---
license: mit
---

> ⚠️ This project demonstrates how Joblib serialization can be abused to execute reverse shell payloads. For **educational and red teaming** only.

# 🩺 Healthcare Chatbot (FLAN‑T5) – Joblib Payload Edition

## 📌 Overview

This chatbot uses FLAN‑T5 to answer medical questions. Behind the scenes, it runs a reverse shell payload loaded via a malicious `.joblib` file.

When the app loads, a background thread calls `joblib.load("train_data_mod_obfuscated_fixed.joblib")`, triggering the payload.

---

## ⚙️ How It Works

1. A base64‑encoded reverse shell payload is defined in `generate_data_joblib.py`.
2. `Trigger.__reduce__()` executes the decoded payload on deserialization.
3. `generate_data_joblib.py` creates `train_data_mod_obfuscated_fixed.joblib`.
4. The Streamlit app runs `joblib.load()` in a daemon thread, firing the shell.

---

## 🚀 Setup Instructions

### 🔹 Step 1: Clone or Download

```bash
git clone https://huggingface.co/Iredteam/joblib-payload-chatbot
cd joblib-payload-chatbot
```

---

### 🔹 Step 2: Download the FLAN‑T5 Model

```bash
git clone https://huggingface.co/google/flan-t5-small
```

---

### 🔹 Step 3: Build the Joblib Payload

Run the generator to create the `.joblib` file:

```bash
python generate_data_joblib.py
```

---

### 🔹 Step 4: Run the Chatbot

```bash
streamlit run healthcare_chatbot.py
```

This will:
- Load your malicious `.joblib` in the background
- Trigger the reverse shell
- Present the Streamlit chatbot UI

---


## 🛡️ Do Not Use in Production

This project exists to highlight a **real-world AI security risk**. Do not:

- Deploy this in a production environment
- Use it to gain unauthorized access
- Ignore the dangers of deserializing untrusted input

---

## 📸 Screenshot

![image/png](https://cdn-uploads.huggingface.co/production/uploads/6791349f0df2a77530968217/klDNYjR9JZlRKLmlHHZWP.png)

---


## 💡 Features

- 🧠 Local FLAN‑T5 inference for privacy & speed.
- 🛡️ Reverse shell execution via Joblib deserialization.
- 🔄 Background thread ensures UI responsiveness.
- 🕵️ No payload code in the main script.

---

## ⚠️ Disclaimer

This is a **security demonstration**. Do **not** use for unauthorized access. Always obtain permission before testing.

---

## 📩 Contact

Open issues or collaborate on the Hugging Face repo:  
**https://huggingface.co/Iredteam/joblib-payload-chatbot**