Best AI tools for< Find Vulnerabilities >
20 - AI tool Sites
VIDOC
VIDOC is an AI-powered security engineer that automates code review and penetration testing. It continuously scans and reviews code to detect and fix security issues, helping developers deliver secure software faster. VIDOC is easy to use, requiring only two lines of code to be added to a GitHub Actions workflow. It then takes care of the rest, providing developers with a tailored code solution to fix any issues found.
GitHub
GitHub is the world's leading AI-powered developer platform that offers a wide range of features to automate workflows, enhance security, and improve collaboration. With tools like GitHub Copilot, developers can write better code with AI assistance, while GitHub Actions and Codespaces streamline development processes. The platform also focuses on productivity, security, and collaboration, empowering developers to accelerate innovation and work more efficiently together. GitHub is trusted by leading organizations worldwide and provides advanced security features to secure code and prevent vulnerabilities.
Escape
Escape is an AI-powered API Security Platform that offers Automated API Discovery & Security solutions. It reinvents API security by providing visibility into all APIs in minutes, prioritizing vulnerabilities, offering actionable fixes, and ensuring compliance with industry standards like OWASP API Security Top 10, HIPAA, GDPR, and PCI DSS. The platform features an AI-powered proprietary algorithm for API exploration, contextual risk assessment, custom security rules, and developer-friendly remediation guidance. Escape helps users proactively detect advanced security flaws, shift left with continuous security in CI/CD, discover API attack surfaces, find business logic flaws, and simplify compliance management.
Find AI
Find AI is an AI-powered search engine that provides users with advanced search capabilities to unlock contact details and gain more accurate insights. The platform caters to individuals and companies looking to research people, companies, startups, founders, and more. Users can access email addresses and premium search features to explore a wide range of data related to various industries and sectors. Find AI offers a user-friendly interface and efficient search algorithms to deliver relevant results in a timely manner.
Find your next book
Find your next book is an AI-powered librarian that provides personalized book recommendations based on your preferences. It uses advanced algorithms to analyze your reading history, interests, and other factors to suggest books that you're likely to enjoy. The platform offers a wide range of genres and authors to choose from, making it easy to find your next favorite read.
Find Your AIs
Find Your AIs is an AI directory website that showcases a wide range of AI tools and applications. It offers a platform for users to explore and discover various AI-powered solutions across different categories such as digital wellness, marketing, text-to-image generation, resume customization, and more. The website aims to connect users with innovative AI technologies to enhance their daily lives and work efficiency.
Find My Remote
Find My Remote is an AI-powered job search platform that streamlines the job hunting process by leveraging artificial intelligence to find and structure job postings from various ATS platforms. Users can set their job preferences, receive personalized job matches, and save time by applying to curated job listings. The platform offers exclusive job opportunities not typically found on popular job search websites like LinkedIn. With features such as job discovery, application tracking, and faster application process, Find My Remote aims to revolutionize the way job seekers find and apply for jobs.
Find New AI
Find New AI is a comprehensive platform offering a variety of AI tools and efficiency solutions for different purposes such as SEO, content creation, marketing, link building, image manipulation, and more. The website provides reviews, tutorials, and guides on utilizing AI software effectively to enhance productivity and creativity in various domains.
Find My Size
The website 'Find My Size' offers personalized size recommendations for exclusive deals at hundreds of top retailers. Users can find the perfect fit and the best deals across various categories like active & sportswear, young contemporary, business & workwear, lingerie & sleepwear, outerwear, maternity wear, plus size apparel, swimwear, and more. The platform aims to enhance the shopping experience by providing tailored size suggestions for users to make informed purchasing decisions.
Prolific
Prolific is a platform that allows users to quickly find research participants they can trust. It offers a diverse participant pool, including domain experts and API integration. Prolific ensures high-quality human-powered datasets in less than 2 hours, trusted by over 3000 organizations. The platform is designed for ease of use, with self-serve options and scalability. It provides rich, accurate, and comprehensive responses from engaged participants, verified through manual and algorithmic quality checks.
PimEyes
PimEyes is an online face search engine that uses face recognition technology to find pictures containing given faces. It is a great tool to audit copyright infringement, protect your privacy, and find people.
