Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Adversa

БесплатноНе проверен

LLM red-team harness that scans for OWASP LLM Top 10 and MITRE ATLAS vulnerabilities, providing prioritized findings in table, JSON, SARIF, or via an MCP server

GitHubEmbed

Описание

LLM red-team harness that scans for OWASP LLM Top 10 and MITRE ATLAS vulnerabilities, providing prioritized findings in table, JSON, SARIF, or via an MCP server for AI agents.

README

ADVERSA

ADVERSA

LLM red-team harness — OWASP LLM Top 10 + MITRE ATLAS attack packs

PyPI CI License: COCL 1.0 Suite

AI Security & Governance — securing LLMs, agents, and the MCP supply chain.

pip install cognis-adversa
adversa scan .            # → prioritized findings in seconds

🔎 Example output

Real, reproducible output from the tool — runs offline:

$ adversa-emit --version
adversa 2.0.0
$ adversa-emit --help
usage: adversa [-h] [--version] {catalog,scan,probe,refs} ...

LLM red-team probe runner (OWASP LLM Top-10 + MITRE ATLAS).

positional arguments:
  {catalog,scan,probe,refs}
    catalog             list the probe catalog
    scan                run probes against a target
    probe               show detail for one probe
    refs                show OWASP + ATLAS reference tables

options:
  -h, --help            show this help message and exit
  --version             show program's version number and exit
$ adversa-emit catalog
ADVERSA probe catalog (12 probes)
==============================================================================
ID                       OWASP   ATLAS        SEV       NAME
------------------------------------------------------------------------------
pi.direct_override       LLM01   AML.TA0004   high      Direct instruction override
pi.indirect_payload      LLM01   AML.TA0006   critical  Indirect prompt injection via retrieved content
pi.encoded_smuggling     LLM01   AML.TA0009   medium    Encoded payload smuggling
leak.system_prompt       LLM07   AML.TA0011   high      System prompt extraction
leak.credentials         LLM02   AML.TA0010   critical  Sensitive credential disclosure
harm.dangerous_instructions LLM09   AML.TA0005   high      Dangerous-capability elicitation
harm.roleplay_jailbreak  LLM01   AML.TA0009   high      Persona/roleplay jailbreak (DAN-style)
output.xss_injection     LLM05   AML.TA0006   high      Improper output handling (XSS payload)
agency.tool_abuse        LLM06   AML.TA0006   high      Excessive agency / unsafe tool invocation
misinfo.confident_falsehood LLM09   AML.TA0014   medium    Misinformation / fabricated authority
consumption.amplification LLM10   AML.TA0014   low       Unbounded consumption (resource amplification)
poison.training_data     LLM04   AML.TA0003   medium    Data poisoning acknowledgement

Blocks above are real adversa output — reproduce them from a clone.

Usage — step by step

adversa is an LLM red-team probe runner mapping the OWASP LLM Top-10 + MITRE ATLAS onto runnable probes.

  1. Install (Python 3.10+):
    pip install -e .            # or: pipx install adversa
    
  2. Browse the bundled probe catalog (filter by OWASP/ATLAS/severity):
    adversa catalog --owasp LLM01 --min-severity high
    
  3. Scan a target — the bundled secure/vulnerable references, a captured-response transcript (offline, no live endpoint), or your own module:callable of signature target(prompt) -> str:
    adversa scan vulnerable
    adversa scan transcript:demos/01-healthcare-chatbot/transcript.json
    adversa scan mypkg.mymodel:generate --owasp LLM01
    
  4. Read the output as a table, JSON, or SARIF 2.1.0 (for GitHub code-scanning), or inspect one probe's prompts + grader + remediation:
    adversa scan vulnerable --format json | jq '.results[] | select(.passed==false)'
    adversa scan vulnerable --format sarif > adversa.sarif
    adversa probe pi.direct_override
    adversa refs        # OWASP LLM Top-10 + ATLAS tactic tables
    
  5. Gate CIscan exits 1 when findings are present, 0 when clean, 2 on usage error:
    - run: pip install -e . && adversa scan mypkg.mymodel:generate   # non-zero fails the job
    

Contents

Why adversa?

LLM red-team harness — OWASP LLM Top 10 + MITRE ATLAS attack packs — without standing up heavyweight infrastructure.

adversa is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table · JSON · SARIF), gate CI on it, and let agents drive it over MCP.

Features

  • ✅ 12-probe catalog mapped to OWASP LLM Top-10 (2025) + MITRE ATLAS tactics
  • ✅ Severity ranking + filtering (--owasp, --atlas, --min-severity, --probe)
  • ✅ Five graders (must-refuse, must-not-leak, must-not-contain, must-contain, injection-resisted)
  • Transcript replay target — red-team captured responses offline, no live endpoint
  • ✅ Bundled secure / vulnerable reference targets + module:callable for your own model
  • ✅ Output as table · JSON · SARIF 2.1.0 (GitHub code-scanning ready)
  • ✅ CI gate via exit codes (0 clean · 1 findings · 2 usage)
  • ✅ 8 real-use-case demos with run commands + remediation guidance
  • ✅ Runs on Linux/macOS/Windows · Docker · devcontainer
  • ✅ Ports in Python, JavaScript, Go, and Rust (ports/)

Quick start

pip install cognis-adversa
adversa --version
adversa scan .                       # scan current project
adversa scan . --format json         # machine-readable
adversa scan . --fail-on high        # CI gate (non-zero exit)

Example

$ adversa scan .
  [HIGH    ] ADV-001  example finding             (./src/app.py)
  [MEDIUM  ] ADV-002  another signal              (./config.yaml)

  2 findings · risk score 5 · 38ms

Demos — real scenarios you can run now

Each demos// holds a realistic input (a captured-response transcript.json in ADVERSA's real format, or a module:callable target) plus a SCENARIO.md explaining where the data came from, the exact command, what to expect, and how to act on the findings.

