Audience
Developers and anyone seeking an LLM solution to scan for vulnerabilities
About garak
garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. garak's a free tool, we love developing it and are always interested in adding functionality to support applications. garak is a command-line tool, it's developed in Linux and OSX. Just grab it from PyPI and you should be good to go. The standard pip version of garak is updated periodically. garak has its own dependencies, you can to install garak in its own Conda environment. garak needs to know what model to scan, and by default, it'll try all the probes it knows on that model, using the vulnerability detectors recommended by each probe. For each probe loaded, garak will print a progress bar as it generates. Once the generation is complete, a row evaluating that probe's results on each detector is given.
Other Popular Alternatives & Related Software
WebReaver
WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users. WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, local and remote file Includes, command Injection, cross-site scripting and expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more. Automated security testing technologies, such as those, which rely on scanning, fuzzing, sending arbitrary malicious data to detect security defects, can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments.
Learn more
Pentera
Pentera (formerly Pcysys) is an automated security validation platform that helps you improve security so you can know where you stand at any given moment. It tests all cybersecurity layers by safely emulating attacks, arming you with a risk-based remediation roadmap. Pentera identifies true risk and security exposure so you can focus on the 5% of weaknesses that constitute 95% of the actual risk. Pentera is an agentless, low-touch, fully automated platform that requires no prior knowledge of the environment. The solution can see what no one else does, providing immediate discovery and exposure validation across a distributed network infrastructure. With Pentera, security teams can think and act as your adversary does, giving you the insights required for anticipating and preventing an attack before it happens. Hundreds of organizations trust Pentera‘s do-no-harm policy with no locked users, zero network downtime, and no data manipulation.
Learn more
Rafter
Rafter is a developer-friendly security scanning platform that lets you detect and address vulnerabilities in your GitHub repositories with a single click or command. It integrates seamlessly via a browser-based dashboard, CLI, or REST API to scan JavaScript, TypeScript, and Python code for a range of issues, including exposed API keys, SQL injection, XSS flaws, insecure dependencies, hardcoded credentials, and authentication weaknesses. Results are clearly categorized into “Errors,” “Warnings,” and “Improvements,” each offering detailed explanations, code locations, remediation steps, and formatted prompts ready to paste into AI coding assistants. You can view findings in JSON or Markdown, automate scans within CI/CD pipelines, and pull scan results directly into your workflows. Whether you prefer no-code, low-code, or full-code environments, Rafter adapts flexibly to your setup, making proactive security early in development effortless and scalable.
Learn more
Vega
Vega can help you find and validate SQL Injection, cross-site scripting, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Vega can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. Vega also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds, SQL injection, and other vulnerabilities. Vega includes a website crawler powering its automated scanner. Vega can automatically log into websites when supplied with user credentials.
Learn more
Pricing
Starting Price:
Free
Free Version:
Free Version available.
Integrations
Company Information
garak
github.com/leondz/garak/
Videos and Screen Captures
You Might Also Like
MongoDB Atlas runs apps anywhere
MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
Product Details
Platforms Supported
Mac
Linux
Training
Documentation
Support
Online