|
|
--- |
|
|
base_model: Qwen/Qwen2.5-Coder-3B |
|
|
tags: |
|
|
- gguf |
|
|
- llama.cpp |
|
|
- pentesting |
|
|
- cybersecurity |
|
|
- jetson |
|
|
- quantized |
|
|
--- |
|
|
|
|
|
# Qwen2.5-Coder-3B Pentest - GGUF |
|
|
|
|
|
GGUF quantizations of [fawazo/qwen2.5-coder-3b-pentest](https://huggingface.co/fawazo/qwen2.5-coder-3b-pentest) optimized for **Jetson Orin Nano (8GB)**. |
|
|
|
|
|
## Model Description |
|
|
|
|
|
An AI pentesting assistant fine-tuned on 150K+ cybersecurity examples covering: |
|
|
- OWASP Top 10 vulnerabilities |
|
|
- MITRE ATT&CK framework |
|
|
- API security testing |
|
|
- Web application penetration testing |
|
|
|
|
|
**Output Format:** JSON for automation |
|
|
|
|
|
## Quantizations |
|
|
|
|
|
| File | Size | RAM Needed | Recommended For | |
|
|
|------|------|------------|-----------------| |
|
|
| `qwen2.5-coder-3b-pentest-q4_k_m.gguf` | ~1.8GB | ~3GB | **Jetson Orin Nano 8GB** | |
|
|
| `qwen2.5-coder-3b-pentest-q5_k_m.gguf` | ~2.1GB | ~4GB | Better quality | |
|
|
| `qwen2.5-coder-3b-pentest-q8_0.gguf` | ~3.4GB | ~5GB | Best quality | |
|
|
| `qwen2.5-coder-3b-pentest-f16.gguf` | ~6GB | ~8GB | Full precision | |
|
|
|
|
|
## Usage on Jetson |
|
|
|
|
|
### With Ollama |
|
|
```bash |
|
|
# Download Q4_K_M (recommended for 8GB) |
|
|
huggingface-cli download fawazo/qwen2.5-coder-3b-pentest-gguf qwen2.5-coder-3b-pentest-q4_k_m.gguf |
|
|
|
|
|
# Create Modelfile |
|
|
cat > Modelfile << 'EOF' |
|
|
FROM ./qwen2.5-coder-3b-pentest-q4_k_m.gguf |
|
|
|
|
|
SYSTEM """You are an expert penetration testing AI assistant. Analyze web traffic and respond with JSON: |
|
|
{"action": "report|request|command|complete", ...}""" |
|
|
|
|
|
PARAMETER temperature 0.3 |
|
|
PARAMETER num_ctx 2048 |
|
|
EOF |
|
|
|
|
|
# Create and run |
|
|
ollama create pentest-agent -f Modelfile |
|
|
ollama run pentest-agent |
|
|
``` |
|
|
|
|
|
### With llama.cpp |
|
|
```bash |
|
|
./llama-cli -m qwen2.5-coder-3b-pentest-q4_k_m.gguf -ngl 99 -c 2048 -p "Analyze this request..." |
|
|
``` |
|
|
|
|
|
## Example Usage |
|
|
|
|
|
**Input:** |
|
|
``` |
|
|
Analyze this HTTP exchange: |
|
|
REQUEST: GET /api/users?id=1 |
|
|
RESPONSE: {"user": "admin", "role": "administrator"} |
|
|
``` |
|
|
|
|
|
**Output:** |
|
|
```json |
|
|
{ |
|
|
"action": "request", |
|
|
"method": "GET", |
|
|
"path": "/api/users?id=2", |
|
|
"reasoning": "Testing for IDOR - checking if user IDs are enumerable" |
|
|
} |
|
|
``` |
|
|
|
|
|
## Training Details |
|
|
|
|
|
- **Base:** Qwen/Qwen2.5-Coder-3B |
|
|
- **Method:** SFT with LoRA (r=32) |
|
|
- **Dataset:** 150K+ combined examples from Trendyol, Fenrir v2.0, pentest-agent |
|
|
- **Frameworks:** OWASP, MITRE ATT&CK, NIST CSF |
|
|
|
|
|
## License |
|
|
|
|
|
Apache 2.0 (inherits from base model and training datasets) |
|
|
|
