View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009663Kali LinuxNew Tool Requestspublic2026-05-03 03:302026-05-03 03:30
Reporterxm4skbyt3z Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009663: Promptix - LLM security scanner (prompt injection / jailbreak / leakage)
Description

[Name]
Promptix

[Version]
0.1.0 (git tag v0.1.0)

[Homepage]
https://github.com/xm4skbyt3z/promptix

[Download]
https://github.com/xm4skbyt3z/promptix/archive/refs/tags/v0.1.0.tar.gz

[Author]
Deivid Kelven (xM4skByt3z)

[Licence]
MIT

[Description]
Promptix is a CLI tool I wrote to pentest LLM endpoints. It scans for the issues
listed in the OWASP Top 10 for LLM Applications: prompt injection, jailbreaks
(DAN, dev-mode, roleplay, encoding bypass), system-prompt and credential
leakage, sycophancy/bias, and adversarial robustness (Unicode confusables,
zero-width chars, char swaps, plus optional decision-boundary estimation via
ART).

The UX is meant to feel familiar to anyone who already uses sqlmap or nmap:
flat flags, one command, and you get either stdout output, a JSON report, or a
full Markdown pentest report.

It works against any OpenAI-compatible API (OpenAI, Ollama, vLLM, LM Studio,
llama.cpp), generic HTTP endpoints with a configurable body template, and ships
an offline echo stub so you can demo it or wire it into CI without an API key.

I have been testing it locally against Ollama (llama3.2:1b) on Kali and it
catches real prompt-injection bypasses on the small models, which is what I
wanted from it.

[Dependencies]

  • python3 (>= 3.10)
  • python3-httpx (>= 0.27)
  • python3-rich (>= 13.7)
  • python3-typer (>= 0.12)
  • python3-prompt-toolkit (>= 3.0)
  • python3-yaml (>= 6.0)
  • python3-pydantic (>= 2.6)

Optional, only needed for the ART boundary-estimation feature in the
robustness module:

  • python3-numpy (>= 1.26)
  • python3-sklearn (>= 1.4)
  • adversarial-robustness-toolbox (>= 1.17)

[Similar tools]
There are a few tools in this space, but none of them really fit the
pentester workflow:

  • garak: big plugin-based scanner, more of a research framework, no
    single-command CLI and a lot heavier to set up.
  • PyRIT (Microsoft): Python API only, no CLI, mostly oriented at Azure AI
    red-teaming.
  • PromptBench: academic adversarial benchmark, not a pentest tool.
  • promptmap: only does prompt injection, single module.

Promptix covers the five OWASP LLM categories in one command and uses the
same flag style as sqlmap, which is the gap I wanted to fill.

[Activity]
Started the project in May 2026, actively developing it. 0.1.0 is the first
public release: https://github.com/xm4skbyt3z/promptix/releases/tag/v0.1.0

[How to install]
From the tagged release:

wget https://github.com/xm4skbyt3z/promptix/archive/refs/tags/v0.1.0.tar.gz
tar xzf v0.1.0.tar.gz
cd promptix-0.1.0
pip install .

Or with the install script in the repo (works on Kali / Debian):

git clone https://github.com/xm4skbyt3z/promptix
cd promptix
git checkout v0.1.0
sudo bash install.sh

[How to use]

Offline demo, no API key or internet needed

promptix --echo

Scan a local Ollama instance

promptix -u http://localhost:11434/v1

Scan OpenAI with a specific model

promptix -u https://api.openai.com/v1 --key $OPENAI_API_KEY --model gpt-4o

Run only the jailbreak and leakage modules and save reports

promptix -u http://target/v1 -m jailbreak -m leakage -o report.json --report-md report.md

Quick scan: 5 payloads, 8 concurrent, 10s timeout

promptix --echo --max-payloads 5 -c 8 -T 10

[Packaged]
Yes, the repo already has a debian/ directory with everything needed for a
Kali package:

  • debian/control
  • debian/changelog
  • debian/rules (dh-python / pybuild)
  • debian/copyright (DEP-5)
  • debian/source/format (3.0 quilt)
  • debian/promptix.manpages (installs docs/promptix.1)

Happy to adjust anything if it helps with packaging. Thanks!

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2026-05-03 03:30 xm4skbyt3z New Issue