General Introduction
Agentic Security is an open source LLM (Large Language Model) vulnerability scanning tool designed to provide developers and security professionals with comprehensive fuzz testing and attack techniques. The tool supports custom rule sets or agent-based attacks, is able to integrate LLM APIs for stress testing, and offers a wide range of fuzz testing and attack techniques.Agentic Security was originally designed as a security scanning tool to help identify and fix potential security vulnerabilities, but does not guarantee complete protection against all possible threats.
Function List
- Customized Rule Sets: Supports user-defined security scanning rules based on requirements.
- proxy attack: Agent-based attack simulation to test the security of the system.
- Full fuzzy test: Perform a comprehensive fuzz test against any LLM to identify potential vulnerabilities.
- LLM API Integration: Supports integration with various LLM APIs for stress testing and security assessment.
- Multi-step attack simulation: Supports multi-step attack simulation to test the performance of the system in complex attack scenarios.
- Dataset Import: Supports user import of customized datasets for testing.
Using Help
Installation process
- installer: Install the Agentic Security package using pip:
pip install agentic_security
- launch an application: Once the installation is complete, Agentic Security can be started with the following command:
python -m agentic_security
or
agentic_security --help
Functional operation flow
- Initialization Configuration: The configuration file needs to be initialized the first time it is used:
agentic_security init
This will generate the default configuration fileagesec.toml, the user can modify the configuration according to the needs.
- running scan: Use the following command to run a security scan:
agentic_security --port=PORT --host=HOST
included among thesePORTcap (a poem)HOSTIt can be set according to the actual situation.
- Customized Rule Sets: Users can customize the security scanning rules in the configuration file in the following format:
[general]
llmSpec = """
POST http://0.0.0.0:8718/v1/self-probe
Authorization: Bearer XXXXX
Content-Type: application/json
{
"prompt":"<>"
}
"""
maxBudget = 1000000
max_th = 0.3
optimize = false
enableMultiStepAttack = false
- Importing data sets: Users can place custom datasets (CSV files) in a specified directory, which will be automatically loaded at startup:
agentic_security.probe_data.data:load_local_csv
- Run a CI check: Agentic Security can be integrated into the CI/CD process to automate security scanning:
agentic_security ci-check
Detailed Functions
- Customized Rule Sets: Users can customize the security scanning rules according to their specific needs and flexibly respond to different security testing scenarios.
- proxy attack: Test the security and stability of the system in the face of proxy attacks by simulating proxy attacks.
- Full fuzzy test: Conduct comprehensive fuzz testing for LLM to identify potential security vulnerabilities and ensure system security.
- LLM API Integration: Supports integration with various LLM APIs for stress testing and security assessment to ensure system stability under high load.
- Multi-step attack simulation: Supports multi-step attack simulation to test the performance of the system under complex attack scenarios and help identify potential security risks.
- Dataset Import: Users can import customized datasets for testing and flexibly respond to different testing needs.
English 
简体中文 
日本語 
Deutsch (Sie) 
Português do Brasil