Font Finder
Font Finder by What Font Is is an AI-powered tool that allows users to identify any font from any image, whether commercial or free. Users can upload an image, and the tool will match it with over 990K+ fonts, providing both commercial and free options. The tool then displays more than 60 similar fonts, helping users find the exact font they are looking for. Font Finder aims to make font identification easy and accessible, regardless of the font's source or origin.
Lexology
Lexology is a next-generation search tool designed to help users find the right lawyer for their needs. It offers a wide range of resources, including practical analysis, in-depth research tools, primary sources, and expert reports. The platform aims to be a go-to resource for legal professionals and individuals seeking legal expertise.
Futurepedia
Futurepedia is a leading AI resource platform dedicated to empowering professionals across various industries to leverage AI technologies for innovation and growth. Our platform offers comprehensive directories, easy-to-follow guides, a weekly newsletter, and an informative YouTube channel, simplifying AI integration into professional practices. Committed to making AI understandable and practical, we provide resources tailored to diverse professional needs, fostering a community where more than 200,000 professionals share knowledge and experiences.
GrabJobs
GrabJobs is an AI-powered job search platform that helps job seekers find the best jobs and grow their careers. With millions of job opportunities from industry-leading companies, GrabJobs makes it easy to find the perfect job for your skills and experience. Our AI-driven job recommendations and chat-based job applications make the job search process faster and more efficient. Plus, our time-saving automated applications ensure that you can apply to more jobs in less time.
Connected Papers
Connected Papers is a search engine for academic papers that uses artificial intelligence to help users find and explore relevant research. It allows users to search for papers by keyword, author, or title, and then explore the connections between them. Connected Papers also provides a variety of tools to help users organize and manage their research, including the ability to create custom collections of papers, add notes and annotations, and share their research with others.
Future Tools
Future Tools is a website that collects and organizes AI tools. It provides a comprehensive list of AI tools categorized into various domains, including AI detection, aggregators, avatar chat, copywriting, finance, gaming, generative art, generative code, generative video, image improvement, image scanning, inspiration, marketing, motion capture, music, podcasting, productivity, prompt guides, research, self-improvement, social media, speech-to-text, text-to-speech, text-to-video, translation, video editing, and voice modulation. The website also offers a search bar to help users find specific tools based on their needs.
Prolific
Prolific is a platform that helps users quickly find research participants they can trust. It offers free representative samples, a participant pool of domain experts, the ability to bring your own participants, and an API for integration. Prolific ensures data quality by verifying participants with bank-grade ID checks, ongoing checks to identify bots, and no AI participants. The platform allows users to easily set up accounts, access rich and comprehensive responses, and scale research projects efficiently.
Inven
Inven is an AI-powered company data platform that helps professionals in private equity, investment banking, business brokerage, consulting, and corporate development find companies faster and more efficiently. With Inven, users can access a database of over 23 million companies and 430 million contacts in over 160 countries. Inven's AI algorithms and NLP solutions analyze millions of data points from a wide range of sources to give users actionable insights on any niche.
Everypixel
Everypixel is a stock image search engine powered by AI that provides access to more than 50 best sources of free and premium images. Users can search for images using keywords or by pasting the image URL. The platform offers a wide range of images, including exclusive patterns, vectors, and microstock photos. Everypixel aims to simplify the process of finding high-quality images for personal or commercial use by leveraging AI technology to enhance search capabilities.
20 - Open Source AI Tools
awesome-gpt-security
Awesome GPT + Security is a curated list of awesome security tools, experimental case or other interesting things with LLM or GPT. It includes tools for integrated security, auditing, reconnaissance, offensive security, detecting security issues, preventing security breaches, social engineering, reverse engineering, investigating security incidents, fixing security vulnerabilities, assessing security posture, and more. The list also includes experimental cases, academic research, blogs, and fun projects related to GPT security. Additionally, it provides resources on GPT security standards, bypassing security policies, bug bounty programs, cracking GPT APIs, and plugin security.
PromptFuzz
**Description:** PromptFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts. The fuzz loop of PromptFuzz aims to guide the mutation of LLMs' prompts to generate programs that cover more reachable code and explore complex API interrelationships, which are effective for fuzzing. **Features:** * **Multiply LLM support** : Supports the general LLMs: Codex, Inocder, ChatGPT, and GPT4 (Currently tested on ChatGPT). * **Context-based Prompt** : Construct LLM prompts with the automatically extracted library context. * **Powerful Sanitization** : The program's syntax, semantics, behavior, and coverage are thoroughly analyzed to sanitize the problematic programs. * **Prioritized Mutation** : Prioritizes mutating the library API combinations within LLM's prompts to explore complex interrelationships, guided by code coverage. * **Fuzz Driver Exploitation** : Infers API constraints using statistics and extends fixed API arguments to receive random bytes from fuzzers. * **Fuzz engine integration** : Integrates with grey-box fuzz engine: LibFuzzer. **Benefits:** * **High branch coverage:** The fuzz drivers generated by PromptFuzz achieved a branch coverage of 40.12% on the tested libraries, which is 1.61x greater than _OSS-Fuzz_ and 1.67x greater than _Hopper_. * **Bug detection:** PromptFuzz detected 33 valid security bugs from 49 unique crashes. * **Wide range of bugs:** The fuzz drivers generated by PromptFuzz can detect a wide range of bugs, most of which are security bugs. * **Unique bugs:** PromptFuzz detects uniquely interesting bugs that other fuzzers may miss. **Usage:** 1. Build the library using the provided build scripts. 2. Export the LLM API KEY if using ChatGPT or GPT4. 3. Generate fuzz drivers using the `fuzzer` command. 4. Run the fuzz drivers using the `harness` command. 5. Deduplicate and analyze the reported crashes. **Future Works:** * **Custom LLMs suport:** Support custom LLMs. * **Close-source libraries:** Apply PromptFuzz to close-source libraries by fine tuning LLMs on private code corpus. * **Performance** : Reduce the huge time cost required in erroneous program elimination.
code2prompt
code2prompt is a command-line tool that converts your codebase into a single LLM prompt with a source tree, prompt templating, and token counting. It automates generating LLM prompts from codebases of any size, customizing prompt generation with Handlebars templates, respecting .gitignore, filtering and excluding files using glob patterns, displaying token count, including Git diff output, copying prompt to clipboard, saving prompt to an output file, excluding files and folders, adding line numbers to source code blocks, and more. It helps streamline the process of creating LLM prompts for code analysis, generation, and other tasks.
hackingBuddyGPT
hackingBuddyGPT is a framework for testing LLM-based agents for security testing. It aims to create common ground truth by creating common security testbeds and benchmarks, evaluating multiple LLMs and techniques against those, and publishing prototypes and findings as open-source/open-access reports. The initial focus is on evaluating the efficiency of LLMs for Linux privilege escalation attacks, but the framework is being expanded to evaluate the use of LLMs for web penetration-testing and web API testing. hackingBuddyGPT is released as open-source to level the playing field for blue teams against APTs that have access to more sophisticated resources.
invariant
Invariant Analyzer is an open-source scanner designed for LLM-based AI agents to find bugs, vulnerabilities, and security threats. It scans agent execution traces to identify issues like looping behavior, data leaks, prompt injections, and unsafe code execution. The tool offers a library of built-in checkers, an expressive policy language, data flow analysis, real-time monitoring, and extensible architecture for custom checkers. It helps developers debug AI agents, scan for security violations, and prevent security issues and data breaches during runtime. The analyzer leverages deep contextual understanding and a purpose-built rule matching engine for security policy enforcement.
Academic_LLM_Sec_Papers
Academic_LLM_Sec_Papers is a curated collection of academic papers related to LLM Security Application. The repository includes papers sorted by conference name and published year, covering topics such as large language models for blockchain security, software engineering, machine learning, and more. Developers and researchers are welcome to contribute additional published papers to the list. The repository also provides information on listed conferences and journals related to security, networking, software engineering, and cryptography. The papers cover a wide range of topics including privacy risks, ethical concerns, vulnerabilities, threat modeling, code analysis, fuzzing, and more.
