ai templates + profile

cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml

@@ -11,7 +11,7 @@ info:
     Configure your Azure OpenAI instances to use Customer-Managed Keys by setting up encryption key attributes in the Azure Key Vault and then linking them to your OpenAI service instances.
   reference:
     - https://docs.microsoft.com/en-us/azure/cognitive-services/encryption-key-management
-  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config
+  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai
 
 flow: |
   code(1);

cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml

@@ -11,7 +11,7 @@ info:
     Configure your Azure OpenAI service instances to use either system-assigned or user-assigned managed identities to enhance security and simplify resource access management.
   reference:
     - https://docs.microsoft.com/en-us/azure/cognitive-services/authentication
-  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config
+  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai
 
 flow: |
   code(1);

cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml

@@ -11,7 +11,7 @@ info:
     Configure all Azure OpenAI service instances to use private endpoints to enhance security and ensure that these instances are not accessible over the public internet.
   reference:
     - https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
-  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config
+  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai
 
 flow: |
   code(1);

cloud/azure/aiservices/azure-openai-public-access-disabled.yaml

@@ -11,7 +11,7 @@ info:
     Configure the Azure OpenAI service instances to disable public network access to secure them against unauthorized external access.
   reference:
     - https://docs.microsoft.com/en-us/azure/cognitive-services/cognitive-services-apis-create-account-cli?tabs=windows
-  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config
+  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai
 
 flow: |
   code(1);

file/keys/huggingface/huggingface-user-access.yaml

@@ -9,7 +9,7 @@ info:
     - https://huggingface.co/docs/hub/security-tokens
   metadata:
     verified: true
-  tags: huggingface,keys,file
+  tags: huggingface,keys,file,ai
 
 file:
   - extensions:

file/keys/openai-key.yaml

@@ -10,7 +10,7 @@ info:
     - https://platform.openai.com/docs/api-reference/authentication
   metadata:
     verified: true
-  tags: file,keys,openai,token
+  tags: file,keys,openai,token,ai
 file:
   - extensions:
       - all

http/cves/2024/CVE-2024-37032.yaml

@@ -24,7 +24,7 @@ info:
     vendor: ollama
     product: ollama
     shodan-query: ollama
-  tags: cve,cve2024,ollama,rce,vkev,vuln
+  tags: cve,cve2024,ollama,rce,ai,vkev,vuln
 
 http:
   - raw:

http/exposed-panels/ollama-llm-panel.yaml

@@ -16,7 +16,7 @@ info:
     zoomeye-query: app="Ollama"
     product: ollama
     vendor: ollama
-  tags: panel,ollama,llm,detect,discovery
+  tags: panel,ollama,llm,detect,discovery,ai
 
 http:
   - method: GET

http/exposed-panels/privategpt-detect.yaml

@@ -13,7 +13,7 @@ info:
     max-request: 1
     shodan-query: html:"private gpt"
     product: private-gpt
-  tags: panel,privategpt,detect,discovery
+  tags: panel,privategpt,detect,discovery,ai
 
 http:
   - method: GET

http/exposed-panels/scribble-diffusion-panel.yaml

@@ -13,7 +13,7 @@ info:
     verified: true
     max-request: 1
     shodan-query: title:"Scribble Diffusion"
-  tags: panel,scribble,detect,discovery
+  tags: panel,scribble,detect,discovery,ai
 
 http:
   - method: GET

http/exposures/tokens/huggingface/huggingface-user-access-token.yaml

@@ -10,7 +10,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: huggingface,exposure,tokens,vuln
+  tags: huggingface,exposure,tokens,vuln,ai
 
 http:
   - method: GET

http/exposures/tokens/openai/openai-admin-api-key.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: openai,exposure,tokens,vuln
+  tags: openai,exposure,tokens,vuln,ai
 
