Spectator — A Cybersecurity Language That Actually Gets Work Done
███████╗██████╗ ███████╗ ██████╗████████╗ █████╗ ████████╗ ██████╗ ██████╗
██╔════╝██╔══██╗██╔════╝██╔════╝╚══██╔══╝██╔══██╗╚══██╔══╝██╔═══██╗██╔══██╗
███████╗██████╔╝█████╗ ██║ ██║ ███████║ ██║ ██║ ██║██████╔╝
╚════██║██╔═══╝ ██╔══╝ ██║ ██║ ██╔══██║ ██║ ██║ ██║██╔══██╗
███████║██║ ███████╗╚██████╗ ██║ ██║ ██║ ██║ ╚██████╔╝██║ ██║
╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
See Everything. Miss Nothing.
What if your entire cybersecurity workflow lived inside one language?
No switching between Python, Bash, and dozens of disconnected tools.
No glue scripts. No messy pipelines.
Just one clean, purpose-built system.
That’s Spectator.
The Problem
Modern security workflows are fragmented by design.
- Python for scripting
- Bash for automation
- Standalone tools for scanning and fuzzing
- Separate stacks for GUI tools
Everything works — but nothing works together.
You spend more time connecting tools than actually testing systems.
The Idea Behind Spectator
Spectator is a cybersecurity-first scripting language designed to unify your workflow.
It combines:
- Simple, readable syntax
- Built-in security modules
- Native GUI framework
- Integrated package manager
- Standalone binary compilation
All inside a single runtime.
Recon in 5 Lines
target = "scanme.nmap.org"
ips = resolve(target)
Trace("IPs: " --> join(ips, ", "))
do --> PortScan(target, 1, 1024)
do --> SSLInfo(target)
No imports. No external dependencies. No setup.
Build a Real GUI Tool
#Import Spec.GUI
open.window({"title": "Ghost Recon", "bg": "#070b14", "accent": "#00d4aa"})
GUI.input("target", "Enter target...")
GUI.button("Scan", "run", {"color": "#00d4aa"})
GUI.output("out", {"height": 400})
GUI.on("run", func() {
t = GUI.get("target")
ips = resolve(t)
each ip : ips {
GUI.print("out", "IP: " --> ip)
}
})
end()
No Electron. No web stack. No Python GUI frameworks.
Built-in Security Modules
Spectator includes native support for:
- Recon: PortScan, DNSLookup, CIDRScan
- OSINT: WHOIS, GeoIP, Subdomain Enumeration
- Web: HTTP probing, header analysis, SSL inspection
- Exploitation: SQLi, CORS, Open Redirect testing
- Fuzzing: Directory busting, URL fuzzing
- Payload generation for multiple attack vectors
- Encoding, hashing, and cryptographic utilities
Everything is directly accessible from the language.
HTTP Engine Included
resp = http("GET", "https://target.com", {"timeout": 5000})
Trace(httpStatus(resp))
Trace(extractTitle(httpBody(resp)))
No external libraries required.
Mission Engine for Structured Testing
m = missionStart("Web App Pentest", "target.com")
missionStage(m, "Recon")
missionFind(m, "CRITICAL", ".env exposed", "Credentials leaked")
missionEnd(m)
missionReport(m, "report.html")
Generate structured reports automatically.
Space Package Manager
spectator space get coffee
spectator space verify coffee
spectator space registry
All packages are SHA-256 verified by default.
Build Standalone Tools
spectator build tool.str to Tool.exe for windows
No runtime required for end users.
Why Spectator Exists
Because cybersecurity tooling is unnecessarily complex.
Because developers keep rebuilding the same pipelines.
Because switching between tools breaks flow.
Spectator removes that friction.
Links
Website: https://spectatorlang.pages.dev/
Documentation: https://github.com/CzaxStudio/SpectatorDocs/
Source: https://github.com/CzaxStudio/Spectator
Final Thought
Spectator is not trying to replace existing tools.
It is trying to replace the need to glue them together.
If you build tools, automate testing, or work in offensive security — this is for you.
Top comments (0)