1ncendium/aibuster

aibuster is a reconnaissance tool for offensive security work that looks for AI-related services on a network. You point it at one or more web URLs, and it probes each one for things like AI agent description files, MCP servers, OpenAPI documentation, health endpoints, and a list of about 23 specific AI and machine-learning services such as Triton, TorchServe, vLLM, Ollama, Ray, MLflow, Airflow, Qdrant, Weaviate, Milvus, and LiteLLM. The output is a single JSON file and a web dashboard to triage what was found. The README is careful to call the tool domain-agnostic. It does not try to guess what a target is for; it only reports the kind of capability surface each service exposes, using generic buckets like database, code execution, filesystem, network, and secrets. Each finding gets a numeric score and a level from info up to critical. The tool also classifies sensitive endpoints as open, protected, or unknown by watching the HTTP status codes, and shows a red UNAUTH or green AUTH pill in the dashboard. For MCP servers it does a real JSON-RPC handshake, tracks the session header, and asks for the list of tools, resources, and prompts. For Agent-to-Agent discovery it reads the well-known agent.json files and parses the declared skills. When a target looks like an orchestrator, the UI draws an SVG flow diagram tying it to its downstream agents from the same report. The tool ships as a small Python project with only two runtime dependencies, httpx and Flask, and also as a Docker image. The README walks through scanning a single target, scanning a list of targets from a file, and a --scan-ports option that fans a bare host out across every default port the signature database knows about. After a scan, the same command can serve a Material 3 web UI on port 8088. The README does not name a license in the shown portion.