Analysis updated 2026-06-24
Sweep an internal network for exposed AI model servers and vector databases
Enumerate MCP server tools and resources during a pentest
Triage discovered AI services in a web UI with severity scoring
Diff scan reports across time to spot newly exposed AI endpoints
| 1ncendium/aibuster | aaronmayeux/ha-hurricane-tracker | benchflow-ai/mockflow | |
|---|---|---|---|
| Stars | 5 | 5 | 5 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 2/5 | 4/5 |
| Audience | ops devops | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Needs Python 3.10+ or Docker, plus permission to scan the target network.
aibuster is a reconnaissance tool for offensive security work that looks for AI-related services on a network. You point it at one or more web URLs, and it probes each one for things like AI agent description files, MCP servers, OpenAPI documentation, health endpoints, and a list of about 23 specific AI and machine-learning services such as Triton, TorchServe, vLLM, Ollama, Ray, MLflow, Airflow, Qdrant, Weaviate, Milvus, and LiteLLM. The output is a single JSON file and a web dashboard to triage what was found. The README is careful to call the tool domain-agnostic. It does not try to guess what a target is for, it only reports the kind of capability surface each service exposes, using generic buckets like database, code execution, filesystem, network, and secrets. Each finding gets a numeric score and a level from info up to critical. The tool also classifies sensitive endpoints as open, protected, or unknown by watching the HTTP status codes, and shows a red UNAUTH or green AUTH pill in the dashboard. For MCP servers it does a real JSON-RPC handshake, tracks the session header, and asks for the list of tools, resources, and prompts. For Agent-to-Agent discovery it reads the well-known agent.json files and parses the declared skills. When a target looks like an orchestrator, the UI draws an SVG flow diagram tying it to its downstream agents from the same report. The tool ships as a small Python project with only two runtime dependencies, httpx and Flask, and also as a Docker image. The README walks through scanning a single target, scanning a list of targets from a file, and a --scan-ports option that fans a bare host out across every default port the signature database knows about. After a scan, the same command can serve a Material 3 web UI on port 8088. The README does not name a license in the shown portion.
Offensive-security recon CLI that scans URLs for AI agents, MCP servers, and 23+ AI/ML services, then triages findings in a JSON report and a Material 3 web UI.
Mainly Python. The stack also includes Python, httpx, Flask.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.