LENS

🌐 Project Homepage

An ethical framework for self-hosted LLM service security risk Exploration and Exploitation

🎯 Overview

This framework provides a systematic approach to:

• Discover LLM services and endpoints across the internet
• Probe API endpoints for potential vulnerabilities
• Assess security risks
• Exploit identified vulnerabilities based on interpretable attack graphs
• Report findings with detailed analysis and visualizations

🏗️ Architecture

The framework is organized into 5 main phases:

📁 _01_discovery/          # Asset Discovery
📁 _02_probing/            # Endpoint Probing  
📁 _03_assessment/         # Vulnerability Assessment
📁 _04_exploitation/       # Exploit
📁 _05_reporting/          # Results Analysis & Reporting

Intelligence Libraries

• 📁 _02_probing/API Endpoint/ - API endpoint intelligence database
• 📁 _03_assessment/AttackPatternIntelligence/ - CAPEC Attack pattern knowledge database
• 📁 _03_assessment/CVE_Related/ - CVE vulnerability database

🛠️ Installation

Prerequisites

• Python 3.8+
• Windows/Linux/macOS

1. Clone the Repository

git clone <repository-url>
cd LENS

2. Install Dependencies

pip install -r requirements.txt

3. Configuration

Edit the configuration files in the core/ directory:

• core/config.py - Main configuration settings. Set the api key for the FOFA engine.

🚀 Usage

Quick Start - Full Pipeline

🔑 One-click execution of the complete framework:

# Windows
_00_run_pipeline.bat

# Linux/macOS  
python _00_run_complete_pipeline.py

🤖 This will execute all phases sequentially and generate comprehensive reports.

Phase-by-Phase Execution

Phase 1 Discovery Only

🔍 Experience the discovery phase to understand asset identification:

python _01_run_phase1_discovery.py

This phase includes:

• FOFA search for LLM services
• Aliveness verification
• Asset deduplication

Individual Module Execution

🎯 Run specific components for targeted analysis, for example:

# Probing modules  
python _02_probing/_02public_api_endpoint_probe.py

⚠️ Ethical Usage

This framework is designed for:

• Security Research - Academic and professional security analysis
• Authorized Testing - Penetration testing with proper authorization
• Defensive Purposes - Improving organizational security posture

⚠️ Important: Only use the full framework on systems you own or have explicit permission to test. Unauthorized testing is illegal and unethical.

📚 Citation

If you find this work useful, please cite our paper:

@inproceedings{liu2026lens,
  author    = {Liu, Zhihuang and Hu, Ling and Tang, Yonghao and Zhou, Tongqing and Liu, Fang and Cai, Zhiping},
  title     = {Exploring and Exploiting Security Vulnerabilities in Self-Hosted LLM Services},
  booktitle = {Proceedings of The Web Conference 2026 (WWW'26)},
  year      = {2026},
}