View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009641Kali LinuxNew Tool Requestspublic2026-04-16 19:332026-04-27 12:36
ReporterNuClide Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0009641: [New Tool] aimap - AI infrastructure scanner (LLMs, vector DBs, ML servers)
Description

Name of the tool

aimap

Version

v1.1.1

Homepage

https://github.com/Nicholas-Kloster/aimap

Download URL

https://github.com/Nicholas-Kloster/aimap/releases/latest

Description

aimap is a purpose-built scanner for AI and machine learning infrastructure.
Where nmap and nuclei identify that a service is running, aimap identifies
which AI/ML service is running and whether it is exposing data, PII,
credentials, or compute.

It fingerprints 23 AI/ML service types across six categories (vector
databases, LLM runtimes, ML platforms, orchestration/UI, observability,
notebooks) and runs service-specific deep enumeration to surface actionable
findings:

  • Unauthenticated Jupyter kernels (RCE)

  • Vector database PII field exposure

  • Flowise credentials endpoint accessibility

  • Ollama open inference endpoints (LLMjacking vector)

  • Dify with unclaimed admin accounts

  • Langfuse instances leaking LLM conversation history

  • MLflow experiments and model registries accessible

  • Weaviate schemas with regulated-data fields

  • ChromaDB collections with PII-indicating names

    Fingerprinted services: Weaviate, ChromaDB, Qdrant, Milvus, Ollama, vLLM,
    LocalAI, text-generation-webui, MLflow, TensorFlow Serving, Triton
    Inference Server, Ray Serve, Ray Dashboard, Kubeflow, LangServe, Flowise,
    Dify, Open WebUI, LiteLLM, BentoML, Langfuse, Jupyter Notebook, Docker
    Registry.

    Dependencies

    None. Single statically-linked Go binary. Built with Go stdlib only —
    no external Go modules, no system libraries, no runtime dependencies.

    License

    MIT

    Similar tools

    None in Kali currently. Generic scanners (nmap, nuclei) can detect HTTP
    services on AI-related ports but do not fingerprint them as AI services
    specifically, do not perform service-appropriate deep enumeration, and do
    not surface findings like "ChromaDB collection with PII field exposed" or
    "Jupyter with unauthenticated code execution."

    aimap fills a gap that has become significant as AI adoption in
    enterprise environments has accelerated. Security teams auditing their
    own networks for shadow AI deployments — or bug bounty researchers
    testing AI companies within program scope — currently have to chain
    together multiple tools and hand-craft detections. aimap provides this
    coverage natively.

    Why this should be in Kali

    AI infrastructure exposure has become a mainstream attack surface:

  • Operation Bizarre Bazaar (disclosed January 2026) documented a
    commercial marketplace built on compromised LLM inference servers
    across 30+ providers.

  • Pillar Security, Cisco Talos, and UpGuard have all published research
    on unauthenticated vector database exposure during 2024-2025.

  • GreyNoise has observed 91,000+ documented attack sessions targeting
    AI/ML services on Shodan-indexed infrastructure.

  • The OWASP LLM Top 10 now formalizes several of these exposure classes.

    Kali currently lacks any tool specifically designed for AI
    infrastructure reconnaissance. aimap is a natural addition alongside
    nmap, nuclei, and masscan in the /auditing category.

    Usage examples

    Shadow-AI audit of internal network

    aimap -target 10.0.0.0/24 -threads 50 -o audit.json

    Single-host deep dive with wide port coverage

    aimap -target 10.5.5.5 -v -ports 8000,8080,8888,9091,11434,6333,19530

    CI/CD deployment gate

    aimap -target $DEPLOY_URL -o check.json && \
    jq '.enum_results[] | select(.risk_level == "critical")' check.json

    External exposure check against your own public ranges

    aimap -list corp-public-ips.txt -threads 10 -timeout 10s -o external.json

    Technical details

  • Single Go binary (~5MB statically linked, prebuilt for linux+darwin amd64+arm64)

  • Read-only HTTP GETs only (no writes, no auth attempts, no exploits)

  • 3-phase pipeline: port scan → service fingerprint → deep enumeration

  • JSON output with stable schema for pipeline integration

  • Colored terminal output with risk scoring

  • CIDR support, threaded scanning, configurable timeouts

  • Man page included (aimap.1)

  • BlackArch PR pending: https://github.com/BlackArch/blackarch/pull/4912

    Build

    go install github.com/Nicholas-Kloster/aimap@latest

    Or from source:

    git clone https://github.com/Nicholas-Kloster/aimap.git
    cd aimap
    go build -o aimap .

