Open-Sourcing Our Autonomous Defence Arsenal: Here's What's Inside

We've been building autonomous kernel-level network defence at NullRabbit. This week we started open-sourcing the tooling behind it: the scanning, intelligence, observation, and adversarial validation layers that feed into our enforcement pipeline.

This post explains what each tool does, how they connect, and why we're giving them away.

The Intelligence Layer

Limpet TRS - High-precision network scanner built in Rust with eBPF/XDP kernel-bypass timing. SYN scanning with nanosecond RTT resolution.

Most network scanners operate in userspace. Timing is contaminated by kernel scheduling, context switches, and network stack overhead. That's fine for port discovery. It's useless for fingerprinting infrastructure behaviour.

Limpet timestamps packets at the NIC driver level, before the kernel network stack touches them. Nanosecond precision, measured and reproducible on real infrastructure. This is the scanner we used to evade Cloudflare and Suricata with zero alerts, zero events. The full write-up is here: We Built a Scanner to Evade Cloudflare and Suricata. It Worked.

Minerva HDN - Honeypot detection from TCP timing samples. Statistical fingerprinting that distinguishes real services from emulators like Cowrie and Dionaea.

If your scanner can't tell a real service from a trap, your intelligence is poisoned. Minerva solves this without banner grabbing or payload inspection, timing alone. The physical characteristics of a TCP handshake reveal whether you're talking to a real service or an emulator. You can fake banners. You can't fake physics.

Ferret - LLM-powered OSINT agent for infrastructure discovery. Maps attack surfaces beyond what's visible in DNS or on-chain data. Supports Sui, Solana, and more.

Infrastructure doesn't advertise itself honestly. On-chain records show validator addresses. They don't show the hosting provider, the co-located services, the management interfaces left exposed. Ferret uses LLM-assisted reasoning to discover infrastructure that conventional enumeration misses.

LLM Gateway - Multi-provider LLM gateway with automatic fallback and cost tracking. Single API across DeepSeek, Gemini, OpenAI, and Anthropic.

Every LLM-assisted tool in our stack - Ferret, Arena, our analysis pipeline - routes through this gateway. Automatic failover between providers, cost tracking per request, and a single OpenAI-compatible API regardless of which model is doing the work. This is the plumbing that makes LLM-assisted security tooling viable in production rather than a demo.

The Observation Layer

IBSR - Shadow-mode XDP/eBPF traffic collector written in Rust. Records what would have been blocked, without blocking anything.

This is the rehearsal step. Before any enforcement decision is real, IBSR observes live traffic, simulates what enforcement rules would do, and generates evidence. Fail-open by design. No blocking, no dropping, no interference. Just observation and reporting.

IBSR exists because we don't believe in deploying enforcement without evidence. You earn the right to block by first proving you understand what you'd block and what you wouldn't.

nr-mqtt - Real-time event pipeline from kernel-level detection to alerting. Millisecond latency from XDP event to remote notification.

The Adversarial Validation Layer

Arena - Adversarial rehearsal engine for autonomous red-teaming. (Coming soon - open-sourcing shortly.)

Arena is where earned autonomy becomes operational. It's an LLM-driven agent that runs autonomous red-team missions against your own detection stack.

You define a mission contract: target host, detection stack (e.g. Suricata), experiment budget, scoring preset. Arena launches an agent loop that iterates through scan experiments, collects IDS alerts after each one, scores the result against detection rate and service coverage, and decides what to try next. When the budget is exhausted, Arena writes a structured report: best evasion configuration found, full detection surface mapped, and concrete engineering recommendations for closing the gaps.

It's not a script. The agent reasons about what worked, what didn't, and what to mutate. It adapts technique, timing, and parameters across hundreds of experiments, finding gaps that periodic red teams miss because it never stops iterating.

More on Arena in the next post. It deserves its own write-up.

The Full Stack

These layers connect into a single pipeline:

Intelligence (Limpet, Minerva, Ferret) -> Observation (IBSR) -> Adversarial Validation (Arena) -> Enforcement (Guard)

Guard is our XDP enforcement layer, kernel-level blocking at line rate. It sits at the end of this pipeline. No rule reaches Guard without surviving the full lifecycle. Rules that Arena breaks get revoked or revised. Rules that survive get scored, tracked, and granted scoped enforcement authority.

The thesis is simple: autonomous enforcement must earn authority through continuous adversarial validation. These tools are the layers that make that possible.

Why Open Source

Scanning and intelligence tools should be transparent. If you're scanning the internet, people should be able to inspect what you're running and how.

Credibility requires inspection. We can't claim kernel-level precision without showing the code. And we'd rather be challenged on the evidence than trusted on reputation.

The moat isn't in individual tools. It's in the system: the lifecycle from observation through adversarial validation to earned enforcement authority. Open-sourcing the components demonstrates the foundation without giving away the integration.

Everything is MIT licensed.

Repos:

• Limpet TRS - eBPF/XDP scanner, nanosecond RTT (Rust)
• Minerva HDN - honeypot detection (Python)
• Ferret - LLM OSINT agent (Python)
• LLM Gateway - multi-provider gateway (Python)
• IBSR - shadow-mode XDP collector (Rust)
• nr-mqtt - event pipeline (Go)

Arena and the full scan platform are coming next.

Don't forget to visit our transparency pages here, which include IPs we've scanned from here.