Exploit Modules¶
aipostex includes 18 post-exploitation modules, each targeting a specific AI service family. Modules follow a consistent pattern: read-only enumeration commands run without restrictions, while state-changing or high-noise actions require --force-exploit.
Module Summary¶
| Module | Service(s) | Subcommands | Read-Only | Gated |
|---|---|---|---|---|
| ollama | Ollama | 10 | 5 | 5 |
| vectordb | ChromaDB, Weaviate, Qdrant, Milvus, pgvector | 5 | 3 | 2 |
| jupyter | Jupyter Notebook | 8 | 4 | 4 |
| mcp | MCP servers | 5 | 3 | 2 |
| openai-compat | OpenAI-compatible APIs | 9 | 7 | 2 |
| ray | Ray | 8 | 4 | 4 |
| mlflow | MLflow | 9 | 8 | 1 |
| gradio | Gradio | 7 | 4 | 3 |
| bentoml | BentoML | 4 | 3 | 1 |
| triton | NVIDIA Triton Inference Server | 7 | 4 | 3 |
| torchserve | PyTorch TorchServe | 7 | 3 | 4 |
| litellm | LiteLLM Proxy | 5 | 4 | 1 |
| huggingface | HuggingFace TGI/TEI | 5 | 3 | 2 |
| tfserving | TensorFlow Serving | 5 | 4 | 1 |
| kubeflow | Kubeflow Pipelines | 6 | 5 | 1 |
| wandb | Weights & Biases | 5 | 5 | 0 |
| a2a | Agent-to-Agent APIs | 11 | 4 | 7 |
| k8s | Kubernetes API server (ML/AI workloads) | 7 | 3 | 4 |
Utilities¶
| Command | Purpose | Doc |
|---|---|---|
model-scan |
Local model file supply-chain scan (pickle / PyTorch / formats) | model-scan |
These modules provide the main post-exploitation surface of the tool, covering read-only enumeration through gated proof actions.
Common Flags¶
All exploit modules share these flags:
| Flag | Description |
|---|---|
--target |
Target service URL (required for all remote commands). |
--header |
Custom HTTP header(s) in Key: Value format. Repeatable. |
Safety Model¶
flowchart LR
ReadOnly[Read-Only Commands] -->|no flag needed| Execute[Execute]
Gated[State-Changing Commands] -->|requires --force-exploit| Execute
Gated -->|without flag| Blocked[Blocked with message]
Read-only commands include: enumeration, listing, reading, extraction, fingerprinting, and passive analysis.
Gated commands include: model creation/deletion/poisoning, code execution, file uploads, throughput/proxy testing, and queue/serve probes.
See Safety Model for the complete gated action reference.
Operator Progression¶
Each module supports a progression from enumeration to proof:
flowchart TD
Discovery["discover network\n(fingerprint services)"] --> Enum["module enum\n(enumerate assets)"]
Enum --> Read["module read commands\n(extract data, validate access)"]
Read --> Proof["module gated commands\n(demonstrate impact)"]
Findings from earlier stages attach workflow recommendations pointing to the next logical command, using values discovered in the current step (model names, collection IDs, kernel IDs, job IDs, etc.).