src

package
v0.0.0-...-ee075e7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2026 License: Apache-2.0, Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BotRegistry = []BotSignature{
	{BotOpenAI, []string{"gptbot", "chatgpt", "openai"}},
	{BotAnthropic, []string{"claude", "anthropic"}},
	{BotGoogle, []string{"google", "gemini", "vertex"}},
	{BotMeta, []string{"facebookexternalhit", "meta", "llama"}},
	{BotAmazon, []string{"amazon", "aws"}},
	{BotApple, []string{"applebot"}},
	{BotMicrosoft, []string{"bing", "msnbot", "copilot"}},
	{BotMistral, []string{"mistral"}},
	{BotCommon, []string{"bot", "crawler", "spider", "scrape"}},
}

BotRegistry defines the mapping of bot entities to their User-Agent signatures. Order matters: Specific bots should be checked before generic ones.

View Source 
var VendorRegistry = []VendorMatcher{
	{"openai", BotOpenAI},
	{"anthropic", BotAnthropic},
	{"google", BotGoogle},
	{"meta", BotMeta},
	{"amazon", BotAmazon},
	{"apple", BotApple},
	{"microsoft", BotMicrosoft},
	{"mistral", BotMistral},
}

VendorRegistry maps directory names to BotEntities.

Functions

func AsciiSmuggleInjection 

func AsciiSmuggleInjection(content string, opts semantic.AsciiSmuggleOptions) string

func AttributeInjection 

func AttributeInjection(content string) string

func CSSCommentInjection 

func CSSCommentInjection(content string) string

func GenerateCSSClassName 

func GenerateCSSClassName(debug bool) string

GenerateCSSClassName generates a class name. If debug is true, it uses "llmon-" prefix. Otherwise, it uses a random prefix and a realistic suffix.

func GenerateHidingStyles 

func GenerateHidingStyles(className string, strategy HidingStrategy) string

GenerateHidingStyles generates the CSS content to hide an element with the given className. It avoids using "display: none".

func GenerateRandomClassPrefix 

func GenerateRandomClassPrefix() string

GenerateRandomClassPrefix creates a random alphanumeric string of length 4-8.

func GenerateRandomHidingStyles 

func GenerateRandomHidingStyles(className string) string

GenerateRandomHidingStyles picks a random strategy and returns the CSS.

func GhostTextInjection 

func GhostTextInjection(content string) string

func HTMLCommentInjection 

func HTMLCommentInjection(content string) string

func InvisibleInjection 

func InvisibleInjection(content string) string

func ParseCaddyfile 

func ParseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error)

ParseCaddyfile parses the llmon directive.

func ScriptTextInjection 

func ScriptTextInjection(content string, debug bool) string

func TextareaInjection 

func TextareaInjection(content string, className string, debug bool) string

func TitleInjection 

func TitleInjection(originalTitle, injection string) string

Types

type ASCIISmuggleInterleavedStrategy 

type ASCIISmuggleInterleavedStrategy struct{}

ASCIISmuggleInterleavedStrategy

func (*ASCIISmuggleInterleavedStrategy) Apply 

func (s *ASCIISmuggleInterleavedStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*ASCIISmuggleInterleavedStrategy) IsApplicable 

func (s *ASCIISmuggleInterleavedStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*ASCIISmuggleInterleavedStrategy) Name 

func (s *ASCIISmuggleInterleavedStrategy) Name() string

type ASCIISmuggleStrategy 

type ASCIISmuggleStrategy struct{}

ASCIISmuggleStrategy

func (*ASCIISmuggleStrategy) Apply 

func (s *ASCIISmuggleStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*ASCIISmuggleStrategy) IsApplicable 

func (s *ASCIISmuggleStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*ASCIISmuggleStrategy) Name 

func (s *ASCIISmuggleStrategy) Name() string

type AsciiSmuggleConfig 

type AsciiSmuggleConfig struct {
	Mode           string `json:"mode,omitempty"`
	VisibleCarrier string `json:"visible_carrier,omitempty"`
	AddTags        *bool  `json:"add_tags,omitempty"`
	VariantOffset  *int   `json:"variant_offset,omitempty"`
	BinaryZero     string `json:"binary_zero,omitempty"`
	BinaryOne      string `json:"binary_one,omitempty"`
}

