├── .github └── CODEOWNERS ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── SECURITY.md ├── anything-llm ├── msfmodules │ └── anythingllm_db_export.py └── nuclei-templates │ ├── anythingllm-admin-account-creation.yaml │ └── anythingllm-pfp-lfi.yaml ├── bentoml ├── README.md ├── bentoml-rce.yaml └── bentoml_pickle_rce.py ├── fastapi ├── README.md ├── fastapi_dos.yaml └── flask_dos.py ├── gradio ├── README.md ├── gradio-lfi.yaml └── gradio_lfi.py ├── h2o ├── README.md ├── csrf-templates │ └── h2o-rce-csrf.html ├── msfmodules │ ├── h2o_importfiles_lfi.py │ ├── h2o_pojo_import_rce.py │ └── h2o_typehead_apl.py └── nuclei-templates │ ├── h2o-apl.yaml │ ├── h2o-dashboard.yaml │ ├── h2o-importfiles-lfi.yaml │ └── h2o-pojo-rce.yaml ├── mlflow ├── README.md ├── msfmodules │ └── mlflow_file_write.py └── nuclei-templates │ ├── mlflow-file-write.yaml │ ├── mlflow-model-versions-lfi.yaml │ └── mlflow-url-parsing-confusion-lfi.yaml ├── nmap-nse ├── README.md └── ai-tools.nse ├── ray ├── README.md ├── csrf-templates │ ├── ray-cmd-injection-csrf.html │ └── ray-job-rce-csrf.html ├── msfmodules │ ├── ray_cpuprofile_cmd_injection.py │ ├── ray_job_rce.py │ └── ray_lfi_static_file.py └── nuclei-templates │ ├── ray-cpuprofile-cmd-injection.yaml │ ├── ray-job-rce.yaml │ ├── ray-log-lfi.yaml │ └── ray-static-lfi.yaml └── triton ├── README.md ├── triton_file_write.py └── triton_model_rce.py /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | @badarahmed 2 | @seanpmorgan 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/.gitignore -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/SECURITY.md -------------------------------------------------------------------------------- /anything-llm/msfmodules/anythingllm_db_export.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/anything-llm/msfmodules/anythingllm_db_export.py -------------------------------------------------------------------------------- /anything-llm/nuclei-templates/anythingllm-admin-account-creation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/anything-llm/nuclei-templates/anythingllm-admin-account-creation.yaml -------------------------------------------------------------------------------- /anything-llm/nuclei-templates/anythingllm-pfp-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/anything-llm/nuclei-templates/anythingllm-pfp-lfi.yaml -------------------------------------------------------------------------------- /bentoml/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/bentoml/README.md -------------------------------------------------------------------------------- /bentoml/bentoml-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/bentoml/bentoml-rce.yaml -------------------------------------------------------------------------------- /bentoml/bentoml_pickle_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/bentoml/bentoml_pickle_rce.py -------------------------------------------------------------------------------- /fastapi/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/fastapi/README.md -------------------------------------------------------------------------------- /fastapi/fastapi_dos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/fastapi/fastapi_dos.yaml -------------------------------------------------------------------------------- /fastapi/flask_dos.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/fastapi/flask_dos.py -------------------------------------------------------------------------------- /gradio/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/gradio/README.md -------------------------------------------------------------------------------- /gradio/gradio-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/gradio/gradio-lfi.yaml -------------------------------------------------------------------------------- /gradio/gradio_lfi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/gradio/gradio_lfi.py -------------------------------------------------------------------------------- /h2o/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/README.md -------------------------------------------------------------------------------- /h2o/csrf-templates/h2o-rce-csrf.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/csrf-templates/h2o-rce-csrf.html -------------------------------------------------------------------------------- /h2o/msfmodules/h2o_importfiles_lfi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/msfmodules/h2o_importfiles_lfi.py -------------------------------------------------------------------------------- /h2o/msfmodules/h2o_pojo_import_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/msfmodules/h2o_pojo_import_rce.py -------------------------------------------------------------------------------- /h2o/msfmodules/h2o_typehead_apl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/msfmodules/h2o_typehead_apl.py -------------------------------------------------------------------------------- /h2o/nuclei-templates/h2o-apl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/nuclei-templates/h2o-apl.yaml -------------------------------------------------------------------------------- /h2o/nuclei-templates/h2o-dashboard.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/nuclei-templates/h2o-dashboard.yaml -------------------------------------------------------------------------------- /h2o/nuclei-templates/h2o-importfiles-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/nuclei-templates/h2o-importfiles-lfi.yaml -------------------------------------------------------------------------------- /h2o/nuclei-templates/h2o-pojo-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/h2o/nuclei-templates/h2o-pojo-rce.yaml -------------------------------------------------------------------------------- /mlflow/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/mlflow/README.md -------------------------------------------------------------------------------- /mlflow/msfmodules/mlflow_file_write.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/mlflow/msfmodules/mlflow_file_write.py -------------------------------------------------------------------------------- /mlflow/nuclei-templates/mlflow-file-write.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/mlflow/nuclei-templates/mlflow-file-write.yaml -------------------------------------------------------------------------------- /mlflow/nuclei-templates/mlflow-model-versions-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/mlflow/nuclei-templates/mlflow-model-versions-lfi.yaml -------------------------------------------------------------------------------- /mlflow/nuclei-templates/mlflow-url-parsing-confusion-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/mlflow/nuclei-templates/mlflow-url-parsing-confusion-lfi.yaml -------------------------------------------------------------------------------- /nmap-nse/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/nmap-nse/README.md -------------------------------------------------------------------------------- /nmap-nse/ai-tools.nse: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/nmap-nse/ai-tools.nse -------------------------------------------------------------------------------- /ray/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/README.md -------------------------------------------------------------------------------- /ray/csrf-templates/ray-cmd-injection-csrf.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/csrf-templates/ray-cmd-injection-csrf.html -------------------------------------------------------------------------------- /ray/csrf-templates/ray-job-rce-csrf.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/csrf-templates/ray-job-rce-csrf.html -------------------------------------------------------------------------------- /ray/msfmodules/ray_cpuprofile_cmd_injection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/msfmodules/ray_cpuprofile_cmd_injection.py -------------------------------------------------------------------------------- /ray/msfmodules/ray_job_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/msfmodules/ray_job_rce.py -------------------------------------------------------------------------------- /ray/msfmodules/ray_lfi_static_file.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/msfmodules/ray_lfi_static_file.py -------------------------------------------------------------------------------- /ray/nuclei-templates/ray-cpuprofile-cmd-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/nuclei-templates/ray-cpuprofile-cmd-injection.yaml -------------------------------------------------------------------------------- /ray/nuclei-templates/ray-job-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/nuclei-templates/ray-job-rce.yaml -------------------------------------------------------------------------------- /ray/nuclei-templates/ray-log-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/nuclei-templates/ray-log-lfi.yaml -------------------------------------------------------------------------------- /ray/nuclei-templates/ray-static-lfi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/ray/nuclei-templates/ray-static-lfi.yaml -------------------------------------------------------------------------------- /triton/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/triton/README.md -------------------------------------------------------------------------------- /triton/triton_file_write.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/triton/triton_file_write.py -------------------------------------------------------------------------------- /triton/triton_model_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/protectai/ai-exploits/HEAD/triton/triton_model_rce.py --------------------------------------------------------------------------------