diff --git a/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml b/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml index c00ec917c30..df6d34164ce 100644 --- a/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml +++ b/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml @@ -11,7 +11,7 @@ info: Configure your Azure OpenAI instances to use Customer-Managed Keys by setting up encryption key attributes in the Azure Key Vault and then linking them to your OpenAI service instances. reference: - https://docs.microsoft.com/en-us/azure/cognitive-services/encryption-key-management - tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai flow: | code(1); diff --git a/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml b/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml index 6b1c7c7cd05..7363b0c1242 100644 --- a/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml +++ b/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml @@ -11,7 +11,7 @@ info: Configure your Azure OpenAI service instances to use either system-assigned or user-assigned managed identities to enhance security and simplify resource access management. reference: - https://docs.microsoft.com/en-us/azure/cognitive-services/authentication - tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai flow: | code(1); diff --git a/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml b/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml index 14a6e9c84f7..4ab63c3149f 100644 --- a/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml +++ b/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml @@ -11,7 +11,7 @@ info: Configure all Azure OpenAI service instances to use private endpoints to enhance security and ensure that these instances are not accessible over the public internet. reference: - https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview - tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai flow: | code(1); diff --git a/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml b/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml index 8f48301481d..78ae83c9cde 100644 --- a/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml +++ b/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml @@ -11,7 +11,7 @@ info: Configure the Azure OpenAI service instances to disable public network access to secure them against unauthorized external access. reference: - https://docs.microsoft.com/en-us/azure/cognitive-services/cognitive-services-apis-create-account-cli?tabs=windows - tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + tags: cloud,devops,azure,microsoft,openai,azure-cloud-config,ai flow: | code(1); diff --git a/file/keys/huggingface/huggingface-user-access.yaml b/file/keys/huggingface/huggingface-user-access.yaml index 48c0a02894c..ac10d9db0df 100644 --- a/file/keys/huggingface/huggingface-user-access.yaml +++ b/file/keys/huggingface/huggingface-user-access.yaml @@ -9,7 +9,7 @@ info: - https://huggingface.co/docs/hub/security-tokens metadata: verified: true - tags: huggingface,keys,file + tags: huggingface,keys,file,ai file: - extensions: diff --git a/file/keys/openai-key.yaml b/file/keys/openai-key.yaml index 1f595f5fd52..d2e9282c1d2 100644 --- a/file/keys/openai-key.yaml +++ b/file/keys/openai-key.yaml @@ -10,7 +10,7 @@ info: - https://platform.openai.com/docs/api-reference/authentication metadata: verified: true - tags: file,keys,openai,token + tags: file,keys,openai,token,ai file: - extensions: - all diff --git a/http/cves/2024/CVE-2024-37032.yaml b/http/cves/2024/CVE-2024-37032.yaml index 7343b19eb63..f5004875e14 100644 --- a/http/cves/2024/CVE-2024-37032.yaml +++ b/http/cves/2024/CVE-2024-37032.yaml @@ -24,7 +24,7 @@ info: vendor: ollama product: ollama shodan-query: ollama - tags: cve,cve2024,ollama,rce,vkev,vuln + tags: cve,cve2024,ollama,rce,ai,vkev,vuln http: - raw: diff --git a/http/exposed-panels/ollama-llm-panel.yaml b/http/exposed-panels/ollama-llm-panel.yaml index 823c61b0eef..0b41b30ff98 100644 --- a/http/exposed-panels/ollama-llm-panel.yaml +++ b/http/exposed-panels/ollama-llm-panel.yaml @@ -16,7 +16,7 @@ info: zoomeye-query: app="Ollama" product: ollama vendor: ollama - tags: panel,ollama,llm,detect,discovery + tags: panel,ollama,llm,detect,discovery,ai http: - method: GET diff --git a/http/exposed-panels/privategpt-detect.yaml b/http/exposed-panels/privategpt-detect.yaml index 9a9675295ad..8b23bf49d36 100644 --- a/http/exposed-panels/privategpt-detect.yaml +++ b/http/exposed-panels/privategpt-detect.yaml @@ -13,7 +13,7 @@ info: max-request: 1 shodan-query: html:"private gpt" product: private-gpt - tags: panel,privategpt,detect,discovery + tags: panel,privategpt,detect,discovery,ai http: - method: GET diff --git a/http/exposed-panels/scribble-diffusion-panel.yaml b/http/exposed-panels/scribble-diffusion-panel.yaml index 1d7a821f04c..46ceebd6199 100644 --- a/http/exposed-panels/scribble-diffusion-panel.yaml +++ b/http/exposed-panels/scribble-diffusion-panel.yaml @@ -13,7 +13,7 @@ info: verified: true max-request: 1 shodan-query: title:"Scribble Diffusion" - tags: panel,scribble,detect,discovery + tags: panel,scribble,detect,discovery,ai http: - method: GET diff --git a/http/exposures/tokens/huggingface/huggingface-user-access-token.yaml b/http/exposures/tokens/huggingface/huggingface-user-access-token.yaml index 73f070cc10e..3b06d43fdfb 100644 --- a/http/exposures/tokens/huggingface/huggingface-user-access-token.yaml +++ b/http/exposures/tokens/huggingface/huggingface-user-access-token.yaml @@ -10,7 +10,7 @@ info: metadata: verified: true max-request: 1 - tags: huggingface,exposure,tokens,vuln + tags: huggingface,exposure,tokens,vuln,ai http: - method: GET diff --git a/http/exposures/tokens/openai/openai-admin-api-key.yaml b/http/exposures/tokens/openai/openai-admin-api-key.yaml index 2c46cf98ccd..e0a689b165e 100644 --- a/http/exposures/tokens/openai/openai-admin-api-key.yaml +++ b/http/exposures/tokens/openai/openai-admin-api-key.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true max-request: 1 - tags: openai,exposure,tokens,vuln + tags: openai,exposure,tokens,vuln,ai http: - method: GET diff --git a/http/exposures/tokens/openai/openai-api-key.yaml b/http/exposures/tokens/openai/openai-api-key.yaml index 84d89ae1e42..d72b5fca427 100644 --- a/http/exposures/tokens/openai/openai-api-key.yaml +++ b/http/exposures/tokens/openai/openai-api-key.yaml @@ -12,7 +12,7 @@ info: metadata: verified: true max-request: 1 - tags: openai,token,exposure,vuln + tags: openai,token,exposure,vuln,ai http: - method: GET diff --git a/http/exposures/tokens/openai/openai-service-account-api-key.yaml b/http/exposures/tokens/openai/openai-service-account-api-key.yaml index a143144c4bb..066e36fddec 100644 --- a/http/exposures/tokens/openai/openai-service-account-api-key.yaml +++ b/http/exposures/tokens/openai/openai-service-account-api-key.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true max-request: 1 - tags: openai,exposure,tokens,vuln + tags: openai,exposure,tokens,vuln,ai http: - method: GET diff --git a/http/misconfiguration/chatgpt-web-unauth.yaml b/http/misconfiguration/chatgpt-web-unauth.yaml index 53fb3bc88c0..b72cb57ae56 100644 --- a/http/misconfiguration/chatgpt-web-unauth.yaml +++ b/http/misconfiguration/chatgpt-web-unauth.yaml @@ -13,7 +13,7 @@ info: vendor: chanzhaoyu product: chatgpt_web fofa-query: app="Chatgpt-web" - tags: chatgpt,unauth,misconfig,vuln + tags: chatgpt,unauth,misconfig,vuln,ai http: - raw: diff --git a/http/osint/phishing/openai-phish.yaml b/http/osint/phishing/openai-phish.yaml index 421798fc125..15121db1f36 100644 --- a/http/osint/phishing/openai-phish.yaml +++ b/http/osint/phishing/openai-phish.yaml @@ -10,7 +10,7 @@ info: - https://openai.com metadata: max-request: 1 - tags: phishing,openai,osint,discovery + tags: phishing,openai,osint,discovery,ai http: - method: GET path: diff --git a/http/osint/user-enumeration/hugging-face.yaml b/http/osint/user-enumeration/hugging-face.yaml index 0e5df0c4ed9..741311b2050 100644 --- a/http/osint/user-enumeration/hugging-face.yaml +++ b/http/osint/user-enumeration/hugging-face.