Documentation
¶
Overview ¶
Package attacks provides the shared AttackModule interface and a global Registry for all attack modules. Each attack module self-registers via init() so that importing the module automatically makes it available.
Example registration in a module:
func init() {
attacks.DefaultRegistry.Register(&MyAttackModule{})
}
Index ¶
- Variables
- type AttackModule
- type Registry
- func (r *Registry) Categories() []common.AttackCategory
- func (r *Registry) Count() int
- func (r *Registry) Get(name string) (AttackModule, error)
- func (r *Registry) List() []AttackModule
- func (r *Registry) ListByCategory(category common.AttackCategory) []AttackModule
- func (r *Registry) Names() []string
- func (r *Registry) Register(module AttackModule)
Constants ¶
This section is empty.
Variables ¶
var DefaultRegistry = NewRegistry()
DefaultRegistry is the global registry that modules register with via init().
Functions ¶
This section is empty.
Types ¶
type AttackModule ¶
type AttackModule interface {
// Name returns a unique identifier for this module (e.g., "crescendo", "many_shot").
Name() string
// Category returns the attack category (e.g., CategoryInjection, CategoryReasoning).
Category() common.AttackCategory
// Description returns a human-readable description of what this module does.
Description() string
// Techniques returns the list of techniques this module provides.
Techniques() []common.TechniqueInfo
// Execute runs the attack with the given configuration and provider.
Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
}
AttackModule is the interface that all attack modules must implement. Modules self-register with the global DefaultRegistry via init().
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry manages registration and lookup of AttackModules.
func (*Registry) Categories ¶
func (r *Registry) Categories() []common.AttackCategory
Categories returns all distinct categories across registered modules.
func (*Registry) Get ¶
func (r *Registry) Get(name string) (AttackModule, error)
Get returns a module by name, or an error if not found.
func (*Registry) List ¶
func (r *Registry) List() []AttackModule
List returns all registered modules.
func (*Registry) ListByCategory ¶
func (r *Registry) ListByCategory(category common.AttackCategory) []AttackModule
ListByCategory returns all modules matching the given category.
func (*Registry) Register ¶
func (r *Registry) Register(module AttackModule)
Register adds a module to the registry. Panics if a module with the same name is already registered (catches duplicate init() registrations at startup).
Directories
¶
| Path | Synopsis |
|---|---|
|
CaMeL Bypass targets the CaMeL capability-based access control defense, which achieves 67% attack neutralization.
|
CaMeL Bypass targets the CaMeL capability-based access control defense, which achieves 67% attack neutralization. |
|
agentic
|
|
|
browser
Document Injection targets AI browsers that read shared documents (Google Docs, PDFs, etc.) by embedding instructions within them.
|
Document Injection targets AI browsers that read shared documents (Google Docs, PDFs, etc.) by embedding instructions within them. |
|
deception
Package deception implements attacks testing for deceptive agent behavior, including alignment faking, covert goal pursuit, and multi-agent collusion.
|
Package deception implements attacks testing for deceptive agent behavior, including alignment faking, covert goal pursuit, and multi-agent collusion. |
|
mcp
Filesystem Escape tests MCP filesystem/git sandbox escape vectors.
|
Filesystem Escape tests MCP filesystem/git sandbox escape vectors. |
|
multi_agent
Package multi_agent implements attacks targeting LLM-controlling-LLM architectures where orchestrator agents delegate tasks to sub-agents with varying privilege levels.
|
Package multi_agent implements attacks targeting LLM-controlling-LLM architectures where orchestrator agents delegate tasks to sub-agents with varying privilege levels. |
|
persistence
Package persistence implements attacks that establish persistent footholds in agent systems through configuration modification, credential harvesting, and multi-step exploitation chains.
|
Package persistence implements attacks that establish persistent footholds in agent systems through configuration modification, credential harvesting, and multi-step exploitation chains. |
|
skill_injection
Package skill_injection implements attacks targeting agent skill/plugin marketplaces and loading mechanisms.
|
Package skill_injection implements attacks targeting agent skill/plugin marketplaces and loading mechanisms. |
|
tool_use
AgentExploitation implements attacks against AI coding editor agents using the AIShellJack pattern: 75-88% execution rate, 71.5% privilege escalation.
|
AgentExploitation implements attacks against AI coding editor agents using the AIShellJack pattern: 75-88% execution rate, 71.5% privilege escalation. |
|
Package audio implements attacks targeting audio-language models.
|
Package audio implements attacks targeting audio-language models. |
|
Package common provides shared types and utilities for all attack modules.
|
Package common provides shared types and utilities for all attack modules. |
|
Best-of-N (BoN) implements statistical sampling with payload augmentation.
|
Best-of-N (BoN) implements statistical sampling with payload augmentation. |
|
Bad Likert Judge exploits LLM evaluation capabilities via Likert scale scoring.
|
Bad Likert Judge exploits LLM evaluation capabilities via Likert scale scoring. |
|
Indirect RAG Injection embeds instructions in publicly accessible documents that are ingested by RAG scrapers, achieving indirect prompt injection through the retrieval pipeline.
|
Indirect RAG Injection embeds instructions in publicly accessible documents that are ingested by RAG scrapers, achieving indirect prompt injection through the retrieval pipeline. |
|
Package reasoning implements attacks targeting reasoning-capable LLMs.
|
Package reasoning implements attacks targeting reasoning-capable LLMs. |
|
Package testutil provides shared test helpers for attack module tests.
|
Package testutil provides shared test helpers for attack module tests. |