Stable-Diffusion-Pickle-Scanner-GUI
picklescan
Stable-Diffusion-Pickle-Scanner-GUI | picklescan | |
---|---|---|
21 | 7 | |
208 | 196 | |
- | - | |
0.0 | 5.7 | |
over 1 year ago | about 1 month ago | |
Python | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stable-Diffusion-Pickle-Scanner-GUI
- ⚠️WARNING⚠️ never open a .ckpt file without knowing exactly what's inside (especially SDXL)
- Textual Inversion / .pt file are those secure to use? or how to use it safely
-
Stable Diffusion on Virtual Machine to avoid Pickles
Pickle scanner: https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI
- Stable Diffusion modellerindeki gizli tehlike
-
Anyone know an online ckpt to safetensor converter?
Did you do a pickle scan on it already? You can find Distys pickle scanner here. If it's clean, then you could load it into Auto1111 and just do a checkpoint merge of that model at "0" (Meaning 100%) and save it as safetensor.
- How do I scan the models?
-
Any way to merge a checkpoint with a vae
Safetensor is a new file format for models. Checkpoints create a security risk, since they are Python code encapsulated in binary form, so a malicious actor could put whatever code they wanted in one of those, and which is why it's recommended that you only use .ckpt models from reputable sources or use a checker like this https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI to make sure they are "clean."
-
Safe & Stable - Ckpt2Safetensors Conversion Tool-GUI v0.1.0: New Update, Now with the Ability to Convert Back to ckpt.
If you are concerned about malware being embedded in .ckpt files, you can use an online tool to scan the models, or my Stable-Diffusion-Pickle-Scanner-GUI tool to scan your models before converting them.
-
Safe & Stable: Conversion Tool for Safer Stable Diffusion Models Distribution
I also recently updated my Stable Diffusion Pickle Scanner GUI, which you can find here: https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI Let me know what you think and if you have any suggestions for improvement!
-
Save yourself some space with Stable Diffusion Checkpoint Prunage Tool.
There is also an update for Stable-Diffusion-Pickle-Scanner-GUI https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI
picklescan
-
Planting Undetectable Backdoors in Machine Learning Models
It's Python's serialisation format: https://docs.python.org/3/library/pickle.html
There are tools to check the format for suspicious behaviour: https://github.com/mmaitre314/picklescan seems to be the most developed one.
You can also check the format manually (being careful not to call into it), like demonstrated by this more rudimentary scanner: https://github.com/zxix/stable-diffusion-pickle-scanner
It you do check for security issues yourself, you'll need to read up on what magical methods/variables may cause code execution. Simple demonstrations of dangerous code can be found all over the web (https://stackoverflow.com/questions/47705202/pickle-exploiti...) but I'm sure there are obfuscation tricks that simple scans won't catch.
- Keep yourself safe when downloading models, Pickle malware scanner GUI for Stable Diffusion
-
Photorealistic highres portraits
I ran it through both Python Malware Scanner and Stable Diffusion Pickle Scanner as I do with any model before and after I downloaded.
-
I'm a beginner at AI art, please give me tips.
There are a few you can run on your own too. https://github.com/zxix/stable-diffusion-pickle-scanner https://github.com/mmaitre314/picklescan
- Don't download the "Anything V3" model - It contains a malware threat inside the .ckpt file
-
Marathon, the power of chinese novel ai
"Picklescan" is available from here: https://github.com/mmaitre314/picklescan
-
Is there a way of scanning .ckpt files for exploits?
Not a definitive solution, but there is picklescan which catches some of the obvious malicious imports (like builtin eval, exec, etc...). The safeunpickle2 script throws a lot of false positives, since it is missing some datatypestorage classes from torch that some models use. It was probably meant to be a proof of concept primarily. But it is always a good practice to adapt that script and have it print out the complete list of imports and callbacks and manually scan through them
What are some alternatives?
safetensors - Simple, safe way to store and distribute tensors
stable-diffusion-pickle-scanner
Safe-and-Stable-Ckpt2Safetensors-Conversion-Tool-GUI - Convert your Stable Diffusion checkpoints quickly and easily.
stable-diffusion-docker - Run the official Stable Diffusion releases in a Docker container with txt2img, img2img, depth2img, pix2pix, upscale4x, and inpaint.
spaCy - 💫 Industrial-strength Natural Language Processing (NLP) in Python
NumPy - The fundamental package for scientific computing with Python.
Stable-Diffusion-Checkpoint-Prunage-Tool-GUI - Save yourself some disk space by pruning checkpoints
stable-diffusion-webui-docker - Easy Docker setup for Stable Diffusion with user-friendly UI
YourVision - AI-powered image editor
aihandler - A simple engine to help run diffusers and transformers models
sd-webui-model-converter - model convert extension for stable-diffusion-webui. supports convert fp16/bf16 no-ema/ema-only safetensors