LLM Attack Surface Mapper for AI Security Testing
Project description
██╗ ██╗ ███╗ ███╗ █████╗ ███████╗███╗ ███╗
██║ ██║ ████╗ ████║██╔══██╗██╔════╝████╗ ████║
██║ ██║ ██╔████╔██║███████║███████╗██╔████╔██║
██║ ██║ ██║╚██╔╝██║██╔══██║╚════██║██║╚██╔╝██║
███████╗███████╗██║ ╚═╝ ██║██║ ██║███████║██║ ╚═╝ ██║
╚══════╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝
LLM Attack Surface Mapper
LLMASM
Discover • Intercept • Exploit • Verify
Mapping the hidden attack surface of AI-powered applications.
Tech Stack
Why LLMASM?
Traditional scanners treat AI applications as black boxes.
LLMASM treats them as attack surfaces.
- Hidden AI endpoint discovery
- Prompt injection testing
- AI proxy detection
- Tool chain mapping
- Dynamic traffic interception
- LLM-assisted verification
Architecture
┌───────────────────┐
│ Target Website │
└─────────┬─────────┘
│
┌────────────┴────────────┐
│ │
┌─────────────┐ ┌─────────────┐
│ JS Recon │ │ Browser │
│ Engine │ │ Interceptor │
└──────┬──────┘ └──────┬──────┘
│ │
└──────────┬───────────┘
│
┌───────▼───────┐
│ AI Discovery │
└───────┬───────┘
│
┌───────▼───────┐
│ Active Tests │
└───────┬───────┘
│
┌───────▼───────┐
│ LLM Judge │
└───────┬───────┘
│
┌───────▼───────┐
│ HTML Reports │
└───────────────┘
Installation
git clone https://github.com/yourusername/llmasm
cd llmasm
pip install -r requirements.txt
Usage
llmasm scan https://target-ai-app.com --stealth
Example Output
=========================================
Target : https://target.com
AI Score : 92
API Score : 85
Findings:
[HIGH] Prompt Injection Surface
[HIGH] Internal AI Proxy
[MEDIUM] Hidden API Endpoint
[LOW] Framework Fingerprint
=========================================
Features
- Static JavaScript Analysis
- Dynamic Network Interception
- Prompt Injection Testing
- AI Endpoint Discovery
- WAF Evasion
- LLM-as-a-Judge
- Interactive Reports
- Relationship Graphs
Research Areas
- Prompt Injection
- System Prompt Leakage
- Hidden AI APIs
- Tool Abuse
- RAG Exposure
- Agent Chains
- Context Leakage
Community & Security
LLMASM welcomes contributions, security research, and responsible disclosure.
Contributing
Interested in improving LLMASM?
- Add new payloads
- Improve detection engines
- Enhance reports
- Contribute research
- Fix bugs and documentation
Please read:
before submitting a pull request.
Security Reporting
If you discover a vulnerability within LLMASM itself, please follow the responsible disclosure process described in:
Please do not publicly disclose unpatched vulnerabilities.
Disclaimer
This project is intended for:
- Authorized security testing
- Security research
- Educational use
- Bug bounty programs
Unauthorized testing of systems without permission may be illegal.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file llmasm_ananya-0.4.0.tar.gz.
File metadata
- Download URL: llmasm_ananya-0.4.0.tar.gz
- Upload date:
- Size: 26.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4ebb26c208ec41d10bcdb3433f56e5a95f5adbff64befe5122dad376ee40f93f
|
|
| MD5 |
e703721d45ab8bc774b7059ad03d6341
|
|
| BLAKE2b-256 |
6372d213546a18cba5d713749545847d943cd3a534417df26a028ab73c6fb2ed
|
File details
Details for the file llmasm_ananya-0.4.0-py3-none-any.whl.
File metadata
- Download URL: llmasm_ananya-0.4.0-py3-none-any.whl
- Upload date:
- Size: 32.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dc587a547f47f87a958cb0140032e83e905870c441f0bb4abaa9d09a96a81466
|
|
| MD5 |
7555746918f218e096f3fe918c711923
|
|
| BLAKE2b-256 |
6cca82977e853ceced2f6ed6a30b1091af123f4025c266f5e6531f9f6a8923e9
|