Skip to content

Latest commit

 

History

History

README.md

GenAI Red Team Exploitations

This directory hosts a collection of exploitation and red team operations designed to facilitate Generative AI (GenAI) Red Teaming exercises against the local sandboxes.

Purpose

The goal of these exploitations is to demonstrate practical applications of both manual and automated red teaming techniques, including vulnerability scanning, adversarial prompting, and exploitation of known CVEs against Generative AI (GenAI) and agentic systems safely.

Contents

  • example/: A complete, end-to-end example of a manual red team operation against a local LLM sandbox. It uses a Python script to send adversarial payloads designed to test safety guardrails and demonstrate basic prompt injection techniques. This is a reusable template for Prompt Injection and Jailbreaking attacks.

  • agent0/: A complete, end-to-end, agentic example of a red-team operation against any local LLM sandbox. It orchestrates multiple autonomous agents (Agent0) to interact and attack the target application automatically.

  • garak/: A complete, end-to-end example using Garak, a specialized LLM vulnerability scanner, to probe local sandboxes for vulnerabilities mapping to the OWASP Top 10 for LLM Applications (e.g., prompt injection, output handling, sensitive information disclosure).

  • promptfoo/: A complete, end-to-end example of using Promptfoo, an LLM vulnerability scanner and evaluation tool, against a local LLM sandbox. It probes the applications to find vulnerabilities like prompt injection, hallucination, and PII leakage.

  • Langflow_v1.0.12/: Details the discovery and exploitation of CVE-2024-37014 (RCE via Custom Component) in the Langflow sandbox, demonstrating how an attacker can execute arbitrary system commands or establish a reverse shell.

  • LangGrinch/: A complete, end-to-end example of a manual red team operation against a local LLM sandbox with a known vulnerability (CVE-2025-68664, LangGrinch). It demonstrates how prompt injection can lead to credential exfiltration or Remote Code Execution (RCE) via unsafe object deserialization in langchain-core v1.2.4.

  • LocalAI_v2.17.1/: Demonstrates how to exploit CVE-2024-6868 (Tarslip) in the LocalAI sandbox. The exploit uses a custom Python script to upload a malicious tar file that writes files to arbitrary locations, leading to Remote Code Execution (RCE) by overwriting backend assets.

  • Ni8mare/: A complete, end-to-end example of exploiting the Ni8mare vulnerability (CVE-2026-21858) in a vulnerable n8n environment (via an Unauthenticated Arbitrary File Read flaw). It allows an attacker to extract administrative credentials without ever logging in.

  • n8n_RCE_via_file_write/: A complete, end-to-end example of exploiting CVE-2026-21877 in a vulnerable n8n instance. It demonstrates how an authenticated workflow injection can lead to Remote Code Execution (RCE) via arbitrary file write.

  • AdversarialGenerator/: A complete, automated system design and implementation for generating diverse, category-specific jailbreak and prompt-injection payloads, and executing them against a local LLM sandbox. It uses Python to run the attack pipeline and outputs detailed Markdown reports.

Usage

Each exploitation directory contains its own README.md with specific instructions on how to configure, run, and execute that particular attack. Please refer to the individual exploitation documentation for details.