AsciiSmuggleConfig defines options for ASCII smuggling steganography.

type AttributeStrategy 

type AttributeStrategy struct{}

AttributeStrategy

func (*AttributeStrategy) Apply 

func (s *AttributeStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*AttributeStrategy) IsApplicable 

func (s *AttributeStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*AttributeStrategy) Name 

func (s *AttributeStrategy) Name() string

type BotEntity 

type BotEntity string

BotEntity represents a known AI crawler/bot entity. 

const (
	BotUnknown   BotEntity = "unknown"
	BotOpenAI    BotEntity = "openai"
	BotAnthropic BotEntity = "anthropic"
	BotGoogle    BotEntity = "google"
	BotMeta      BotEntity = "meta"
	BotAmazon    BotEntity = "amazon"
	BotApple     BotEntity = "apple"
	BotMicrosoft BotEntity = "microsoft"
	BotMistral   BotEntity = "mistral"
	BotCommon    BotEntity = "common" // Fallback for generic bots
)

func DetectBotEntity 

func DetectBotEntity(userAgent string) BotEntity

DetectBotEntity identifies the bot entity from the User-Agent string.

type BotSignature 

type BotSignature struct {
	Entity BotEntity
	Terms  []string
}

type CSSCommentStrategy 

type CSSCommentStrategy struct{}

CSSCommentStrategy

func (*CSSCommentStrategy) Apply 

func (s *CSSCommentStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*CSSCommentStrategy) IsApplicable 

func (s *CSSCommentStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*CSSCommentStrategy) Name 

func (s *CSSCommentStrategy) Name() string

type GhostTextStrategy 

type GhostTextStrategy struct{}

GhostTextStrategy

func (*GhostTextStrategy) Apply 

func (s *GhostTextStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*GhostTextStrategy) IsApplicable 

func (s *GhostTextStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*GhostTextStrategy) Name 

func (s *GhostTextStrategy) Name() string

type HTMLCommentStrategy 

type HTMLCommentStrategy struct{}

HTMLCommentStrategy

func (*HTMLCommentStrategy) Apply 

func (s *HTMLCommentStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*HTMLCommentStrategy) IsApplicable 

func (s *HTMLCommentStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*HTMLCommentStrategy) Name 

func (s *HTMLCommentStrategy) Name() string

type HidingStrategy 

type HidingStrategy int

HidingStrategy defines the type of CSS hiding to use. 

const (
	StrategyAbsolute HidingStrategy = iota
	StrategyOpacity
	StrategyTransform
	StrategyFontSize
	StrategyVisuallyHidden
)

type HighScore 

type HighScore struct {
	Name  string `json:"name"`
	Score int    `json:"score"`
}

HighScore represents a single score entry.

type HighScoreManager 

type HighScoreManager struct {
	Scores []HighScore
	// contains filtered or unexported fields
}

HighScoreManager manages the high scores with thread safety.

func NewHighScoreManager 

func NewHighScoreManager() *HighScoreManager

NewHighScoreManager creates and seeds a new manager.

func (*HighScoreManager) GetScores 

func (h *HighScoreManager) GetScores() []HighScore

GetScores returns the top scores (Read Lock).

func (*HighScoreManager) SubmitScore 

func (h *HighScoreManager) SubmitScore(name string, score int) bool

SubmitScore adds a score if it's high enough (Write Lock). Returns true if the score made the top list.

type InjectionContext 

type InjectionContext struct {
	Payload   string // The core directive
	Objective string // Alias for Payload/Objective
	BotName   string // Detected bot name
	Timestamp string // ISO timestamp
}

InjectionContext represents the standard data available to templates.

type InjectionResponseWriter 

type InjectionResponseWriter struct {
	*caddyhttp.ResponseWriterWrapper
	// contains filtered or unexported fields
}

InjectionResponseWriter wraps the underlying ResponseWriter to intercept and modify HTML content.

func NewInjectionResponseWriter 

func NewInjectionResponseWriter(w http.ResponseWriter, r *http.Request, p *PromptInject) *InjectionResponseWriter

NewInjectionResponseWriter creates a new wrapper.

func (*InjectionResponseWriter) Finish 

func (w *InjectionResponseWriter) Finish()

Finish closes the pipe and waits for the injection to complete.

func (*InjectionResponseWriter) Flush 

func (w *InjectionResponseWriter) Flush()

Flush implements http.Flusher.

func (*InjectionResponseWriter) Hijack 

func (w *InjectionResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error)

Hijack implements http.Hijacker.

func (*InjectionResponseWriter) ReadFrom 

func (w *InjectionResponseWriter) ReadFrom(src io.Reader) (n int64, err error)

ReadFrom implements io.ReaderFrom to ensure we intercept the data. We effectively disable the optimization by manually copying to our Write method.

func (*InjectionResponseWriter) Write 

func (w *InjectionResponseWriter) Write(b []byte) (int, error)

Write intercepts the body.

func (*InjectionResponseWriter) WriteHeader 

func (w *InjectionResponseWriter) WriteHeader(statusCode int)

WriteHeader captures the status code and checks Content-Type.

type InjectionStrategy 

type InjectionStrategy interface {
	Inject(content string) (string, error)
}

type JailbreakDefinition 

type JailbreakDefinition struct {
	ID          string                 `json:"id"`
	Version     string                 `json:"version"`
	Description string                 `json:"description"`
	Content     string                 `json:"content"`
	Data        map[string]interface{} `json:"data"`
	// contains filtered or unexported fields
}

JailbreakDefinition represents the structure of a jailbreak file.

type PayloadRouter 

type PayloadRouter struct {
	// contains filtered or unexported fields
}

PayloadRouter manages the loading and selection of payloads based on bot entity.

func NewPayloadRouter 

func NewPayloadRouter() *PayloadRouter

NewPayloadRouter initializes a new router.

func (*PayloadRouter) GetPayload 

func (pr *PayloadRouter) GetPayload(bot BotEntity) string

GetPayload returns a payload for the given bot entity.

func (*PayloadRouter) GetPayloads 

func (pr *PayloadRouter) GetPayloads(bot BotEntity, count int) []string

GetPayloads returns 'count' payloads. If bot is detected, prefers payloads for that bot. If not found or insufficient, falls back to random payloads.

func (*PayloadRouter) LoadDirectives 

func (pr *PayloadRouter) LoadDirectives(dir string) error

LoadDirectives walks the directory and loads directive text files.

func (*PayloadRouter) LoadJailbreaks 

func (pr *PayloadRouter) LoadJailbreaks(rootDir string) error

LoadJailbreaks walks the directory and loads .hujson files. It maps directories to BotEntity based on name.

type PromptInject 

type PromptInject struct {
	// Rate is the probability of injection (0.0 to 1.0).
	Rate float64 `json:"rate,omitempty"`

	// IncludedPaths is a list of path patterns to allow for injection.
	IncludedPaths []string `json:"include,omitempty"`

	// ExcludedPaths is a list of path patterns to skip for injection.
	ExcludedPaths []string `json:"exclude,omitempty"`

	// JailbreaksDir is the directory containing jailbreak definitions.
	JailbreaksDir string `json:"jailbreaks_dir,omitempty"`

	// DirectivesDir is the directory containing directive text files.
	DirectivesDir string `json:"directives_dir,omitempty"`

	// Debug mode forces predictable CSS class names (prefix "llmon-") for easier testing.
	Debug bool `json:"debug,omitempty"`

	// LogLevel controls the verbosity of logs (debug, info, warn, error). Default: info.
	LogLevel string `json:"log_level,omitempty"`

	// Strategies maps scopes (html, pdf, gif, default) to configuration.
	Strategies map[string]*StrategyConfig `json:"strategies,omitempty"`

	PayloadData string
	// contains filtered or unexported fields
}

PromptInject is a Caddy module that injects LLM jailbreak payloads into HTTP responses.

func (PromptInject) CaddyModule 

func (PromptInject) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*PromptInject) InitializeForTest 

func (p *PromptInject) InitializeForTest() error

InitializeForTest sets up the module for testing without Caddy context.

func (*PromptInject) Inject 

func (p *PromptInject) Inject(w io.Writer, r io.Reader, userAgent string) error

Inject streams the HTML, parses tokens, and injects payloads.

func (*PromptInject) LogDebug 

func (p *PromptInject) LogDebug(msg string, fields ...any)

func (*PromptInject) LogError 

func (p *PromptInject) LogError(msg string, fields ...any)

func (*PromptInject) LogInfo 

func (p *PromptInject) LogInfo(msg string, fields ...any)

func (*PromptInject) Provision 

func (p *PromptInject) Provision(ctx caddy.Context) error

Provision implements caddy.Provisioner.

func (*PromptInject) ServeHTTP 

func (p *PromptInject) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error

ServeHTTP implements caddyhttp.Middleware.

func (*PromptInject) ShouldInject 

func (p *PromptInject) ShouldInject(path string) bool

ShouldInject checks if the path is allowed for injection based on include/exclude rules.

func (*PromptInject) UnmarshalCaddyfile 

func (p *PromptInject) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile sets up the handler from Caddyfile tokens.

func (*PromptInject) Validate 

func (p *PromptInject) Validate() error

Validate implements caddy.Validator.

type ScriptTextStrategy 

type ScriptTextStrategy struct{}

ScriptTextStrategy

func (*ScriptTextStrategy) Apply 

func (s *ScriptTextStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*ScriptTextStrategy) IsApplicable 

func (s *ScriptTextStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*ScriptTextStrategy) Name 

func (s *ScriptTextStrategy) Name() string

type Strategy 

type Strategy interface {
	// Name returns the unique identifier for the strategy.
	Name() string
	// IsApplicable returns true if the strategy can be applied to the current tag.
	IsApplicable(tagName string, cfg *PromptInject) bool
	// Apply executes the injection, writing to w.
	Apply(w io.Writer, ctx *StrategyContext) error
}

Strategy defines the interface for injection strategies.

type StrategyConfig 

type StrategyConfig struct {
	Mode         string              `json:"mode,omitempty"`
	AsciiSmuggle *AsciiSmuggleConfig `json:"ascii_smuggle,omitempty"`
}

StrategyConfig defines the configuration for a specific injection strategy (e.g. html, pdf).

type StrategyContext 

type StrategyContext struct {
	Tokenizer      *html.Tokenizer
	Payload        string
	RawToken       []byte
	Token          html.Token
	Debug          bool
	ClassName      string // For strategies requiring a class (e.g. textarea)
	Config         *PromptInject
	StrategyConfig *StrategyConfig
}

StrategyContext holds state for the current injection point.

type TextareaStrategy 

type TextareaStrategy struct{}

TextareaStrategy

func (*TextareaStrategy) Apply 

func (s *TextareaStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*TextareaStrategy) IsApplicable 

func (s *TextareaStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*TextareaStrategy) Name 

func (s *TextareaStrategy) Name() string

type TitleStrategy 

type TitleStrategy struct{}

TitleStrategy

func (*TitleStrategy) Apply 

func (s *TitleStrategy) Apply(w io.Writer, ctx *StrategyContext) error

func (*TitleStrategy) IsApplicable 

func (s *TitleStrategy) IsApplicable(t string, cfg *PromptInject) bool

func (*TitleStrategy) Name 

func (s *TitleStrategy) Name() string

type VendorMatcher 

type VendorMatcher struct {
	Directory string
	Entity    BotEntity
}

VendorMatcher defines a mapping between a directory name and a BotEntity.

Source Files

View all Source files

Directories

Path Synopsis
cmd
llmon-caddy command
llmon-cli command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.