LLMsploit: An Open-Source Vulnerability Scanning Tool Designed for Large Language Models

LLMsploit is an open-source automated detection tool for security vulnerabilities in Large Language Models (LLMs), developed by researchers from Kharkiv Aerospace University in Ukraine. It supports multi-platform model integration, covers 15 types of prohibited content detection scenarios, and provides a systematic solution for LLM security assessment and compliance.

With the widespread application of LLMs across various industries, they face not only traditional software security challenges but also new threats such as 'jailbreak' attacks, prompt injection, and harmful content generation. LLMsploit was born precisely against this backdrop.

LLMsploit was open-sourced on GitHub by jalners, derived from doctoral thesis research (topic: Security Analysis and Protection Methods for Prohibited Content Generation by LLMs on Local and Cloud Servers). It has a solid theoretical foundation and is not an experimental project.

The tool has built-in detection for 15 types of prohibited content, including:

• Harmful content
• Cybercrime activities
• Personal injury
• Economic damage
• Illegal drugs
• Weapon-related activities
• Terrorism content
• Intellectual property infringement
• Fraud
• Disinformation
• Adult content
• Political activities
• Privacy violations
• Unauthorized practice
• Government decision interference It covers multi-dimensional risks from personal safety to social stability.

LLMsploit adopts a dual-model architecture: Target Model: The LLM service to be detected (locally deployed such as Ollama/LM Studio/Docker, or external APIs like OpenAI/Anthropic, etc.) Evaluation Model: Independently judges whether the target model's response contains prohibited content, avoiding self-assessment bias. Usage supports Python SDK (configured with a few lines of code) and CLI mode (suitable for automated integration).

The tool is supported by 8 papers published on platforms such as IEEE Xplore and Springer, covering areas like AI system security assurance, vulnerability collection and analysis, and LLM vulnerability severity assessment, forming a complete research chain.

LLMsploit is applicable to:

• Enterprise compliance detection: Scan before deployment to ensure compliance with policy regulations
• Model selection evaluation: Horizontally compare the security performance of candidate models
• Red team testing: Penetration testing to discover potential vulnerabilities
• Academic research: Provide standardized detection tools and data collection capabilities

Limitations: The repository contains examples of risky content (required for security research); currently mainly supports OpenAI-compatible APIs, non-standard interfaces require additional adaptation; local models need environment support such as Docker/Ollama. Outlook: LLMsploit represents the transformation of LLM security from theory to practice. Its open-source nature makes it expected to become an infrastructure component of the LLM security ecosystem, providing an important detection framework for AI security researchers, developers, and enterprises.