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: osint,osint-tech,hugging-face,discovery + tags: osint,osint-tech,hugging-face,discovery,ai self-contained: true diff --git a/http/technologies/lollms-webui-detect.yaml b/http/technologies/lollms-webui-detect.yaml index baa89e7b78e..ad8dde32b36 100644 --- a/http/technologies/lollms-webui-detect.yaml +++ b/http/technologies/lollms-webui-detect.yaml @@ -13,7 +13,7 @@ info: verified: true max-request: 1 fofa-query: "LoLLMS WebUI - Welcome" - tags: lollms-webui,tech,detect,discovery + tags: lollms-webui,tech,detect,discovery,ai http: - method: GET diff --git a/http/technologies/mcp-inspector-detect.yaml b/http/technologies/mcp-inspector-detect.yaml index ff79728e2e3..c9e83dfc430 100644 --- a/http/technologies/mcp-inspector-detect.yaml +++ b/http/technologies/mcp-inspector-detect.yaml @@ -11,7 +11,7 @@ info: metadata: verified: true fofa-query: title="MCP Inspector" - tags: tech,mcp,anthropic,discovery + tags: tech,mcp,anthropic,discovery,ai flow: http(1) && http(2) diff --git a/http/technologies/nextchat-detect.yaml b/http/technologies/nextchat-detect.yaml index 8ceef19396c..d25de707e82 100644 --- a/http/technologies/nextchat-detect.yaml +++ b/http/technologies/nextchat-detect.yaml @@ -13,7 +13,7 @@ info: max-request: 1 shodan-query: title:"NextChat" fofa-query: title="NextChat" - tags: tech,chatgpt,nextchat,detect,discovery + tags: tech,chatgpt,nextchat,detect,discovery,ai http: - method: GET diff --git a/http/technologies/openai-plugin.yaml b/http/technologies/openai-plugin.yaml index 6af3f890812..2a526e86f2a 100644 --- a/http/technologies/openai-plugin.yaml +++ b/http/technologies/openai-plugin.yaml @@ -11,7 +11,7 @@ info: metadata: verified: true max-request: 1 - tags: tech,openai,plugin,discovery + tags: tech,openai,plugin,discovery,ai http: - method: GET diff --git a/http/token-spray/api-openai.yaml b/http/token-spray/api-openai.yaml index e6501336767..fac663c3e35 100644 --- a/http/token-spray/api-openai.yaml +++ b/http/token-spray/api-openai.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true max-request: 1 - tags: token-spray,openai + tags: token-spray,openai,ai self-contained: true diff --git a/profiles/ai.yml b/profiles/ai.yml new file mode 100644 index 00000000000..3202e913f22 --- /dev/null +++ b/profiles/ai.yml @@ -0,0 +1,21 @@ +# Nuclei Configuration Profile for AI Security Testing +# +# With the rapid adoption of AI and LLM technologies across industries, securing AI infrastructure +# has become critical. Organizations are deploying AI models, vector databases, ML platforms, and +# LLM applications at an unprecedented pace, often without proper security assessments. +# +# Purpose: +# This profile enables comprehensive security testing of AI ecosystems, covering: +# - LLM Application Security: Prompt injection, jailbreaks, data exfiltration, code execution +# - AI Infrastructure: Jupyter notebooks, MLflow, Kubeflow, TensorBoard, model serving platforms +# - Vector Databases: Milvus, Weaviate, Qdrant exposures and misconfigurations +# - ML Platforms: Databricks, H2O.ai, Vertex AI, Azure OpenAI misconfiguration +# - AI Services: OpenAI, HuggingFace, Anthropic API key leaks and unauthorized access +# - Model Serving: TorchServe, Triton, BentoML, Gradio vulnerabilities +# - AI Development Tools: Streamlit, Ollama, PrivateGPT, MCP servers +# +# Running this profile +# nuclei -profile ai -u https://example.com + +tags: + - ai