Metadata-Version: 2.4
Name: nullsec-promptinject
Version: 0.1.0
Summary: Prompt injection payload library and automated LLM endpoint tester
Author-email: bad-antics <badxantics@gmail.com>
License: MIT
Keywords: prompt-injection,llm,ai-security,red-team,jailbreak,nlp,security
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown

<div align="center">

# 💉 NullSec PromptInject

### Prompt Injection Payload Library & Tester

[![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=for-the-badge&logo=python&logoColor=white)]()
[![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)]()
[![NullSec](https://img.shields.io/badge/NullSec-Linux_v5.0-00ff41?style=for-the-badge&logo=linux&logoColor=white)](https://github.com/bad-antics/nullsec-linux)

*Curated prompt injection payloads and automated testing for LLM applications*

</div>

---

## 🎯 Overview

NullSec PromptInject is a curated library of prompt injection payloads and an automated tester for LLM-powered applications. It targets system prompt extraction, instruction hijacking, context manipulation, and output steering across chatbots, RAG pipelines, AI agents, and function-calling systems.

## ⚡ Features

| Feature | Description |
|---------|-------------|
| **Payload Library** | 500+ categorised prompt injection payloads |
| **System Prompt Extraction** | Techniques to leak hidden system instructions |
| **Instruction Override** | Payloads that hijack model behaviour |
| **Context Manipulation** | Indirect injection via RAG document poisoning |
| **Function Call Abuse** | Exploit tool-use / function-calling APIs |
| **Multi-Language** | Payloads in EN, ZH, JA, DE, FR, ES, AR |
| **Auto-Tester** | Batch-test payloads against target endpoints |

## 📋 Payload Categories

| Category | Count | Targets |
|----------|-------|---------|
| System Prompt Extraction | 80+ | Chatbots, assistants |
| Instruction Override | 90+ | Any LLM app |
| Jailbreak Chains | 60+ | Safety-aligned models |
| Indirect Injection | 50+ | RAG, email agents |
| Function Call Abuse | 40+ | Tool-use agents |
| Output Steering | 45+ | Content generators |
| Encoding Bypass | 35+ | Input filters |
| Multi-turn Escalation | 30+ | Conversation systems |

## 🚀 Quick Start

```bash
# Test all payloads against a target endpoint
nullsec-promptinject test --target http://chatbot.example.com/api --category all

# Extract system prompt
nullsec-promptinject extract --target http://chatbot.example.com/api --techniques top20

# Test RAG indirect injection
nullsec-promptinject indirect --target http://rag.example.com/query --inject-doc malicious.txt

# List available payload categories
nullsec-promptinject list --categories
```

## 🔗 Related Projects

| Project | Description |
|---------|-------------|
| [nullsec-llmred](https://github.com/bad-antics/nullsec-llmred) | LLM red-teaming framework |
| [nullsec-adversarial](https://github.com/bad-antics/nullsec-adversarial) | Adversarial ML attack toolkit |
| [nullsec-modelaudit](https://github.com/bad-antics/nullsec-modelaudit) | ML model security auditing |
| [nullsec-datapoisoning](https://github.com/bad-antics/nullsec-datapoisoning) | Training data poisoning detection |
| [nullsec-linux](https://github.com/bad-antics/nullsec-linux) | Security Linux distro (140+ tools) |

## ⚠️ Legal

For **authorized security testing only**. Never use prompt injection against systems without explicit written permission.

## 📜 License

MIT License — [@bad-antics](https://github.com/bad-antics)

---

<div align="center">

*Part of the [NullSec AI/ML Security Suite](https://github.com/bad-antics)*

</div>
