概述

RedPincer — AI/LLM Red Team Suite

Automated security testing for language models. Point at any LLM API endpoint, select attack modules, and run assessments with real-time results and exportable reports.

> ⚠️ For authorized security testing and research only. Only test systems you own or have explicit permission to audit.

Quick Start

# Clone and install
git clone https://github.com/rustyorb/pincer.git {baseDir}/redpincer
cd {baseDir}/redpincer
npm ci

# Run
npm run dev
# Dashboard at http://localhost:3000

For production:

npm run build
npx next start -H 0.0.0.0 -p 3000

What It Tests

Category	Payloads	Description
:---------	:--------:	:------------
💉 Prompt Injection	40	Instruction override, delimiter confusion, indirect injection, payload smuggling
🔓 Jailbreak	40	Persona splitting, gradual escalation, hypothetical framing, roleplay exploitation
🔍 Data Extraction	40	System prompt theft, training data probing, membership inference, embedding extraction
🛡️ Guardrail Bypass	40	Output filter evasion, multi-language bypass, homoglyph tricks, context overflow

Total: 160 base payloads × 20 variant transforms = 3,200 test permutations

Supported Providers

OpenAI  ·  Anthropic  ·  OpenRouter  ·  Any OpenAI-compatible endpoint

Features

Attack Engine

160+ payloads across 4 categories
Model-specific attacks (GPT, Claude, Llama variants)
20 variant transforms (unicode, encoding, case rotation, etc.)
Attack chaining with template variables ({{previous_response}})
AI-powered payload generation — uses the target LLM to generate novel attacks against itself
Stop/cancel running attacks instantly

Analysis & Reporting

Heuristic response classifier with context-aware analysis
Reduced false positives — detects "explain then refuse" patterns
Vulnerability heatmap — visual category × severity matrix
Custom scoring rubrics with weighted grades (A+ to F)
Verbose 10-section pen-test reports with appendices
Multi-target comparison — side-by-side security profiles
Regression testing — save baselines, track fixes over time

Advanced Tools

Tool	What It Does
:-----	:-------------
Compare	Same payloads against 2-4 targets simultaneously
Adaptive	Analyzes weaknesses, generates targeted follow-ups
Heatmap	Visual matrix of vulnerability rates by category/severity
Regression	Save baseline → re-run later → detect fixes or regressions
Scoring	Custom rubrics with weighted category/severity/classification scores
Chains	Multi-step attacks with `{{previous_response}}` templates
Payload Editor	Create custom payloads with syntax highlighting + AI generation

Usage Workflow

1. Configure Target → Add LLM endpoint + API key + model
2. Select Categories → Pick attack types to test
3. Run Attack      → Stream results in real-time
4. Review Results  → Heuristic classification + severity scores
5. Adaptive        → Auto-generate follow-up attacks on weaknesses
6. Generate Report → Export comprehensive findings as Markdown

Architecture

All client-side — no server components, your API keys stay local
NDJSON streaming — real-time results during attack runs
Heuristic analysis — pattern-matching classifier (no LLM-based grading = no extra cost)
Zustand + localStorage — state persists across sessions

Companion Tool: RedClaw

For autonomous multi-strategy campaigns (CLI/TUI), see RedClaw — the autonomous red-teaming agent framework.

RedPincer = web dashboard, manual + automated testing
RedClaw = autonomous CLI agent, adaptive multi-strategy campaigns
Together = complete LLM security testing suite

Built by @rustyorb — Crack open those guardrails. 🦞

版本历史

共 1 个版本

v1.0.0 当前

2026-03-29 18:51 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)