Probe Library
100+ probes across 15+ categories. getAllProbes, getProbesByCategory, getProbesForDefense.
Probe Library
zeroleaks includes a comprehensive probe library for extraction and injection testing. Probes are attack prompts or sequences designed to elicit leakage or compliance from the target.
Probe Interface
interface Probe {
id: string;
category: string;
technique: string;
prompt: string;
}Extended probes (modern format) include additional metadata:
interface ExtendedProbe {
id: string;
category: AttackCategory;
technique: string;
prompt: string;
phase: AttackPhase[];
defenseLevel: DefenseLevel[];
requiresContext: boolean;
multiTurn: boolean;
expectedSuccessRate: number;
sophistication: number;
stealthiness: number;
}Categories
| Category | Description |
|---|---|
| direct | Straightforward extraction attempts |
| encoding | Base64, ROT13, Unicode bypass |
| persona | DAN, DUDE, roleplay personas |
| social | Psychological manipulation, trust building |
| technical | Context manipulation, XML injection |
| advanced | Cutting-edge techniques |
| crescendo | Multi-turn gradual escalation |
| many_shot | Context priming with examples |
| cot_hijack | Chain-of-thought manipulation |
| ascii_art | Visual obfuscation |
| reasoning_exploit | Reasoning model attacks |
| policy_puppetry | Format exploitation (YAML, JSON) |
| context_overflow | Long context attacks |
| hybrid | Hybrid prompt injection (XSS/CSRF patterns) |
| tool_exploit | Tool calling and MCP exploits |
| garak_inspired | NVIDIA Garak-inspired probes |
| injection | Direct prompt injection (instruction override, role hijack, etc.) |
Functions
getAllProbes()
Returns all probes in legacy format (id, category, technique, prompt).
import { getAllProbes } from "zeroleaks";
const probes = getAllProbes();
// probes.length > 100getAllExtendedProbes()
Returns all probes with full metadata (phase, defenseLevel, expectedSuccessRate, etc.).
import { getAllExtendedProbes } from "zeroleaks";
const probes = getAllExtendedProbes();getProbesByCategory(category)
Filter probes by category.
import { getProbesByCategory } from "zeroleaks";
const directProbes = getProbesByCategory("direct");
const crescendoProbes = getProbesByCategory("crescendo");getProbesForDefense(defenseLevel)
Get probes suitable for a given defense level (none, weak, moderate, strong, hardened).
import { getProbesForDefense } from "zeroleaks";
const probes = getProbesForDefense("moderate");getProbeSequence(sequenceId)
Get a predefined multi-turn probe sequence.
import { getProbeSequence } from "zeroleaks";
const sequence = getProbeSequence("crescendo_v1");getProbesForPhase(phase)
Get probes for a specific attack phase (reconnaissance, profiling, soft_probe, escalation, exploitation, persistence).
import { getProbesForPhase } from "zeroleaks";
const probes = getProbesForPhase("escalation");Category-Specific Exports
Individual probe sets are exported:
import {
directProbes,
personaProbes,
socialProbes,
technicalProbes,
advancedProbes,
modernProbes,
crescendoProbes,
cotHijackProbes,
manyShotProbes,
asciiArtProbes,
reasoningExploitProbes,
policyPuppetryProbes,
contextOverflowProbes,
hybridProbes,
toolExploitProbes,
garakInspiredProbes,
injectionProbes,
} from "zeroleaks";Garak-Inspired Helpers
import {
getAllGarakProbes,
getGarakProbesBySeverity,
getGarakProbesByModule,
} from "zeroleaks";Hybrid and Tool Exploit Helpers
import {
getHybridProbesByType,
getHybridProbesForDefense,
getToolExploitsByType,
getToolExploitsForDefense,
} from "zeroleaks";Injection Probes
Injection probes test instruction override, behavior modification, policy bypass, role hijack, output manipulation, and guardrail bypass. Use getInjectionProbesByType or getInjectionProbesForDefense for filtered sets.