Skip to main content

LLM Attack Surface Mapper for AI Security Testing

Project description

██╗     ██╗     ███╗   ███╗ █████╗ ███████╗███╗   ███╗
██║     ██║     ████╗ ████║██╔══██╗██╔════╝████╗ ████║
██║     ██║     ██╔████╔██║███████║███████╗██╔████╔██║
██║     ██║     ██║╚██╔╝██║██╔══██║╚════██║██║╚██╔╝██║
███████╗███████╗██║ ╚═╝ ██║██║  ██║███████║██║ ╚═╝ ██║
╚══════╝╚══════╝╚═╝     ╚═╝╚═╝  ╚═╝╚══════╝╚═╝     ╚═╝

LLM Attack Surface Mapper

LLMASM

Discover • Intercept • Exploit • Verify

Mapping the hidden attack surface of AI-powered applications.


Tech Stack


Why LLMASM?

Traditional scanners treat AI applications as black boxes.

LLMASM treats them as attack surfaces.

  • Hidden AI endpoint discovery
  • Prompt injection testing
  • AI proxy detection
  • Tool chain mapping
  • Dynamic traffic interception
  • LLM-assisted verification

Architecture

        ┌───────────────────┐
        │   Target Website  │
        └─────────┬─────────┘
                  │
     ┌────────────┴────────────┐
     │                         │

┌─────────────┐        ┌─────────────┐
│ JS Recon    │        │ Browser     │
│ Engine      │        │ Interceptor │
└──────┬──────┘        └──────┬──────┘
       │                      │
       └──────────┬───────────┘
                  │
          ┌───────▼───────┐
          │ AI Discovery  │
          └───────┬───────┘
                  │
          ┌───────▼───────┐
          │ Active Tests  │
          └───────┬───────┘
                  │
          ┌───────▼───────┐
          │ LLM Judge     │
          └───────┬───────┘
                  │
          ┌───────▼───────┐
          │ HTML Reports  │
          └───────────────┘

Installation

git clone https://github.com/yourusername/llmasm

cd llmasm

pip install -r requirements.txt

Usage

llmasm scan https://target-ai-app.com --stealth

Example Output

=========================================

Target      : https://target.com
AI Score    : 92
API Score   : 85

Findings:

[HIGH] Prompt Injection Surface
[HIGH] Internal AI Proxy
[MEDIUM] Hidden API Endpoint
[LOW] Framework Fingerprint

=========================================

Features

  • Static JavaScript Analysis
  • Dynamic Network Interception
  • Prompt Injection Testing
  • AI Endpoint Discovery
  • WAF Evasion
  • LLM-as-a-Judge
  • Interactive Reports
  • Relationship Graphs

Research Areas

  • Prompt Injection
  • System Prompt Leakage
  • Hidden AI APIs
  • Tool Abuse
  • RAG Exposure
  • Agent Chains
  • Context Leakage

Community & Security

LLMASM welcomes contributions, security research, and responsible disclosure.

Contributing

Interested in improving LLMASM?

  • Add new payloads
  • Improve detection engines
  • Enhance reports
  • Contribute research
  • Fix bugs and documentation

Please read:

before submitting a pull request.


Security Reporting

If you discover a vulnerability within LLMASM itself, please follow the responsible disclosure process described in:

Please do not publicly disclose unpatched vulnerabilities.


Disclaimer

This project is intended for:

  • Authorized security testing
  • Security research
  • Educational use
  • Bug bounty programs

Unauthorized testing of systems without permission may be illegal.


AI applications are not black boxes.

They are attack surfaces.

⭐ Star the repository if you find it useful.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

llmasm_ananya-0.4.0.tar.gz (26.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

llmasm_ananya-0.4.0-py3-none-any.whl (32.4 kB view details)

Uploaded Python 3

File details

Details for the file llmasm_ananya-0.4.0.tar.gz.

File metadata

  • Download URL: llmasm_ananya-0.4.0.tar.gz
  • Upload date:
  • Size: 26.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for llmasm_ananya-0.4.0.tar.gz
Algorithm Hash digest
SHA256 4ebb26c208ec41d10bcdb3433f56e5a95f5adbff64befe5122dad376ee40f93f
MD5 e703721d45ab8bc774b7059ad03d6341
BLAKE2b-256 6372d213546a18cba5d713749545847d943cd3a534417df26a028ab73c6fb2ed

See more details on using hashes here.

File details

Details for the file llmasm_ananya-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: llmasm_ananya-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 32.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for llmasm_ananya-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 dc587a547f47f87a958cb0140032e83e905870c441f0bb4abaa9d09a96a81466
MD5 7555746918f218e096f3fe918c711923
BLAKE2b-256 6cca82977e853ceced2f6ed6a30b1091af123f4025c266f5e6531f9f6a8923e9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page