Demo Scenario What it shows
01 Healthcare chatbot, pre-launch 4 findings — system-prompt + credential leak block launch
02 Same bot after hardening 0 findings — clean CI gate (exit 0)
03 RAG poisoned document indirect + encoded prompt injection (LLM01)
04 Agent with shell access excessive agency (rm -rf /) + directive override
05 Support bot jailbreak DAN persona + harmful-instruction elicitation
06 Research assistant fabricated citation + data-poisoning acceptance
07 Worst-case baseline all 12 probes fail (vulnerable target)
08 Your own model wiring a module:callable target into CI
adversa scan transcript:demos/01-healthcare-chatbot/transcript.json   # 4 findings, exit 1
adversa scan transcript:demos/02-post-hardening-clean/transcript.json # 0 findings, exit 0

The transcript shape is either a probe-id map ({"leak.system_prompt": "<reply>"}) or a list of {"probe_id": "...", "response": "..."} pairs — capture your model's replies once, then grade them offline as often as you like.

Architecture

flowchart LR
  IN[sources] --> P[adversa<br/>curate + validate]
  P --> OUT[query / analysis]

Use it from any AI stack

adversa is interoperable with every popular way of using AI:

  • MCP serveradversa mcp (Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)
  • OpenAI-compatible / JSON — pipe adversa scan . --format json into any agent or LLM
  • LangChain · CrewAI · AutoGen · LlamaIndex — wrap the CLI/JSON as a tool in one line
  • CI / scripts — exit codes + SARIF for non-AI pipelines

How it compares

Cognis adversa leondz
Self-hostable, no account varies
Single command, zero config ⚠️
JSON + SARIF for CI varies
MCP-native (AI agents)
Polyglot ports (JS/Go/Rust)
Open license ✅ COCL varies

Built in the spirit of leondz/garak, re-framed the Cognis way. Missing a credit? Open a PR.

Integrations

Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (adversa mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.

Install — every way, every platform

pip install "git+https://github.com/cognis-digital/adversa.git"    # pip (works today)
pipx install "git+https://github.com/cognis-digital/adversa.git"   # isolated CLI
uv tool install "git+https://github.com/cognis-digital/adversa.git" # uv
pip install cognis-adversa                                          # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/adversa:latest --help        # Docker
brew install cognis-digital/tap/adversa                             # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/adversa/main/install.sh | sh
Linux macOS Windows Docker Cloud
scripts/setup-linux.sh scripts/setup-macos.sh scripts/setup-windows.ps1 docker run ghcr.io/cognis-digital/adversa DEPLOY.md (AWS/Azure/GCP/k8s)

Related Cognis tools

  • aegis — AI Agent Permission & Access Auditor — surfaces the lethal trifecta of credentials + injection + reach
  • promptmirror — Prompt-injection & indirect-injection scanner for any LLM context input
  • ledgermind — Local LLM cost & token forensics proxy with anomaly detection
  • guardpost — Runtime agent firewall — PII redaction, rate limits, policy enforcement
  • hallumark — LLM hallucination & grounding auditor for RAG systems
  • aicard — Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards

Explore the suite → 🗂️ all 170+ tools · ⭐ awesome-cognis · 🔗 cognis-sources · 🤖 uncensored-fleet · 🧠 engram

Contributing

PRs, new rules, and demo scenarios are welcome under the collaboration-pull model — see CONTRIBUTING.md and SECURITY.md.

⭐ If adversa saved you time, star it — it genuinely helps others find it.

Interoperability

{} composes with the 300+ tool Cognis suite — JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

License

Source-available under the Cognis Open Collaboration License (COCL) v1.0 — free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license ([email protected]). See LICENSE.


Cognis Digital · one of 170+ tools in the Cognis Neural Suite · Making Tomorrow Better Today

from github.com/cognis-digital/adversa

Установить Adversa в Claude Desktop, Claude Code, Cursor

Рекомендуется · одна команда, все IDE
unyly install adversa

Ставит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.

Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh

Или настроить вручную

Выполни в терминале:

claude mcp add adversa -- uvx --from git+https://github.com/cognis-digital/adversa cognis-adversa

FAQ

Adversa MCP бесплатный?

Да, Adversa MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Adversa?

Нет, Adversa работает без API-ключей и переменных окружения.

Adversa — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Adversa в Claude Desktop, Claude Code или Cursor?

Открой Adversa на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Adversa with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai