NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
All integrations

Connectors · Security Tools

MSF

Evidence Connector for Metasploit

Fingerprint AI infrastructure from within Metasploit.

Local firstIn developmentmetasploit moduleattackevidence
Request accessBack to integrations

Screenshots coming soon

Visual walkthrough of Evidence Connector for Metasploit in progress

Overview

The SecEng Evidence Connector for Metasploit provides auxiliary scanner modules that detect and fingerprint AI services on a network — Ollama endpoints, OpenAI-compatible APIs, MCP servers, and similar infrastructure. Findings are reported to the SecEng sidecar and can be attached to your AI asset inventory and risk program. Modules are pure Ruby and drop into the standard Metasploit module path.

Features

  1. 01.

    AI service fingerprinting

    Scans target networks for known AI API signatures — Ollama, LiteLLM, OpenAI-compatible servers, and MCP endpoints.

  2. 02.

    Standard module path install

    Copy modules to `~/.msf4/modules/auxiliary/scanner/ai/` — no Metasploit patches or rebuilds required.

  3. 03.

    Evidence reporting

    Discovered services are reported to the SecEng sidecar with IP, port, service type, and version for inclusion in AI asset inventories.

  4. 04.

    RHOSTS-compatible

    Accepts standard Metasploit RHOSTS, RPORT, and THREADS options for bulk network scanning.

Install steps

  1. Step 01

    Copy modules: `cp -r apps/metasploit-evidence-connector/modules/auxiliary/scanner/ai ~/.msf4/modules/auxiliary/scanner/`.

  2. Step 02

    Launch msfconsole: `msfconsole`.

  3. Step 03

    Load a module: `use auxiliary/scanner/ai/ollama_info`, then `set RHOSTS <target>` and `run`.

  4. Step 04

    Ensure the SecEng sidecar is running on `http://127.0.0.1:17371` to receive findings.

Capabilities

discover servicereport findingattach evidenceexport json

Surfaces

auxiliary modulepanel

Scan modes

service_discoveryfile

Privacy architecture

Local first

This integration runs 100% in-process using a compiled WASM engine. Text is scanned locally — nothing is transmitted to a server, no analytics, no telemetry. Ideal for regulated environments where data residency and air-gap requirements apply.

Native manifest:metasploit module

Platform vendor

Rapid7

This integration is built by aisecurity.llc and runs natively on Rapid7.

WebsiteDeveloper docsMarketplaceGitHubTwitter / X

Early access

Get early access — Trust Scanner integrations are in active development

Evidence Connector for Metasploit and all 40integrations are under active development. Tell us what you need and we'll prioritize your platform.

Request accessBrowse all integrations