LLMsploit a vulnerability scanner for Large Language Models

Warning

Please note that this repository contains examples of harmful, unethical, illegal, offensive, or biased language. We apologize for any discomfort that may arise while reading such content.

Table of contents

• Installation
• Using LLM models
• Getting started
• Example of work
• Resources
• Context
• License

Installation

1. Clone the repository:

   git clone git@github.com:jalners/llmsploit.git

2. Go to the project folder:

   cd llmsploit

3. Install dependencies using uv:

   uv sync

Using LLM models

Set the API keys in the environment variables to work with external LLMs:

• For OpenAI models - OPENAI_API_KEY
• For Anthropic models - ANTHROPIC_API_KEY
• For Google Gemini models - GOOGLE_API_KEY
• For XAI Grok models - XAI_API_KEY

If you want to use local models, you have several options for doing this:

• Install Docker and use their Docker Model Runner functionality
• Install Ollama and use their models
• Install LM Studio to run local AI models

Note

At the moment, we support working with models through OpenAI-compatible APIs (interfaces designed to mimic the structure and functionality of OpenAI's API endpoints).

Getting started

LLMsploit can be used in Python applications and via the command line interface (CLI).

Using in Python

The following code will help integrate LLMsploit into a Python application:

from llmsploit.app import App

# Configuration dictionary.
config = {
    "target_url": "TARGET_LLM_URL",
    "target_model_name": "TARGET_LLM_NAME",
    "target_model_type": "TARGET_LLM_TYPE", # If an external model is used.
    "evaluation_url": "EVALUATION_LLM_URL",
    "evaluation_model_name": "EVALUATION_LLM_NAME",
    "evaluation_model_type": "EVALUATION_LLM_TYPE"  # If an external model is used.
}

# Create an application for future use (with the configuration dictionary).
app = App(config)

# Create an application for future use (with path to the configuration file).
# app = App("example_config.yaml")

# For the complete vulnerability scanning process, call the following method:
result = app.process()

If you have Docker and the gemma3 and gpt-oss models installed, you can use the code examples from the example.py and example_config.yaml files.

Using in CLI

Run the following command in your console:

uv run -m llmsploit --target_url TARGET_LLM_URL --target_model_name TARGET_LLM_NAME --evaluation_url EVALUATION_LLM_URL --evaluation_model_name EVALUATION_LLM_NAME

If you have Docker and the gemma3 and gpt-oss models installed, you can Run the following command in your console:

uv run -m llmsploit --target_url http://localhost:12434/engines/v1/chat/completions --target_model_name ai/gemma3 --evaluation_url http://localhost:12434/engines/v1/chat/completions --evaluation_model_name ai/gpt-oss

Application options description

• target_url - URL address of the investigated LLM
• target_model_name - Investigated LLM name
• target_model_type - Investigated LLM type (for external models only; possible values - openai, anthropic, google, xai, etc.)
• categories - Default forbidden categories for use (possible values - "Harmful Content", "Cybercrime Activities", "Physical Harm", "Economic Harm", "Illegal Drugs", "Weapons Activities", "Terrorist Content", "Intellectual Property Infringement", "Fraud", "Disinformation", "Adult Content", "Political Activities", "Privacy Violations", "Unauthorized Practices", "Government Decisions")
• language - Prompt dataset language (default value - en, possible values - uk)
• exploits - Exploit disabling flag (possible values - False for using in Python, empty value for CLI)
• evaluation_url - URL address of the evaluation LLM
• evaluation_model_name - Evaluation LLM name
• evaluation_model_type - Evaluation LLM type (for external models only; possible values - openai, anthropic, google, xai, etc.)

Example of work

As a test example, we simulate an attack on the local Google's Gemma 3 model (4B parameters, Q4_K_M quantization). The evaluation is performed by OpenAI's local gpt-oss model (20B parameters, Q4_K_M quantization). The simulation is performed on a MacBook Pro laptop with an Apple M1 Max processor and 32 GB of memory. The models are run using Docker Model Runner feature.

Scan report summary:

Scan settings:

IMECA cybersecurity analysis:

Cyber risk criticality matrix before applying countermeasures:

Countermeasures rating matrix:

Cyber risk criticality matrix of most productive countermeasure (Self Defense):

Cyber risk criticality matrix of highest-rated countermeasure (Input Check):

Resources

See the RESOURCES.md file for more details about the list of used resources.

Context

The scanner was developed while researching for a dissertation on competition for scientific degree of Doctor of Philosophy by specialty 125 Cybersecurity. – National Aerospace University "Kharkiv Aviation Institute", Kharkiv, 2026.

The theme of the dissertation is: "Methods and means of cybersecurity analysis and protection of Large Language Models from generating forbidden content on local and cloud servers".

Publications on the research topic:

• Ensurance of artificial intelligence systems cyber security: analysis of vulnerabilities, attacks and countermeasures
• Model for Describing Processes of AI Systems Vulnerabilities Collection and Analysis using Big Data Tools
• Multi-source Analysis of AI Vulnerabilities: Methodology and Algorithms of Data Collection
• Large Language Models Vulnerabilities Criticality: ІМЕСА-based Analysis of Attacks and Countermeasures
• A model of ensuring LLM cybersecurity
• Method for criticality analysis of vulnerabilities in Large Language Models
• IMECA method of risk-based assessment and ensuring cybersecurity of Large Language Models
• Information Technology for Assessing and Ensuring Cybersecurity of Large Language Models

License

This project is licensed under the MIT license. See the LICENSE file for more details.