Skip to content
View SnailSploit's full-sized avatar
🐌
Same attack. Different substrate.
🐌
Same attack. Different substrate.
16 followers · 3 following

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Highlights

Block or report SnailSploit

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
SnailSploit/README.md

SnailSploit Banner

SnailSploit

GenAI Security Researcher · AI Red Teamer · Offensive Security Writer

Website The Jailbreak Chef LinkedIn

I'm Kai Aizen — independent security researcher focused on adversarial AI, LLM red teaming, and the intersection of social engineering and prompt injection. I build frameworks and tooling for structured AI safety testing.

Creator of AATMF · Author of Adversarial Minds · 8 CVEs · Linux kernel contributor · Hakin9 Contributing Author

🔴 Frameworks & Tooling

Project Description
AATMF v3.1 Adversarial AI Threat Modeling Framework — 20 tactics, ~240 techniques. Maps to OWASP LLM Top-10, NIST AI RMF, MITRE ATLAS. AATMF
AATMF Red Teaming Toolkit Python CLI for systematic LLM safety testing — three-layer eval pipeline, defense fingerprinting, decay tracking, attack chain planning. NEW
LLM Red Teamer's Playbook Diagnostic methodology for bypassing LLM defense layers — input filters → alignment → identity → output → agentic trust.

🧪 Experiments & PoCs

Project Description
ChatGPT-DNS-Exfill DNS exfiltration via ChatGPT Canvas — rendered content triggers DNS lookups without HTTP requests.
chatgpt-rce-dns DNS exfiltration and Python Pickle RCE attack chains in AI code execution sandboxes.

🛠️ Offensive Tools

Tool Description
Burp MCP Toolkit MCP security analysis for Burp Suite — prompt injection and tool poisoning testing via Model Context Protocol.
SnailHunter AI-powered bug bounty automation — LLM analysis combined with traditional security scanning.
KubeRoast Red-team Kubernetes misconfiguration and attack-path scanner.
Xposure Autonomous credential intelligence platform for attack surface recon.
SnailSploit Recon Chrome MV3 extension for passive recon and bug bounty automation.
ZenFlood Low-bandwidth stress testing — modernized Slowloris.
Claude-Red Curated offensive security skills library for the Claude skills system.
SnailObfuscator Structurally-aware code obfuscation engine.

🛡️ CVEs

CVE Target Type Severity
CVE-2026-3288 ingress-nginx Config Injection → RCE High (8.8)
CVE-2026-31899 CairoSVG Exponential DoS — recursive amplification High (7.5)
CVE-2025-9776 CatFolders SQL Injection via CSV Import Medium (6.5)
CVE-2025-12163 OmniPress Stored XSS Medium (6.4)
CVE-2025-11171 Chartify Missing Authentication Medium (5.3)
CVE-2025-11174 Document Library Lite Unauth Info Disclosure Medium (5.3)
CVE-2025-12030 ACF to REST API IDOR Medium (4.3)
CVE-2026-1208 Welcart CSRF to Settings Update Medium (4.3)

🔓 Security Advisories

Advisory Target Type Severity
GHSA-j425-whc4-4jgc OpenClaw (309k⭐) system.run env override RCE — allowlist bypass via GIT_SSH_COMMAND, editor hooks, GIT_CONFIG_* Medium (6.3)

🐧 Kernel Research

Finding Component Type Status
io_uring/zcrx Race Condition Linux kernel io_uring/zcrx Race Condition → Double-Free → OOB Write Upstream, backported to v6.18.16

SnailSploit

Pinned Loading

  1. AATMF-Adversarial-AI-Threat-Modeling-Framework AATMF-Adversarial-AI-Threat-Modeling-Framework Public

    AATMF | An Open Source - Adversarial AI Threat Modeling Framework

    YARA 7 1

  2. ChatGPT-DNS-Exfill ChatGPT-DNS-Exfill Public

    This repository documents a controlled research experiment that demonstrates how DNS lookups triggered by rendered content can be used to exfiltrate data. The technique leverages the browser's auto…

  3. KubeRoast_v1 KubeRoast_v1 Public

    From-scratch, red-team–oriented Kubernetes misconfiguration & attack-path scanner. Fast, readable, and opinionated toward real-world escalation paths.

    Python 1

  4. Xposure Xposure Public

    fully autonomous credential intelligence platform that discovers, │ │ extracts, correlates, verifies, and reports exposed secrets across your │ │ target's entire attack surface.

    Python

  5. The-LLM-Red-Teamer-s-Playbook The-LLM-Red-Teamer-s-Playbook Public

    A diagnostic methodology for bypassing LLM defense layers — from input filters to persistent memory exploitation.

    18 2

  6. SnailSploit_Recon_extension SnailSploit_Recon_extension Public

    SnailSploit Recon is a passive collector. It silently captures everything as you browse — scripts, API calls, forms, headers, cookies, redirects — and correlates them into prioritized attack leads …

    JavaScript