚═╝   ╚═╝  ╚═╝   ╚═╝    ╚═════╝ ╚═╝  ╚═╝
See Everything. Miss Nothing
Cybersecurity DSL Python-like + Built-in Hacking Native GUI (Windows) Space Package Manager Mission Engine + Reports
Features Examples GUI Toolkit Space Manager Docs
Detecting your platform ...

Download Spectator

Single binary — no runtime needed. Build GUI tools, recon scripts, and automate assessments.

Read Documentation
Manual downloads: Windows (.exe) Linux (64-bit) macOS (Intel) macOS (Apple Silicon) GitHub Source

GUI tools available on Windows (Linux/macOS: CLI & TUI). All features work across platforms.

Built for Offensive Security & Automation

Recon & OSINT

DNS, port scans, subdomain enum, WHOIS, GeoIP, banner grabbing. One-liner recon.

ips = resolve("target.com")
PortScan(target, 1, 1024)
SubdomainEnum(target)

Web Hacking Engine

HTTP client with sessions, fuzzing, header audit, SQLi test, CORS, SSRF, path traversal.

resp = http("GET", url)
HeaderAudit(resp)
SQLiTest(url, param)

Native GUI Framework

Build real desktop security tools: inputs, tables, buttons, output windows — without web tech.

open.window({"title":"Recon"})
GUI.input("target")
GUI.button("Scan")

Space Package Manager

Install verified libraries: coffee (recon), ghost (OSINT). SHA-256 verified.

spectator space get coffee
#Import coffee

Mission Pipeline

Structured pentest workflow + auto-generate HTML reports with findings.

missionStart("Pentest")
missionFind(m, "CRITICAL", "issue")
missionReport(m, "report.html")

Payload Generation

XSS, SQLi, SSTI, LFI, CMD, XXE, LDAP, NoSQL payloads — instant.

payloads = payloadList("xss")
p = PayloadGen("sqli")
Spectator in Action

DNS + Port Scanner

target = "scanme.nmap.org"
ips = resolve(target)
ports = [22,80,443,3306]
each p : ports {
if hasPort(target,p) { Trace("open: " + str(p)) }
}

GUI Pentest Tool

#Import Spec.GUI
open.window({"title":"Ghost Recon"})
GUI.input("target")
GUI.button("Scan", "run")
GUI.on("run", func() {
t = GUI.get("target")
GUI.print("out", "Scanning " + t)
})
end()

Security Header Audit

url = "https://example.com"
resp = http("GET", url)
hdrs = ["strict-transport-security","csp"]
each h : hdrs {
if httpHeader(resp, h) == "" { Trace("Missing: " + h) }
}

Mission Report

m = missionStart("Web Audit", "target.com")
missionStage(m, "Recon")
missionFind(m, "HIGH", "Missing CSP")
missionEnd(m)
missionReport(m, "audit.html")
GUI Widgets (Windows/Linux/macOS)

Build professional cybersecurity tools with native widgets: label, input, button, output, table, tabs, sidebar, progress, image, code, alert_box and more.

Runtime GUI Commands

GUI.get("id")
GUI.set("id", "value")
GUI.print("out", "Log line")
GUI.disable("btn")
GUI.setProgress("bar", 0.75)
GUI.alert("Scan complete")

Window Customization

open.window({
"title":"Recon", "bg":"#0f172a",
"accent":"#00d4aa", "width":1100
})
Space Package Manager — Supply-Chain Secure

spectator space get coffeespectator space get ghost • SHA-256 verification.

LibraryDescriptionCommand
CoffeeFull recon: DNS, ports, web, scoringspectator space get coffee
GhostOSINT: domain intelligence, email, username enumerationspectator space get ghost
#Import coffee
coffee_full("target.com") // run full recon
#Import ghost
ghost_domain("example.com")
Official Spectator Documentation

Explore the complete language reference, GUI manual, mission engine, and space registry.

Read Full Docs (GitHub) Spectator Source

Build & Cross-Compile

spectator build script.str to myapp.exe for windows
spectator run payload.str
spectator repl

Build standalone binaries — no dependency for end users.