    Or download a prebuilt binary:

    curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.1.1/aimap-linux-amd64
    chmod +x aimap-linux-amd64
    sudo mv aimap-linux-amd64 /usr/local/bin/aimap

    Tested on: Go 1.21+ / Ubuntu 22.04, 24.04 / Arch / Kali Linux rolling

    Author / contact

    Nicholas Kloster (NuClide)
    GitHub: https://github.com/Nicholas-Kloster
    Issues: https://github.com/Nicholas-Kloster/aimap/issues

Attached Files
PKGBUILD (1,226 bytes)    
# Maintainer: Nicholas Kloster <[email protected]>

pkgname=aimap
pkgver=1.1.1
pkgrel=1
groups=('blackarch' 'blackarch-scanner' 'blackarch-recon' 'blackarch-networking')
pkgdesc='Security scanner for AI and ML infrastructure. Fingerprints 23 AI/ML service types (LLMs, vector databases, model servers) and surfaces actionable findings.'
arch=('x86_64' 'aarch64')
url='https://github.com/Nicholas-Kloster/aimap'
license=('MIT')
makedepends=('go')
source=("$pkgname-$pkgver.tar.gz::https://github.com/Nicholas-Kloster/aimap/archive/v$pkgver.tar.gz")
sha256sums=('c1a48b61524f1f3d4c5e046c1a84189db36e55bce1900ede1107cfbabbb1246c')

build() {
  cd "$pkgname-$pkgver"
  export CGO_ENABLED=0
  export GOFLAGS="-trimpath -mod=readonly -modcacherw"
  export LDFLAGS="-buildmode=pie -linkmode=external -s -w"
  go build -o "$pkgname" .
}

package() {
  cd "$pkgname-$pkgver"

  # Binary
  install -Dm755 "$pkgname" "$pkgdir/usr/bin/$pkgname"

  # Man page
  if [ -f "aimap.1" ]; then
    install -Dm644 "aimap.1" "$pkgdir/usr/share/man/man1/aimap.1"
  fi

  # License
  install -Dm644 "LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"

  # Documentation
  install -Dm644 "README.md" "$pkgdir/usr/share/doc/$pkgname/README.md"
}
PKGBUILD (1,226 bytes)   

Activities

bleon12

bleon12

2026-04-21 22:58

reporter   ~0021605

Last edited: 2026-04-21 23:17

Hello! How are you? I've been working on this Go application, and it was successfully packaged without any problems. I'm attaching the Debian/ folder in a tar archive for the Kali Linux team because of the single-file upload limit.

Thanks to everyone who reads this message.

P.S.: I used a translator because I don't speak English, and it's not my strong suit.

https://github.com/bleon-ethical/debian-aimap.git
Revan Manafli

Revan Manafli

2026-04-22 13:22

reporter   ~0021613

Last edited: 2026-04-22 13:23

[Deleted]
daniruiz

daniruiz

2026-04-27 12:36

manager   ~0021634

Hello,

Thanks for your submission. We can’t package every infosec tool, so we prioritize those with wider adoption and community usage.

Best of luck with your project.

Issue History

Date Modified Username Field Change
2026-04-16 19:33 NuClide New Issue
2026-04-16 19:33 NuClide File Added: PKGBUILD
2026-04-21 22:58 bleon12 Note Added: 0021605
2026-04-21 23:17 bleon12 Note Edited: 0021605
2026-04-22 13:22 Revan Manafli Note Added: 0021613
2026-04-22 13:23 Revan Manafli Note Edited: 0021613
2026-04-27 12:36 daniruiz Assigned To => daniruiz
2026-04-27 12:36 daniruiz Status new => closed
2026-04-27 12:36 daniruiz Resolution open => won't fix
2026-04-27 12:36 daniruiz Note Added: 0021634