Network Discovery¶
The discover network command fingerprints AI services using HTTP-based probes, then optionally runs vulnerability templates against discoveries.
How Fingerprinting Works¶
For each host:port combination:
- TCP connect -- verify the port is open
- HTTP probes -- send HTTP requests matching known AI service patterns
- HTTPS fallback -- ports 443, 8443, 9443 prefer HTTPS; others try HTTP first
- Multi-result -- all services above the minimum specificity threshold (30) are returned. Port-affinity ordering runs port-matched probes first. A specificity-100 match short-circuits the remaining probes.
Each service has one or more HTTPProbe definitions with:
- HTTP method and path
- Expected status code and/or body content
MatchBodyNot-- reject if body contains this substring (reduces false positives)MatchHeader-- match response header values (case-insensitive)VersionRegex-- extract version from response body (first capture group)- Specificity score (1-100) -- higher means more confident
When multiple services match on the same host:port, all are returned. When 3+ distinct services match on a single port, results are flagged as proxy_likely (likely behind a reverse proxy).
Detected Services¶
aipostex detects more than two dozen AI services out of the box:
| Service | Default Port | Probes | Specificity | Version |
|---|---|---|---|---|
| Ollama | 11434 | GET / (body: "Ollama is running"), GET /api/tags |
Medium-High | -- |
| ChromaDB | 8000 | GET /api/v2/heartbeat, GET /api/v1/heartbeat |
High | -- |
| vLLM | 8000 | GET /v1/models, GET /health |
Medium | -- |
| LiteLLM | 4000 | GET /health, GET /v1/models |
Medium | -- |
| LM Studio | 1234 | GET /v1/models |
Medium | -- |
| LocalAI | 8080 | GET /v1/models, GET /readyz |
Medium | -- |
| Weaviate | 8080 | GET /v1/meta, GET /v1/schema |
High | Extracted via regex |
| Qdrant | 6333 | GET /collections, GET / |
High | -- |
| Jupyter | 8888 | GET /api, GET / |
Medium-High | -- |
| MLflow | 5000 | GET /api/2.0/mlflow/experiments/search, GET /api/2.0/mlflow/registered-models/search, GET / (body: "OK") |
High | -- |
| Gradio | 7860 | GET /info, GET / |
Medium-High | Extracted via regex |
| Streamlit | 8501 | GET /_stcore/health |
High | -- |
| Ray | 8265 | GET /api/version |
High | Extracted via regex |
| Open WebUI | 3000 | GET / |
Low | -- |
| MCP SSE | 3000 | POST /message (JSON-RPC initialize) |
High | -- |
| MCP Inspector | 6274 | GET /, GET /api/servers, GET /api/tools |
High | -- |
| MCPJam Inspector | 6274 | GET /, GET /api/servers |
High | -- |
| OpenAI-Compatible | 8000 | GET /v1/models |
Low (generic) | -- |
Note
When multiple services share ports (e.g., vLLM and ChromaDB on 8000, or LocalAI and Weaviate on 8080), the service-specific probes with higher specificity disambiguate.
Default Port List¶
When --ports is not specified, these ports are probed:
Ports 80, 443, and 8443 are included to detect AI services behind reverse proxies. When 3+ distinct services match on a single port, results are flagged proxy_likely and an explicit warning is emitted during the scan to alert the operator.
CIDR Expansion¶
The --target flag accepts CIDR notation:
./aipostex discover network --target 10.0.0.0/24 # 254 hosts
./aipostex discover network --target 10.0.0.0/16 # 65534 hosts
./aipostex discover network --target 10.0.0.0/8 # too many without --max-hosts 0
The --max-hosts guardrail (default 65536) prevents accidentally scanning huge ranges. Set to 0 to disable. Large IPv6 CIDRs (63+ host bits) are rejected before expansion to prevent integer overflow. Overlapping CIDRs are deduplicated before the host count is validated.
URL-format targets (e.g., http://10.0.0.1:8000) are normalized before CIDR expansion -- the scheme is stripped, the host is used for host processing, and any port in the URL is merged into the port scan list.
Individual hosts and multiple targets are also supported:
./aipostex discover network --target 10.0.0.5
./aipostex discover network --target 10.0.0.0/24 --target 192.168.1.0/24
Auto-Scan¶
By default, discover network runs vulnerability templates against discovered services (--auto-scan=true). This:
- Maps discovered services to relevant template tags (see table below)
- Loads and filters templates
- Executes matching templates against each discovered service URL
- Deduplicates results
When --tags is provided, user-specified tags replace the auto-detected service tags entirely. Only templates matching the user-provided tags will run, regardless of which services were discovered.
To fingerprint only (no template scanning):
Service-to-Tag Mapping¶
Discovered services are mapped to template tags for auto-scan filtering:
| Detected Service | Template Tags |
|---|---|
| ollama | ollama |
| chromadb | chromadb, vectordb |
| weaviate | weaviate, vectordb |
| qdrant | qdrant, vectordb |
| jupyter | jupyter |
| mcp-sse | mcp |
| mcp-inspector | mcp |
| vllm | vllm, openai |
| litellm | openai |
| localai | openai |
| lmstudio | openai |
| openai-compatible | openai |
| ray | ray |
| mlflow | mlflow |
| gradio | gradio |
Deduplication¶
Fingerprint results are deduplicated per URL+service, with all services per port preserved. Multi-result scanning means each host:port can return multiple detected services.
Vulnerability findings from auto-scan are further deduplicated using the standard finding deduplication (by source, template ID, target, title, severity).
Workflow Output¶
For each discovered service, discover network generates workflow recommendations grouped by host:port. Read-only commands appear first, followed by gated commands:
── Next Actions ────────────────────────────────────────────
10.0.0.5:11434
aipostex ollama --target http://10.0.0.5:11434 enum
aipostex ollama --target http://10.0.0.5:11434 prompts
aipostex ollama --target http://10.0.0.5:11434 show --model <model>
10.0.0.6:8000
aipostex vectordb --target http://10.0.0.6:8000 --type chromadb enum
aipostex vectordb --target http://10.0.0.6:8000 --type chromadb search-sensitive
Gated (require --force-exploit):
aipostex ollama --target http://10.0.0.5:11434 poison ...
In console mode, findings are also grouped by host with detected service names in each host header, sorted by severity (critical first). Fingerprint INFO findings are folded into the host header rather than displayed individually.
These recommendations are also preserved in metadata.workflow on the corresponding findings in JSON/JSONL output.