Skip to content
View SnailSploit's full-sized avatar
🐌
Same attack. Different substrate.
🐌
Same attack. Different substrate.
19 followers · 4 following

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Highlights

Block or report SnailSploit

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
SnailSploit/README.md

SnailSploit Banner

SnailSploit

GenAI Security Researcher · AI Red Teamer · Offensive Security Writer

Website The Jailbreak Chef LinkedIn

I'm Kai Aizen — independent security researcher focused on adversarial AI, LLM red teaming, and the intersection of social engineering and prompt injection. I build frameworks and tooling for structured AI safety testing.

Creator of AATMF · Author of Adversarial Minds · 22 CVEs · Linux kernel contributor · Hakin9 Contributing Author

🛡️ CVEs — 22 Published

🟣 Critical Severity

# CVE Target Type CVSS
1 CVE-2026-3596 Riaxe Product Customizer (WP) Missing Authorization → Unauthenticated Arbitrary Options Update → Privilege Escalation via install-imprint AJAX action 9.8

🔴 High Severity

# CVE Target Type CVSS
2 CVE-2026-3288 Kubernetes ingress-nginx Config Injection → RCE 8.8
3 CVE-2026-1313 MimeTypes Link Icons (WP) SSRF via crafted post content 8.3
4 CVE-2026-30911 Apache Airflow Core Missing Authorization — HITL Endpoints (v3.1.0–3.1.7) 8.1
5 CVE-2026-31899 CairoSVG Exponential DoS — recursive <use> amplification 7.5
6 CVE-2026-3599 Riaxe Product Customizer (WP) Unauthenticated SQL Injection via options parameter keys in product-data 7.5
7 CVE-2026-32809 ouch-org/ouch Symlink escape → arbitrary file overwrite 7.4
8 (pending) TelSender (WP) Unauthenticated Stored XSS via Telegram Chat Title 7.2

🟡 Medium Severity

# CVE Target Type CVSS
9 CVE-2025-9776 CatFolders (WP) SQL Injection via CSV Import 6.5
10 CVE-2026-33693 Lemmy / activitypub-federation-rust SSRF — 0.0.0.0 bypass 6.5
11 CVE-2026-32885 ddev/ddev ZipSlip path traversal in archive extraction 6.5
12 CVE-2025-12163 Omnipress (WP) Stored XSS 6.4
13 CVE-2026-0811 Advanced CF7 DB (WP) CSRF → Form Entry Deletion 5.4
14 CVE-2026-1314 3D FlipBook (WP) Missing Auth → Data Exposure 5.3
15 CVE-2026-3594 Riaxe Product Customizer (WP) Unauthenticated Info Disclosure via /orders 5.3
16 CVE-2026-3595 Riaxe Product Customizer (WP) Unauthenticated Arbitrary User Deletion via user_id parameter 5.3
17 CVE-2025-11171 Chartify (WP) Missing Authentication for Admin Function 5.3
18 CVE-2025-11174 Document Library Lite (WP) Missing Auth → Info Disclosure 5.3
19 CVE-2026-32794 Apache Airflow Databricks Provider TLS Certificate Verification Bypass → MitM 4.8
20 CVE-2026-0814 Advanced CF7 DB (WP) Missing Auth → Subscriber+ Export 4.3
21 CVE-2025-12030 ACF to REST API (WP) IDOR → Contributor+ Field Modification 4.3
22 CVE-2026-1208 Welcart (WP) CSRF → Settings Update 4.3

🔓 Security Advisories (GHSAs)

