Share 
## https://sploitus.com/exploit?id=C9229595-56AA-537C-BB8E-E4AA8A4F81D5
# πŸ”₯ Ember

> AI systems burn brightly but hide their secrets. Ember reveals the truth hidden in ashes. A five-layer attack-defense-integration security toolkit. Built based on [CL4R1T4S](https://github.com/elder-plinius/CL4R1T4S) (29.5k β˜…), which includes all leaked AI system prompts, OWASP Top 10, and practical experience from building modules for Oasis 18. **Defense**: Automatically scan your APIs, network, and hosts for vulnerabilities, generating HTML reports with one click. **Attack**: The AI injection engine includes 5 types of injection techniques and a library of model-bypass strategies, validated by the Pliny community. ## Get started quickly

```bash
git clone https://github.com/exergyleizhou-ux/ember.git
cd ember

# Perform a full scan
python3 run.py --target http://localhost:8080/api/v1

# Full scan (including payload injection, network, and AI attack matrices)
python3 run.py --target https://your-server.com/api/v1 --full

# Only analyze AI attack surfaces (hacker knowledge base)
python3 ai/inject.py --matrix

# Generate an injection script targeting Claude
python3 ai/inject.py -t role-reversal -m Claude
```

## Five-layer detection

| Layer | Module | Capabilities |
|------|---------|--------------|
| **API scanning** | `scanner/scanner.py` | Authentication bypass Β· Permission escalation Β· Throttling issues Β· IDOR Β· Information leakage |
| **Payload injection** | `payloads/engine.py` | SQLi (10) Β· XSS (9) Β· JWT (3) Β· PathTraversal (8) Β· SSRF (7) |
| **Network scanning** | `network/scan.py` | SSL/TLS weak encryption detection Β· Port exposure scanning (PG/Redis/SSH) |
| **AI firewall** | `ai/probe.py` | Comparison of 6 model-prohibited topics Β· Probe prediction Β· Common blind spots detection |
| **AI injection engine** | `ai/inject.py` | 5 types of injection techniques Β· Model-bypass library Β· Attack surface matrix Β· Ability to generate executable injection scripts |

## Project structure

```
ember/
β”œβ”€β”€ run.py              ← Unified launcher, generates HTML reports with one click
β”œβ”€β”€ scanner/            ← API security scanning engine
β”œβ”€β”€ payloads/           ← SQLi/XSS/JWT/PathTrav/SSRF injection libraries
β”œβ”€β”€ network/            ← SSL/TLS + port scanning
β”œβ”€β”€ ai/
β”‚   β”œβ”€β”€ probe.py        ← AI Prompt firewall detector
β”‚   └── inject.py       ← AI Prompt injection engine (5 types of techniques)
β”œβ”€β”€ reports/            ← JSON scan reports
└── html/               ← HTML visualization reports
```

## Why called Ember?

The project of Pliny is called CL4R1T4S (Claritas, Latin for β€œclarity”). Ember represents a dying emberβ€”unassuming, yet continuously burning. The instructions hidden behind AI systems are not shown to you; Ember reveals the truth within the ashes.