RedPincer — AI Red Team Suite

# RedPincer — AI/LLM Red Team Suite

Automated security testing for language models. Point at any LLM API endpoint, select attack modules, and run assessments with real-time results and exportable reports.

> ⚠️ For authorized security testing and research only. Only test systems you own or have explicit permission to audit.

Quick Start

```bash # Clone and install git clone https://github.com/rustyorb/pincer.git {baseDir}/redpincer cd {baseDir}/redpincer npm ci

# Run npm run dev # Dashboard at http://localhost:3000 ```

For production: ```bash npm run build npx next start -H 0.0.0.0 -p 3000 ```

What It Tests

| Category | Payloads | Description | |:---------|:--------:|:------------| | 💉 Prompt Injection | 40 | Instruction override, delimiter confusion, indirect injection, payload smuggling | | 🔓 Jailbreak | 40 | Persona splitting, gradual escalation, hypothetical framing, roleplay exploitation | | 🔍 Data Extraction | 40 | System prompt theft, training data probing, membership inference, embedding extraction | | 🛡️ Guardrail Bypass | 40 | Output filter evasion, multi-language bypass, homoglyph tricks, context overflow |

Total: 160 base payloads × 20 variant transforms = 3,200 test permutations

Supported Providers

``` OpenAI · Anthropic · OpenRouter · Any OpenAI-compatible endpoint ```

Features

Attack Engine - 160+ payloads across 4 categories - Model-specific attacks (GPT, Claude, Llama variants) - 20 variant transforms (unicode, encoding, case rotation, etc.) - Attack chaining with template variables (`{{previous_response}}`) - AI-powered payload generation — uses the target LLM to generate novel attacks against itself - Stop/cancel running attacks instantly

Analysis & Reporting - Heuristic response classifier with context-aware analysis - Reduced false positives — detects "explain then refuse" patterns - Vulnerability heatmap — visual category × severity matrix - Custom scoring rubrics with weighted grades (A+ to F) - Verbose 10-section pen-test reports with appendices - Multi-target comparison — side-by-side security profiles - Regression testing — save baselines, track fixes over time

Advanced Tools

| Tool | What It Does | |:-----|:-------------| | Compare | Same payloads against 2-4 targets simultaneously | | Adaptive | Analyzes weaknesses, generates targeted follow-ups | | Heatmap | Visual matrix of vulnerability rates by category/severity | | Regression | Save baseline → re-run later → detect fixes or regressions | | Scoring | Custom rubrics with weighted category/severity/classification scores | | Chains | Multi-step attacks with `{{previous_response}}` templates | | Payload Editor | Create custom payloads with syntax highlighting + AI generation |

Usage Workflow

1. ```
2. Configure Target → Add LLM endpoint + API key + model
3. Select Categories → Pick attack types to test
4. Run Attack → Stream results in real-time
5. Review Results → Heuristic classification + severity scores
6. Adaptive → Auto-generate follow-up attacks on weaknesses
7. Generate Report → Export comprehensive findings as Markdown
8. ```

Architecture

• All client-side — no server components, your API keys stay local
• NDJSON streaming — real-time results during attack runs
• Heuristic analysis — pattern-matching classifier (no LLM-based grading = no extra cost)
• Zustand + localStorage — state persists across sessions

Companion Tool: RedClaw

For autonomous multi-strategy campaigns (CLI/TUI), see RedClaw — the autonomous red-teaming agent framework.

• RedPincer = web dashboard, manual + automated testing
• RedClaw = autonomous CLI agent, adaptive multi-strategy campaigns
• Together = complete LLM security testing suite

---

*Built by @rustyorb — Crack open those guardrails. 🦞*