Prompt injection payload library and automated LLM endpoint tester
Project description
💉 NullSec PromptInject
Prompt Injection Payload Library & Tester
Curated prompt injection payloads and automated testing for LLM applications
🎯 Overview
NullSec PromptInject is a curated library of prompt injection payloads and an automated tester for LLM-powered applications. It targets system prompt extraction, instruction hijacking, context manipulation, and output steering across chatbots, RAG pipelines, AI agents, and function-calling systems.
⚡ Features
| Feature | Description |
|---|---|
| Payload Library | 500+ categorised prompt injection payloads |
| System Prompt Extraction | Techniques to leak hidden system instructions |
| Instruction Override | Payloads that hijack model behaviour |
| Context Manipulation | Indirect injection via RAG document poisoning |
| Function Call Abuse | Exploit tool-use / function-calling APIs |
| Multi-Language | Payloads in EN, ZH, JA, DE, FR, ES, AR |
| Auto-Tester | Batch-test payloads against target endpoints |
📋 Payload Categories
| Category | Count | Targets |
|---|---|---|
| System Prompt Extraction | 80+ | Chatbots, assistants |
| Instruction Override | 90+ | Any LLM app |
| Jailbreak Chains | 60+ | Safety-aligned models |
| Indirect Injection | 50+ | RAG, email agents |
| Function Call Abuse | 40+ | Tool-use agents |
| Output Steering | 45+ | Content generators |
| Encoding Bypass | 35+ | Input filters |
| Multi-turn Escalation | 30+ | Conversation systems |
🚀 Quick Start
# Test all payloads against a target endpoint
nullsec-promptinject test --target http://chatbot.example.com/api --category all
# Extract system prompt
nullsec-promptinject extract --target http://chatbot.example.com/api --techniques top20
# Test RAG indirect injection
nullsec-promptinject indirect --target http://rag.example.com/query --inject-doc malicious.txt
# List available payload categories
nullsec-promptinject list --categories
🔗 Related Projects
| Project | Description |
|---|---|
| nullsec-llmred | LLM red-teaming framework |
| nullsec-adversarial | Adversarial ML attack toolkit |
| nullsec-modelaudit | ML model security auditing |
| nullsec-datapoisoning | Training data poisoning detection |
| nullsec-linux | Security Linux distro (140+ tools) |
⚠️ Legal
For authorized security testing only. Never use prompt injection against systems without explicit written permission.
📜 License
MIT License — @bad-antics
Part of the NullSec AI/ML Security Suite
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nullsec_promptinject-0.1.0.tar.gz.
File metadata
- Download URL: nullsec_promptinject-0.1.0.tar.gz
- Upload date:
- Size: 7.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b039dc551a2670167b3847456cf6710f04c9264aae41bdb7f5dd0bac2388edf2
|
|
| MD5 |
b5a57d25a5543cf289090807373b1c5b
|
|
| BLAKE2b-256 |
6428b5c5637ea6877e7d6194e6433a104c99023b99398350424f8db2e578484d
|
File details
Details for the file nullsec_promptinject-0.1.0-py3-none-any.whl.
File metadata
- Download URL: nullsec_promptinject-0.1.0-py3-none-any.whl
- Upload date:
- Size: 8.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
af857c01505f75cfbb7d4ac2e0f8407e5ffd7ec7baade79b24d4b29d12e9b7b3
|
|
| MD5 |
bbc1506288cd3dcfc4c6b54a0c039b65
|
|
| BLAKE2b-256 |
a030addf6494dfc045204434cde114cca10abd25a44b12c445ac30a6a9146ac5
|