 http:
   - method: GET

http/exposures/tokens/openai/openai-api-key.yaml

@@ -12,7 +12,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: openai,token,exposure,vuln
+  tags: openai,token,exposure,vuln,ai
 
 http:
   - method: GET

http/exposures/tokens/openai/openai-service-account-api-key.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: openai,exposure,tokens,vuln
+  tags: openai,exposure,tokens,vuln,ai
 
 http:
   - method: GET

http/misconfiguration/chatgpt-web-unauth.yaml

@@ -13,7 +13,7 @@ info:
     vendor: chanzhaoyu
     product: chatgpt_web
     fofa-query: app="Chatgpt-web"
-  tags: chatgpt,unauth,misconfig,vuln
+  tags: chatgpt,unauth,misconfig,vuln,ai
 
 http:
   - raw:

http/osint/phishing/openai-phish.yaml

@@ -10,7 +10,7 @@ info:
     - https://openai.com
   metadata:
     max-request: 1
-  tags: phishing,openai,osint,discovery
+  tags: phishing,openai,osint,discovery,ai
 http:
   - method: GET
     path:

http/osint/user-enumeration/hugging-face.yaml

@@ -11,7 +11,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 1
-  tags: osint,osint-tech,hugging-face,discovery
+  tags: osint,osint-tech,hugging-face,discovery,ai
 
 self-contained: true
 

http/technologies/lollms-webui-detect.yaml

@@ -13,7 +13,7 @@ info:
     verified: true
     max-request: 1
     fofa-query: "LoLLMS WebUI - Welcome"
-  tags: lollms-webui,tech,detect,discovery
+  tags: lollms-webui,tech,detect,discovery,ai
 
 http:
   - method: GET

http/technologies/mcp-inspector-detect.yaml

@@ -11,7 +11,7 @@ info:
   metadata:
     verified: true
     fofa-query: title="MCP Inspector"
-  tags: tech,mcp,anthropic,discovery
+  tags: tech,mcp,anthropic,discovery,ai
 
 flow: http(1) && http(2)
 

http/technologies/nextchat-detect.yaml

@@ -13,7 +13,7 @@ info:
     max-request: 1
     shodan-query: title:"NextChat"
     fofa-query: title="NextChat"
-  tags: tech,chatgpt,nextchat,detect,discovery
+  tags: tech,chatgpt,nextchat,detect,discovery,ai
 
 http:
   - method: GET

http/technologies/openai-plugin.yaml

@@ -11,7 +11,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: tech,openai,plugin,discovery
+  tags: tech,openai,plugin,discovery,ai
 
 http:
   - method: GET

http/token-spray/api-openai.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: token-spray,openai
+  tags: token-spray,openai,ai
 
 self-contained: true
 

profiles/ai.yml

@@ -0,0 +1,21 @@
+# Nuclei Configuration Profile for AI Security Testing
+#
+# With the rapid adoption of AI and LLM technologies across industries, securing AI infrastructure
+# has become critical. Organizations are deploying AI models, vector databases, ML platforms, and
+# LLM applications at an unprecedented pace, often without proper security assessments.
+#
+# Purpose:
+# This profile enables comprehensive security testing of AI ecosystems, covering:
+# - LLM Application Security: Prompt injection, jailbreaks, data exfiltration, code execution
+# - AI Infrastructure: Jupyter notebooks, MLflow, Kubeflow, TensorBoard, model serving platforms
+# - Vector Databases: Milvus, Weaviate, Qdrant exposures and misconfigurations
+# - ML Platforms: Databricks, H2O.ai, Vertex AI, Azure OpenAI misconfiguration
+# - AI Services: OpenAI, HuggingFace, Anthropic API key leaks and unauthorized access
+# - Model Serving: TorchServe, Triton, BentoML, Gradio vulnerabilities
+# - AI Development Tools: Streamlit, Ollama, PrivateGPT, MCP servers
+#
+# Running this profile
+# nuclei -profile ai -u https://example.com
+
+tags:
+  - ai