/** * Red Team Security Testing Framework * Automated penetration testing for LLM applications */ /** * Attack scenario definition */ export interface AttackScenario { name: string; description: string; category: AttackCategory; severity: "critical" | "high" | "medium" | "low"; execute: (target: AttackTarget) => Promise; } /** * Attack categories based on OWASP Top 10 for LLMs */ export declare enum AttackCategory { PROMPT_INJECTION = "Prompt Injection", DATA_LEAKAGE = "Sensitive Data Leakage", INADEQUATE_SANDBOXING = "Inadequate Sandboxing", UNAUTHORIZED_CODE_EXECUTION = "Unauthorized Code Execution", SSRF = "Server-Side Request Forgery", OVERRELIANCE = "Overreliance on LLM Output", INADEQUATE_ACCESS_CONTROL = "Inadequate Access Control", EXCESSIVE_AGENCY = "Excessive Agency", SYSTEM_PROMPT_LEAKAGE = "System Prompt Leakage", MODEL_THEFT = "Model Theft" } /** * Target for attack scenarios */ export interface AttackTarget { endpoint?: string; component: string; inputs?: Record; configuration?: Record; } /** * Result of an attack attempt */ export interface AttackResult { success: boolean; vulnerability?: string; impact: string; evidence?: any; mitigation?: string; reproductionSteps?: string[]; } /** * Automated attack scenario runner */ export declare class AttackScenarioRunner { private scenarios; private validator; constructor(); /** * Initialize built-in attack scenarios */ private initializeScenarios; /** * Run all attack scenarios against a target */ runAllScenarios(target: AttackTarget): Promise; /** * Test prompt injection */ private testPromptInjection; /** * Test file access */ private testFileAccess; /** * Test command injection */ private testCommandInjection; /** * Test SSRF */ private testSSRF; /** * Simulate a request to the target * In real implementation, this would interact with actual components */ private simulateRequest; } /** * Vulnerability scanner */ export declare class VulnerabilityScanner { private knownVulnerabilities; constructor(); /** * Initialize known vulnerabilities database */ private initializeVulnerabilities; /** * Scan a component for known vulnerabilities */ scanComponent(component: string): Promise; } /** * Exploit simulator for testing defenses */ export declare class ExploitSimulator { /** * Simulate an exploit attempt */ simulate(exploit: ExploitDefinition): Promise; /** * Execute a single exploit step */ private executeStep; } /** * Security report generator */ export declare class SecurityReportGenerator { /** * Generate a comprehensive security report */ generateReport(results: { attackTests?: SecurityTestReport; vulnerabilityScans?: VulnerabilityReport[]; exploitTests?: ExploitResult[]; }): Promise; /** * Group test results by severity */ private groupBySeverity; } interface AttackTestResult { scenario: string; category: AttackCategory; severity: "critical" | "high" | "medium" | "low"; result: AttackResult; } interface SecurityTestReport { target: string; timestamp: string; duration: number; totalScenarios: number; vulnerabilities: number; results: AttackTestResult[]; } interface VulnerabilityResult { id: string; name: string; description: string; severity: string; vulnerable: boolean; evidence: any; } interface VulnerabilityReport { component: string; vulnerabilities: VulnerabilityResult[]; summary: string; } interface ExploitDefinition { name: string; description: string; steps: ExploitStep[]; mitigation: string; } interface ExploitStep { name: string; action: () => Promise; required: boolean; } interface StepResult { step: string; success: boolean; output: any; } interface ExploitResult { exploit: string; success: boolean; results: StepResult[]; error?: string; mitigation: string; } export {}; //# sourceMappingURL=red-team.d.ts.map