AI/LLM Infrastructure Hunt & Assessment Platform
github.com/Nicholas-Kloster/VisorPlus · @nuclide
VisorPlus is a unified CLI that orchestrates the full Nuclide AI/LLM security assessment workflow in a single command. It combines JAXEN, VisorSD, VisorCorpus, BARE, and aimap into one cohesive chain — from initial Shodan discovery all the way to adversarial corpus generation.
git clone https://github.com/Nicholas-Kloster/VisorPlus.git
cd VisorPlus
go build -o visorplus .
# Install all dependent Nuclide tools in one step
./visorplus installRequires: Go 1.21+, Shodan API key
VisorPlus runs the complete AI/LLM security assessment workflow:
VisorSD audit → discover beginner-stack exposure queries
Shodan hunt → harvest live hosts (via JAXEN)
/api/tags sweep → enumerate models on every found host
Red-flag detection → abliterated models, offensive AI brands, cloud quota exposure
Target assess → nmap + whois + SSH keys + passive intel (GreyNoise, Shodan, DNSBL)
VisorCorpus → generate adversarial LLM prompt corpus for any live endpoint
# Set your Shodan key
export SHODAN_API_KEY="your_key_here"
# Run the full workflow end-to-end
./visorplus full
# Or with a specific dork
./visorplus full 'http.html:"Ollama is running" -port:443'
# Scope to a target org or network
./visorplus full -org "Acme Corp"
./visorplus full -asn AS48090
./visorplus full -net 93.123.0.0/16./visorplus installClones and builds JAXEN, VisorSD, VisorCorpus, BARE, and aimap into ~/Tools/. Prompts for your Shodan key if not already configured.
./visorplus audit # global scan, all AI/LLM categories
./visorplus audit -dry-run # preview queries, no credits spent
./visorplus audit -org "Acme" # scope to org
./visorplus audit -format json -out results.jsonRuns VisorSD's ~20 hardcoded AI/LLM infra queries, severity-ranked CRITICAL → LOW.
./visorplus hunt 'http.html:"Ollama is running" -port:443'
./visorplus hunt 'http.title:"Open WebUI"' -out ./my-runHarvests up to 40 CDN-filtered hosts into empire.db + exports recon_dump.json and summary.csv.
./visorplus enum 93.123.109.107
./visorplus enum 93.123.109.107:11434Calls /api/version, /api/tags, and /api/ps on a single host. Flags:
- Safety-stripped / abliterated models —
huihui_ai/*-abliterated - Offensive AI brands —
hexstrike-ai, etc. - Cloud-proxied models — operator's paid quota exposed to anyone
- RAG stacks — embed + chat models coresident
./visorplus assess 93.123.109.107
./visorplus assess 93.123.109.107 -out ./evidenceRuns the complete passive assessment chain:
whois+ reverse DNSnmaptop-1000 TCP (version + scripts)ssh-keyscan— host key fingerprints- GreyNoise community classification
- Shodan host detail (all ports + banners)
- HackerTarget passive DNS history
- Spamhaus DNSBL check
- Ollama
/api/tags+/api/show(system prompt extraction) - BARE exploit matching against Metasploit corpus
All artifacts saved to <out>/<ip>/.
./visorplus corpus # beginner (100 cases)
./visorplus corpus -tier intermediate # 600 cases
./visorplus corpus -tier advanced # 5000+ cases (forged)Generates structured attack cases across 8 categories:
prompt_injection, kb_exfiltration, jailbreak, system_prompt,
infra_discovery, tenant_cross_leak, kb_instructions, benign_control
Each case includes expect blocks for automated pass/fail evaluation.
./visorplus full # default Ollama dork
./visorplus full 'http.title:"Open WebUI"' # custom dork
./visorplus full -org "Acme Corp" # org-scoped
./visorplus full -skip audit,corpus # skip specific phasesRuns all 5 phases in sequence:
- VisorSD dry-run (beginner stack preview)
- Shodan count + JAXEN harvest
/api/tagssweep across all found hosts, red-flag detection- Interactive: choose a target IP for full
assess - Adversarial corpus generation
visorplus-run/
hunt/
recon_dump.json — full Shodan banners
summary.csv — compact host list
assess/
<ip>/
whois.txt
rdns.txt
nmap_top1000.txt
ssh_keys.txt
greynoise.json
shodan_host.json
passive_dns.txt
dnsbl.txt
corpora/
beginner.json
intermediate.json (if tier >= intermediate)
advanced.json (if tier = advanced)
VisorPlus automatically flags models during enumeration:
| Pattern | Signal |
|---|---|
*-abliterated |
Safety-stripped weights |
hexstrike-ai |
Offensive AI orchestrator brand |
*-uncensored |
Uncensored fine-tune |
*:cloud |
Operator's paid cloud quota exposed unauthenticated |
| embed + chat coresident | RAG stack (vector DB likely co-located) |
From the AI-LLM-Infrastructure-OSINT catalogue:
| Component | Dork | Hits (2026-04-30) |
|---|---|---|
| Ollama | http.html:"Ollama is running" -port:443 |
26,580 |
| Ollama (broad) | product:Ollama |
26,755 |
| Open WebUI | http.html:"open-webui" |
19,549 |
| n8n | http.title:"n8n" |
370 |
| ChromaDB | "chromadb" |
46 |
VisorPlus orchestrates these tools — install them individually or via visorplus install:
| Tool | Role |
|---|---|
| JAXEN | Shodan harvest + empire.db persistence |
| VisorSD | Severity-ranked AI/LLM stack audit |
| VisorCorpus | Adversarial LLM prompt corpus |
| BARE | Semantic exploit matching (Metasploit) |
| aimap | Active AI/ML service enumerator |
| AI-LLM-Infrastructure-OSINT | Verified Shodan dork catalogue |
VisorPlus orchestrates the entire NuClide AI/LLM hunt workflow — use Claude Code to drive it intelligently across a target.
I have VisorPlus installed at ~/Tools/VisorPlus/. Read README.md, then:
1. Run ./visorplus full against [target: IP/CIDR/org/ASN] and help me interpret the output
2. Flag any red-model patterns (abliterated, cloud-proxied, offensive AI brands) and prioritize them
3. After assessment, help me draft the disclosure write-up for the highest-severity finding
Target: [paste here]
I have a set of Ollama model names from ./visorplus enum [IP].
Read tools/ollama-model-injection.md in AI-LLM-Infrastructure-OSINT, then tell me:
- Which models are injectable via /api/create
- Whether any cloud proxy models are present (quota hijack risk)
- What the highest-impact injection scenario is for this specific target
Model list: [paste ./visorplus enum output here]
MIT — see LICENSE