Julius: LLM Service Fingerprinting Tool
Julius is an essential LLM service fingerprinting tool designed for security professionals. It accurately detects which AI server software is operating on network endpoints during penetration tests, attack surface discovery, and security assessments.
Unlike traditional model fingerprinting tools that identify the LLM generating text, Julius focuses on the server infrastructure. It quickly answers questions like: Is that endpoint running Ollama? vLLM? LiteLLM? Or a Hugging Face deployment?
The Problem
During security assessments, discovering an open port often leads to the tedious task of manually identifying the underlying service. Different LLM services have unique API signatures, default ports, and response patterns, making manual identification slow and prone to errors. Julius automates this process by sending targeted HTTP probes and matching response signatures to precisely identify the running LLM service.
Key Features
- 33 LLM Services: Detects a wide range of platforms including Ollama, vLLM, LiteLLM, LocalAI, Hugging Face TGI, and many more.
- Fast Scanning: Utilizes concurrent probing with intelligent port-based prioritization for rapid identification.
- Model Discovery: Capable of extracting available models from identified endpoints.
- Specificity Scoring: Ranks results with a 1-100 score, prioritizing the most specific matches (e.g., LiteLLM over generic OpenAI-compatible).
- Multiple Inputs: Supports single targets, file input, or stdin piping for flexible usage.
- Flexible Output: Provides results in human-readable table, JSON, or JSONL formats for easy integration into existing workflows.
- Extensible: Allows for the addition of new service detection capabilities via simple YAML probe files.
- Offline Operation: Functions entirely locally with no cloud dependencies.
- Single Binary: A Go-based tool that compiles into one portable executable.
