Skip to content

TF Serving

Enumerate and exploit TensorFlow Serving REST API instances.

Overview

The tfserving module targets the TensorFlow Serving SavedModel REST API. It probes for server reachability via structured error responses, enumerates model status and metadata, and tests inference operations. TF Serving does not expose a model list endpoint, so the models subcommand probes common model names to discover what is served.

Subcommands

Read-Only (no --force-exploit required)

Subcommand Description
enum Probe server reachability and detect metrics endpoint
models Discover served models by probing common model names
metadata Retrieve model signature definitions and tensor specs
metrics Retrieve Prometheus metrics from the monitoring endpoint

Gated (requires --force-exploit)

Subcommand Description
predict Send an inference request to a model

Flags

Flag Required Description
--target Yes TF Serving URL (default port 8501)
--header No Custom HTTP headers. Repeatable.
--model For metadata, predict Model name
--version No Model version (predict only; defaults to latest)
--payload For predict JSON inference payload

Key Endpoints

Endpoint Method Purpose
/v1/models GET Reachability probe (returns 404 JSON for unknown model — confirms server presence)
/v1/models/<name> GET Model version status and state
/v1/models/<name>/metadata GET Model signature definitions and tensor specs
/v1/models/<name>:predict POST Model inference (latest version)
/v1/models/<name>/versions/<ver>:predict POST Model inference (specific version)
/monitoring/prometheus/metrics GET Prometheus metrics

Reachability Detection

TF Serving returns a structured JSON error body for 404 responses (e.g. {"code":5,"message":"Servable not found..."}). The enum subcommand exploits this to confirm server presence even when no models are known in advance.

Examples

# Probe for server reachability
./aipostex tfserving --target http://127.0.0.1:8501 enum

# Discover served models (probes common names)
./aipostex tfserving --target http://127.0.0.1:8501 models

# Get model metadata and signature
./aipostex tfserving --target http://127.0.0.1:8501 metadata --model default

# Get Prometheus metrics
./aipostex tfserving --target http://127.0.0.1:8501 metrics

# Test inference (gated)
./aipostex tfserving --target http://127.0.0.1:8501 predict \
  --model default --payload '{"instances":[[1.0,2.0,3.0]]}' --force-exploit

Workflow Progression

discover network (discovers TF Serving on :8501)
  -> tfserving enum (reachability, metrics probe)
    -> tfserving models (model inventory via name probing)
    -> tfserving metadata --model <name> (signature definitions)
    -> tfserving metrics (Prometheus data)
    -> tfserving predict --model <name> (inference test, gated)