Skip to content

LLMSmith/LLMSmith

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
app_search
app_search
 
 
app_tests
app_tests
 
 
chains_pocs
chains_pocs
 
 
framework_vulns
framework_vulns
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

LLMSmith

Prototype of LLMSmith and the collection of LLM4Shell PoCs (keep updating)

This repository contains the official code used in paper "Demystifying RCE Vulnerabilities in LLM-Integrated Apps".

Official Website (Containing Demos, Ethics, etc.): https://sites.google.com/view/llmsmith

Please feel free to contact [email protected] if you have any questions.

Repo Structure

  • framework_vulns: Call chain extraction prototype used in our paper.
  • app_search: whitebox app search utils.
  • app_tests: real-world demos and the exploit prompts used by LLMSmith (prompt.py, keep updating)
  • chains_pocs: PoCs, call chains of frameworks and the corresponding responsible disclosure. (PoCs keeps updating when I found other vulnerable frameworks)

Clarification

LLMSmith now is still a research prototype and can only be used for educational purpose, it may exist some unexcepted behaviors or bugs;

Meanwhile, LLMSmith is under active updating (e.g., new vulnerable frameworks, new PoCs, new demos...)

Cite

@article{liu2023demystifying,
  title={Demystifying rce vulnerabilities in llm-integrated apps},
  author={Liu, Tong and Deng, Zizhuang and Meng, Guozhu and Li, Yuekang and Chen, Kai},
  journal={arXiv preprint arXiv:2309.02926},
  year={2023}
}

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

45 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages