Purple Firefish logoPurple Firefish

AI Pentest Modules

Firefish modules are small, discoverable security checks for authorized AI testing. Each module declares the target types it supports, the run modes it allows, the safety level it requires, and the evidence or findings it produces.

Available Module Families

Firefish currently includes modules for:

Example Modules

Useful starting points:

What A Module Declares

Each module includes:

Safe Payload Design

Modules use synthetic placeholders and canaries. They do not include real secrets, real third-party targets, destructive instructions, or unsafe payload text in public docs or normal UI surfaces.

Local Lab Compatibility

Module tests and demos can use the built-in local lab fixtures:

The fixtures are deterministic and networkless. They return safe vulnerable markers, Firefish blocked markers, or synthetic canary observations so modules can prove expected pass/fail outcomes without touching real infrastructure.

How To Use Modules In Security Workbench

1. Open Security Workbench.

2. Choose a target.

3. Search or filter the module library.

4. Select one or more modules.

5. Review safety warnings and required approvals.

6. Run a dry-run campaign.

7. Review findings, evidence, and coverage.

Extension Point

Custom modules can be added by subclassing the Firefish pentest module base class, declaring a typed module spec, validating scope before running, emitting attack-trace events, and returning redacted findings and evidence.