pentest-ai-llm-security
Pentest AI/LLM Security
Purpose
AI-integrated applications introduce entirely new attack surfaces. Prompt injection is the "SQLi of AI." Neither Shannon nor any existing skill addresses this domain. OWASP LLM Top 10 (2025) defines the methodology.
Prerequisites
Authorization Requirements
- Written authorization with AI/LLM testing scope explicitly included
- Model access details — API endpoints, model versions, tool/function access
- Data sensitivity classification — what data the LLM can access
- Rate limit awareness — LLM API costs can escalate quickly
Environment Setup
- Garak for automated LLM vulnerability scanning
- Burp Suite for API interception of LLM requests/responses
- Python scripts for custom prompt injection payloads
- Local proxy to capture full request/response chains
More from jd-opensource/joysafeter
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
89pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
59pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
58pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
54pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
52pentest-ctf-binary
Binary exploitation (Pwn) and reverse engineering tools for CTF challenges and software analysis.
50