Metadata-Version: 2.4
Name: nullsec-modelaudit
Version: 0.1.0
Summary: ML model security auditing — pickle exploit detection, integrity checks, OWASP ML Top 10
Author-email: bad-antics <badxantics@gmail.com>
License: MIT
Keywords: ml-security,model-audit,pickle,adversarial,owasp,ai-security,security
Classifier: Development Status :: 3 - Alpha
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Requires-Python: >=3.10
Description-Content-Type: text/markdown

<div align="center">

# 🔍 NullSec ModelAudit

### ML Model Security Auditing Framework

[![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=for-the-badge&logo=python&logoColor=white)]()
[![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)]()
[![NullSec](https://img.shields.io/badge/NullSec-Linux_v5.0-00ff41?style=for-the-badge&logo=linux&logoColor=white)](https://github.com/bad-antics/nullsec-linux)

*Comprehensive security auditing for deployed machine learning models*

</div>

---

## 🎯 Overview

NullSec ModelAudit is a security auditing framework for machine learning models. It inspects model files for hidden payloads (pickle deserialization, Lambda layers), checks for backdoors via Neural Cleanse and Meta Neural Analysis, evaluates robustness boundaries, and generates compliance-ready audit reports covering OWASP ML Top 10 risks.

## ⚡ Features

| Feature | Description |
|---------|-------------|
| **File Inspector** | Detect pickle exploits, malicious Lambda layers, hidden ops |
| **Backdoor Scan** | Neural Cleanse, Meta Neural Analysis, fine-pruning checks |
| **Robustness Eval** | Automated adversarial boundary testing |
| **Supply Chain** | Verify model provenance and hash integrity |
| **Fairness Audit** | Bias detection across protected attributes |
| **OWASP ML Top 10** | Map findings to OWASP ML risk categories |
| **Report Engine** | HTML/PDF/JSON audit reports with severity ratings |

## 📋 Audit Checks

| Check | Category | Severity |
|-------|----------|----------|
| Pickle RCE | Deserialization | Critical |
| Lambda Injection | Model Architecture | Critical |
| Backdoor Trigger | Integrity | High |
| Adversarial Fragility | Robustness | High |
| Training Data Leakage | Privacy | High |
| Model Watermark | Provenance | Medium |
| Bias / Fairness | Compliance | Medium |
| Dependency Vuln | Supply Chain | Variable |

## 🚀 Quick Start

```bash
# Full security audit of a model file
nullsec-modelaudit scan --model model.pt --format pytorch --output audit-report.html

# Check for deserialization exploits in pickle files
nullsec-modelaudit inspect --model model.pkl --check deserialization

# Backdoor detection scan
nullsec-modelaudit backdoor --model model.h5 --dataset validation/ --num-classes 10

# Supply chain verification
nullsec-modelaudit verify --model model.onnx --expected-hash sha256:abc123...
```

## 🔗 Related Projects

| Project | Description |
|---------|-------------|
| [nullsec-adversarial](https://github.com/bad-antics/nullsec-adversarial) | Adversarial ML attack toolkit |
| [nullsec-datapoisoning](https://github.com/bad-antics/nullsec-datapoisoning) | Training data poisoning detection |
| [nullsec-llmred](https://github.com/bad-antics/nullsec-llmred) | LLM red-teaming framework |
| [nullsec-promptinject](https://github.com/bad-antics/nullsec-promptinject) | Prompt injection payloads |
| [nullsec-linux](https://github.com/bad-antics/nullsec-linux) | Security Linux distro (140+ tools) |

## ⚠️ Legal

For **authorized security auditing only**. Always obtain proper authorization before auditing third-party models.

## 📜 License

MIT License — [@bad-antics](https://github.com/bad-antics)

---

<div align="center">

*Part of the [NullSec AI/ML Security Suite](https://github.com/bad-antics)*

</div>