llm-adaptive-attacks
This repository contains code and results for jailbreaking leading safety-aligned LLMs with simple adaptive attacks. We show that even the most recent safety-aligned LLMs are not robust to simple adaptive jailbreaking attacks. We demonstrate how to successfully leverage access to logprobs for jailbreaking: we initially design an adversarial prompt template (sometimes adapted to the target LLM), and then we apply random search on a suffix to maximize the target logprob (e.g., of the token ``Sure''), potentially with multiple restarts. In this way, we achieve nearly 100% attack success rate---according to GPT-4 as a judge---on GPT-3.5/4, Llama-2-Chat-7B/13B/70B, Gemma-7B, and R2D2 from HarmBench that was adversarially trained against the GCG attack. We also show how to jailbreak all Claude models---that do not expose logprobs---via either a transfer or prefilling attack with 100% success rate. In addition, we show how to use random search on a restricted set of tokens for finding trojan strings in poisoned models---a task that shares many similarities with jailbreaking---which is the algorithm that brought us the first place in the SaTML'24 Trojan Detection Competition. The common theme behind these attacks is that adaptivity is crucial: different models are vulnerable to different prompting templates (e.g., R2D2 is very sensitive to in-context learning prompts), some models have unique vulnerabilities based on their APIs (e.g., prefilling for Claude), and in some settings it is crucial to restrict the token search space based on prior knowledge (e.g., for trojan detection).
openshield
OpenShield is a firewall designed for AI models to protect against various attacks such as prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency granting, overreliance, and model theft. It provides rate limiting, content filtering, and keyword filtering for AI models. The tool acts as a transparent proxy between AI models and clients, allowing users to set custom rate limits for OpenAI endpoints and perform tokenizer calculations for OpenAI models. OpenShield also supports Python and LLM based rules, with upcoming features including rate limiting per user and model, prompts manager, content filtering, keyword filtering based on LLM/Vector models, OpenMeter integration, and VectorDB integration. The tool requires an OpenAI API key, Postgres, and Redis for operation.
Awesome-Code-LLM
Analyze the following text from a github repository (name and readme text at end) . Then, generate a JSON object with the following keys and provide the corresponding information for each key, in lowercase letters: 'description' (detailed description of the repo, must be less than 400 words,Ensure that no line breaks and quotation marks.),'for_jobs' (List 5 jobs suitable for this tool,in lowercase letters), 'ai_keywords' (keywords of the tool,user may use those keyword to find the tool,in lowercase letters), 'for_tasks' (list of 5 specific tasks user can use this tool to do,in lowercase letters), 'answer' (in english languages)
ai-goat
AI Goat is a tool designed to help users learn about AI security through a series of vulnerable LLM CTF challenges. It allows users to run everything locally on their system without the need for sign-ups or cloud fees. The tool focuses on exploring security risks associated with large language models (LLMs) like ChatGPT, providing practical experience for security researchers to understand vulnerabilities and exploitation techniques. AI Goat uses the Vicuna LLM, derived from Meta's LLaMA and ChatGPT's response data, to create challenges that involve prompt injections, insecure output handling, and other LLM security threats. The tool also includes a prebuilt Docker image, ai-base, containing all necessary libraries to run the LLM and challenges, along with an optional CTFd container for challenge management and flag submission.
Awesome-Jailbreak-on-LLMs
Awesome-Jailbreak-on-LLMs is a collection of state-of-the-art, novel, and exciting jailbreak methods on Large Language Models (LLMs). The repository contains papers, codes, datasets, evaluations, and analyses related to jailbreak attacks on LLMs. It serves as a comprehensive resource for researchers and practitioners interested in exploring various jailbreak techniques and defenses in the context of LLMs. Contributions such as additional jailbreak-related content, pull requests, and issue reports are welcome, and contributors are acknowledged. For any inquiries or issues, contact [email protected]. If you find this repository useful for your research or work, consider starring it to show appreciation.
LLM-PLSE-paper
LLM-PLSE-paper is a repository focused on the applications of Large Language Models (LLMs) in Programming Language and Software Engineering (PL/SE) domains. It covers a wide range of topics including bug detection, specification inference and verification, code generation, fuzzing and testing, code model and reasoning, code understanding, IDE technologies, prompting for reasoning tasks, and agent/tool usage and planning. The repository provides a comprehensive collection of research papers, benchmarks, empirical studies, and frameworks related to the capabilities of LLMs in various PL/SE tasks.
watchtower
AIShield Watchtower is a tool designed to fortify the security of AI/ML models and Jupyter notebooks by automating model and notebook discoveries, conducting vulnerability scans, and categorizing risks into 'low,' 'medium,' 'high,' and 'critical' levels. It supports scanning of public GitHub repositories, Hugging Face repositories, AWS S3 buckets, and local systems. The tool generates comprehensive reports, offers a user-friendly interface, and aligns with industry standards like OWASP, MITRE, and CWE. It aims to address the security blind spots surrounding Jupyter notebooks and AI models, providing organizations with a tailored approach to enhancing their security efforts.
garak
Garak is a free tool that checks if a Large Language Model (LLM) can be made to fail in a way that is undesirable. It probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. Garak's a free tool. We love developing it and are always interested in adding functionality to support applications.
Awesome_GPT_Super_Prompting
Awesome_GPT_Super_Prompting is a repository that provides resources related to Jailbreaks, Leaks, Injections, Libraries, Attack, Defense, and Prompt Engineering. It includes information on ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, and Adversarial Machine Learning. The repository contains curated lists of repositories, tools, and resources related to GPTs, prompt engineering, prompt libraries, and secure prompting. It also offers insights into Cyber-Albsecop GPT Agents and Super Prompts for custom GPT usage.
open-ai
Open AI is a powerful tool for artificial intelligence research and development. It provides a wide range of machine learning models and algorithms, making it easier for developers to create innovative AI applications. With Open AI, users can explore cutting-edge technologies such as natural language processing, computer vision, and reinforcement learning. The platform offers a user-friendly interface and comprehensive documentation to support users in building and deploying AI solutions. Whether you are a beginner or an experienced AI practitioner, Open AI offers the tools and resources you need to accelerate your AI projects and stay ahead in the rapidly evolving field of artificial intelligence.
promptfoo
Promptfoo is a tool for testing and evaluating LLM output quality. With promptfoo, you can build reliable prompts, models, and RAGs with benchmarks specific to your use-case, speed up evaluations with caching, concurrency, and live reloading, score outputs automatically by defining metrics, use as a CLI, library, or in CI/CD, and use OpenAI, Anthropic, Azure, Google, HuggingFace, open-source models like Llama, or integrate custom API providers for any LLM API.
awesome-MLSecOps
Awesome MLSecOps is a curated list of open-source tools, resources, and tutorials for MLSecOps (Machine Learning Security Operations). It includes a wide range of security tools and libraries for protecting machine learning models against adversarial attacks, as well as resources for AI security, data anonymization, model security, and more. The repository aims to provide a comprehensive collection of tools and information to help users secure their machine learning systems and infrastructure.
llms-interview-questions
This repository contains a comprehensive collection of 63 must-know Large Language Models (LLMs) interview questions. It covers topics such as the architecture of LLMs, transformer models, attention mechanisms, training processes, encoder-decoder frameworks, differences between LLMs and traditional statistical language models, handling context and long-term dependencies, transformers for parallelization, applications of LLMs, sentiment analysis, language translation, conversation AI, chatbots, and more. The readme provides detailed explanations, code examples, and insights into utilizing LLMs for various tasks.
20 - OpenAI Gpts
HackingPT
HackingPT is a specialized language model focused on cybersecurity and penetration testing, committed to providing precise and in-depth insights in these fields.
RobotGPT
Expert in ethical hacking, leveraging https://pentestbook.six2dez.com/ and https://book.hacktricks.xyz resources for CTFs and challenges.
PentestGPT
A cybersecurity expert aiding in penetration testing. Check repo: https://github.com/GreyDGL/PentestGPT
IDA Pro Plugins recommendation expert.
Ask me to recommend a plugin or script from the official Hex-Rays plugin repository
IAC Code Guardian
Introducing IAC Code Guardian: Your Trusted IaC Security Expert in Scanning Opentofu, Terrform, AWS Cloudformation, Pulumi, K8s Yaml & Dockerfile
NVD - CVE Research Assistant
Expert in CVEs and cybersecurity vulnerabilities, providing precise information from the National Vulnerability Database.
GetPaths
This GPT takes in content related to an application, such as HTTP traffic, JavaScript files, source code, etc., and outputs lists of URLs that can be used for further testing.
Solidity Contract Auditor
Auditor for Solidity contracts, focusing on security, bug-finding and gas efficiency.
Find a Lawyer
Assists in finding suitable lawyers based on user needs. Disclaimer - always do your own extra research