Advisory Target Type Severity
GHSA-j425-whc4-4jgc OpenClaw (309k ⭐) system.run env override RCE — allowlist bypass via GIT_SSH_COMMAND, editor hooks, GIT_CONFIG_* Medium (6.3)
GHSA-9jmq-9m65-3fhx dagster-io/dagster Arbitrary code exec via pickle deserialization in IO managers + Databricks
GHSA-pph4-qh43-9qm6 vllm-project/vllm RCE via unauthenticated TCPStore Pickle deserialization (V1 Engine)
GHSA-gwmc-ch8w-qhx5 vllm-project/vllm RCE via TCPStore Pickle deserialization (StatelessProcessGroup)
GHSA-c64x-w74w-4h53 FlowiseAI/Flowise Unauthenticated code exec via prediction API auth whitelist bypass
GHSA-9vqm-j6v3-2xr4 juspay/hyperswitch SSRF via merchant webhook URL
GHSA-f38f-5xpm-9r7c CairoSVG Exponential DoS — recursive <use> element amplification High (7.5)

🐧 Kernel Research

Finding Component Type Status
io_uring/zcrx Race Condition Linux kernel io_uring/zcrx Race Condition → Double-Free → OOB Write Upstream, backported to v6.18.16 + v6.19

🔧 Merged Security Fixes

PR Target Type Status
concourse/concourse#9486 Concourse CI Symlink breakout — unvalidated symlink targets in tar extraction ✅ Merged, shipped in v8.1.1

🔴 Frameworks & Tooling

Project Description
AATMF v3.1 Adversarial AI Threat Modeling Framework — 20 tactics, ~240 techniques. Maps to OWASP LLM Top-10, NIST AI RMF, MITRE ATLAS. AATMF
AATMF Red Teaming Toolkit Python CLI for systematic LLM safety testing — three-layer eval pipeline, defense fingerprinting, decay tracking, attack chain planning. NEW
LLM Red Teamer's Playbook Diagnostic methodology for bypassing LLM defense layers — input filters → alignment → identity → output → agentic trust.

🧪 Experiments & PoCs

Project Description
ChatGPT-DNS-Exfill DNS exfiltration via ChatGPT Canvas — rendered content triggers DNS lookups without HTTP requests.
chatgpt-rce-dns DNS exfiltration and Python Pickle RCE attack chains in AI code execution sandboxes.

🛠️ Offensive Tools

Tool Description
Burp MCP Toolkit MCP security analysis for Burp Suite — prompt injection and tool poisoning testing via Model Context Protocol.
SnailHunter AI-powered bug bounty automation — LLM analysis combined with traditional security scanning.
KubeRoast Red-team Kubernetes misconfiguration and attack-path scanner.
Xposure Autonomous credential intelligence platform for attack surface recon.
SnailSploit Recon Chrome MV3 extension for passive recon and bug bounty automation.
ZenFlood Low-bandwidth stress testing — modernized Slowloris.
Claude-Red Curated offensive security skills library for the Claude skills system.
SnailObfuscator Structurally-aware code obfuscation engine.

SnailSploit

Pinned Loading

  1. AATMF-Adversarial-AI-Threat-Modeling-Framework AATMF-Adversarial-AI-Threat-Modeling-Framework Public

    AATMF | An Open Source - Adversarial AI Threat Modeling Framework

    YARA 7 3

  2. ChatGPT-DNS-Exfill ChatGPT-DNS-Exfill Public

    This repository documents a controlled research experiment that demonstrates how DNS lookups triggered by rendered content can be used to exfiltrate data. The technique leverages the browser's auto…

  3. KubeRoast_v1 KubeRoast_v1 Public

    From-scratch, red-team–oriented Kubernetes misconfiguration & attack-path scanner. Fast, readable, and opinionated toward real-world escalation paths.

    Python 1

  4. Xposure Xposure Public

    fully autonomous credential intelligence platform that discovers, │ │ extracts, correlates, verifies, and reports exposed secrets across your │ │ target's entire attack surface.

    Python

  5. The-LLM-Red-Teamer-s-Playbook The-LLM-Red-Teamer-s-Playbook Public

    A diagnostic methodology for bypassing LLM defense layers — from input filters to persistent memory exploitation.

    20 4

  6. SnailSploit_Recon_extension SnailSploit_Recon_extension Public

    SnailSploit Recon is a passive collector. It silently captures everything as you browse — scripts, API calls, forms, headers, cookies, redirects — and correlates them into prioritized attack leads …

    JavaScript