Skip to main content

Attack-pattern scanner for LLM APIs: jailbreaks, prompt injection, system prompt leaks.

Project description

Jailscan

Test your LLM app for jailbreaks and prompt injection in 60 seconds — no ML background required.

Jailscan sends a curated library of real-world attack prompts (jailbreaks, prompt injection, system-prompt extraction) against any OpenAI-compatible chat endpoint and tells you exactly which ones broke through.

pip install jailscan

jailscan scan --url https://api.yourapp.com/v1/chat/completions --api-key sk-...
Jailscan Scan Report — https://api.yourapp.com/v1/chat/completions
------------------------------------------------------------
[PASS] jb-001   Jailbreak            Classic DAN jailbreak attempt
[FAIL] pi-001   Prompt Injection     Direct instruction override injection
[PASS] sp-001   System Prompt Leak   Direct system prompt extraction attempt
...
------------------------------------------------------------
Total: 10  Passed: 7  Failed: 3  Manual review: 1

⚠  3 vulnerability(ies) found. See failed rows above for the exact prompts that broke through.

Why

Every team shipping an LLM feature eventually asks "can someone jailbreak this?" Today the honest answer is usually "we don't know" — because the existing tools (garak, PyRIT) are built for security researchers, not app developers who just want a fast yes/no answer before shipping.

Jailscan is the 5-minute version: point it at your endpoint, get a pass/fail report, wire it into CI so regressions get caught automatically.

Install

pip install jailscan

Usage

Basic scan (OpenAI-compatible endpoint)

jailscan scan --url https://api.openai.com/v1/chat/completions \
  --api-key sk-... \
  --model gpt-4o-mini

Scan your own custom endpoint

If your API doesn't follow the OpenAI choices[0].message.content shape, point Jailscan at the correct path:

jailscan scan --url https://myapp.com/chat \
  --response-path reply.text

Limit to specific categories

jailscan scan --url ... --category jailbreak --category prompt_injection

Save a full JSON report (for CI or dashboards)

jailscan scan --url ... --json report.json

Use in CI (GitHub Actions)

- name: Run Jailscan scan
  run: |
    pip install jailscan
    jailscan scan --url ${{ secrets.STAGING_ENDPOINT }} --api-key ${{ secrets.API_KEY }}

The CLI exits with code 1 if any test fails, so it blocks the pipeline automatically.

Use as a library

from jailscan import Scanner

scanner = Scanner(endpoint_url="https://api.openai.com/v1/chat/completions",
                   api_key="sk-...", model="gpt-4o-mini")
report = scanner.run()
print(report.summary())

Attack categories covered (v0.1)

  • Jailbreak — DAN-style, roleplay, fictional framing, authority/sandbox framing
  • Prompt injection — direct override, injected fake system tags, fake XML/HTML injection
  • System prompt leak — direct extraction, debug-framing extraction
  • Data leak — cross-session context probing (flagged for manual review)

More scenarios ship regularly — this is v0.1.

Roadmap

  • Hosted dashboard with scan history and trend charts
  • Slack/email alerts on regression
  • Custom scenario authoring (bring your own attack prompts)
  • Multi-turn / agentic attack chains
  • Support for non-OpenAI-shaped APIs out of the box (Anthropic, Cohere, etc.)

License

Core CLI is MIT-licensed and free forever. A hosted dashboard (history, CI badges, team alerts) is available as a paid add-on — see jailscan.dev (coming soon).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jailscan-0.1.1.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

jailscan-0.1.1-py3-none-any.whl (9.3 kB view details)

Uploaded Python 3

File details

Details for the file jailscan-0.1.1.tar.gz.

File metadata

  • Download URL: jailscan-0.1.1.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for jailscan-0.1.1.tar.gz
Algorithm Hash digest
SHA256 5ef96c5c0b881afb65fa65e55d9a0eb8745bced680e0cfa9e916b0839d3f9a73
MD5 69b0a0865507f7c741185b87dfac9881
BLAKE2b-256 30ae0c4c91a01532d0929b6f60e9df12a6905f888d306996a53c39221d9dda68

See more details on using hashes here.

File details

Details for the file jailscan-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: jailscan-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 9.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for jailscan-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d479a2f72ff7e5e33f3035e50241da77c356f0ab1dffcef882d929a794aed320
MD5 9c5ec7e4bc764a3527376fe24ab803c8
BLAKE2b-256 6997c5b77aba0f9caae1fc56beed02cb0bda577a6e82480c818c8124076b46c9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page