Attack-pattern scanner for LLM APIs: jailbreaks, prompt injection, system prompt leaks.
Project description
Jailscan
Test your LLM app for jailbreaks and prompt injection in 60 seconds — no ML background required.
Jailscan sends a curated library of real-world attack prompts (jailbreaks, prompt injection, system-prompt extraction) against any OpenAI-compatible chat endpoint and tells you exactly which ones broke through.
pip install jailscan
jailscan scan --url https://api.yourapp.com/v1/chat/completions --api-key sk-...
Jailscan Scan Report — https://api.yourapp.com/v1/chat/completions
------------------------------------------------------------
[PASS] jb-001 Jailbreak Classic DAN jailbreak attempt
[FAIL] pi-001 Prompt Injection Direct instruction override injection
[PASS] sp-001 System Prompt Leak Direct system prompt extraction attempt
...
------------------------------------------------------------
Total: 10 Passed: 7 Failed: 3 Manual review: 1
⚠ 3 vulnerability(ies) found. See failed rows above for the exact prompts that broke through.
Why
Every team shipping an LLM feature eventually asks "can someone jailbreak this?" Today the honest answer is usually "we don't know" — because the existing tools (garak, PyRIT) are built for security researchers, not app developers who just want a fast yes/no answer before shipping.
Jailscan is the 5-minute version: point it at your endpoint, get a pass/fail report, wire it into CI so regressions get caught automatically.
Install
pip install jailscan
Usage
Basic scan (OpenAI-compatible endpoint)
jailscan scan --url https://api.openai.com/v1/chat/completions \
--api-key sk-... \
--model gpt-4o-mini
Scan your own custom endpoint
If your API doesn't follow the OpenAI choices[0].message.content shape,
point Jailscan at the correct path:
jailscan scan --url https://myapp.com/chat \
--response-path reply.text
Limit to specific categories
jailscan scan --url ... --category jailbreak --category prompt_injection
Save a full JSON report (for CI or dashboards)
jailscan scan --url ... --json report.json
Use in CI (GitHub Actions)
- name: Run Jailscan scan
run: |
pip install jailscan
jailscan scan --url ${{ secrets.STAGING_ENDPOINT }} --api-key ${{ secrets.API_KEY }}
The CLI exits with code 1 if any test fails, so it blocks the pipeline automatically.
Use as a library
from jailscan import Scanner
scanner = Scanner(endpoint_url="https://api.openai.com/v1/chat/completions",
api_key="sk-...", model="gpt-4o-mini")
report = scanner.run()
print(report.summary())
Attack categories covered (v0.1)
- Jailbreak — DAN-style, roleplay, fictional framing, authority/sandbox framing
- Prompt injection — direct override, injected fake system tags, fake XML/HTML injection
- System prompt leak — direct extraction, debug-framing extraction
- Data leak — cross-session context probing (flagged for manual review)
More scenarios ship regularly — this is v0.1.
Roadmap
- Hosted dashboard with scan history and trend charts
- Slack/email alerts on regression
- Custom scenario authoring (bring your own attack prompts)
- Multi-turn / agentic attack chains
- Support for non-OpenAI-shaped APIs out of the box (Anthropic, Cohere, etc.)
License
Core CLI is MIT-licensed and free forever. A hosted dashboard (history, CI badges, team alerts) is available as a paid add-on — see jailscan.dev (coming soon).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file jailscan-0.1.1.tar.gz.
File metadata
- Download URL: jailscan-0.1.1.tar.gz
- Upload date:
- Size: 8.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5ef96c5c0b881afb65fa65e55d9a0eb8745bced680e0cfa9e916b0839d3f9a73
|
|
| MD5 |
69b0a0865507f7c741185b87dfac9881
|
|
| BLAKE2b-256 |
30ae0c4c91a01532d0929b6f60e9df12a6905f888d306996a53c39221d9dda68
|
File details
Details for the file jailscan-0.1.1-py3-none-any.whl.
File metadata
- Download URL: jailscan-0.1.1-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d479a2f72ff7e5e33f3035e50241da77c356f0ab1dffcef882d929a794aed320
|
|
| MD5 |
9c5ec7e4bc764a3527376fe24ab803c8
|
|
| BLAKE2b-256 |
6997c5b77aba0f9caae1fc56beed02cb0bda577a6e82480c818c8124076b46c9
|