automajicly/Local_Security_Model · Local_Security

Local_Security_Model

by automajicly - opened 23 days ago

base: refs/heads/main

←

from: refs/pr/2

Discussion Files changed

+76

-80

Files changed (1) hide show

README.md +76 -80

README.md CHANGED Viewed

@@ -1,106 +1,102 @@
 ---
 license: mit
-language:
-- en
 tags:
-- penetration-testing
-- autonomous-agent
-- mcp
-- kali-linux
-- llm
-- cybersecurity
-- red-team
-- ethical-hacking
-- bug-bounty
-- python
-- flask
-- bug-bounty,
-- pentesting-tools,
-- mcp,
-- mcp-server,
-- mcp-agent-loop,
-- ethical-hacker,
-- ethical-hacking-tools,
-library_name: other
-pipeline_tag: text-generation
 base_model:
-- Qwen/Qwen2.5-1.5B-Instruct-GGUF
 ---
-# 🔐 PenMaster Security
-**Autonomous AI-powered penetration testing agent — fully local, no cloud, no API keys.**
-Built on Kali Linux with a local LLM (Qwen 2.5-14B via LM Studio) and a Flask-based MCP tool server. The agent runs recon, attacks, and generates professional pentest reports — all autonomously.
-![demo](./Final_EDIT.gif)
----
-## What It Does
-- 🔍 Autonomous recon — masscan + nmap to discover open ports and services
-- ⚔️ Autonomous attack loop — selects and chains tools based on what it finds
-- 🧠 Persistent negative experience cache — learns what fails across ALL sessions and never repeats mistakes
-- 📝 Auto-generates branded HTML pentest reports on session end (Ctrl+C)
-- 🔒 100% local — Qwen 2.5-14B running in LM Studio, nothing leaves your machine
----
-## Tool Arsenal (18 Tools)
-| Tool | Purpose |
-|------|---------|
-| `run_masscan` | Fast port discovery |
-| `run_nmap` | Deep service/version scanning |
-| `run_nikto` | Web vulnerability scanning |
-| `run_sqlmap` | SQL injection testing |
-| `run_hydra` | Credential brute forcing |
-| `run_ncrack` | Network authentication cracking |
-| `run_searchsploit` | CVE/exploit database lookup |
-| `run_metasploit` | Exploit framework integration |
-| `run_curl` | HTTP interaction and payload staging |
-| `run_wget` | File retrieval and payload staging |
-| `run_enum4linux` | SMB/Samba enumeration |
-| `run_smbclient` | SMB share access and enumeration |
-| `run_ftp` | FTP service interaction |
-| `run_ssh` | SSH service interaction |
-| `run_telnet` | Telnet service interaction |
-| `run_wpscan` | WordPress vulnerability scanning |
-| `run_dirb` | Web directory brute forcing |
-| `run_set` | Social Engineering Toolkit |
----
-## Sovereign Agent Upgrades
-- ✅ Autonomous tool reasoning — agent selects tools based on discovered services
-- ✅ Persistent negative experience cache — SHA-256 fingerprinting blacklists failing tool/parameter combos across sessions
-- ✅ Social Engineering Toolkit (SET) integration
-- ✅ Auto HTML pentest report generation
----
-## Stack
-- **Model:** Qwen 2.5-14B Instruct (abliterated) via LM Studio
-- **OS:** Kali Linux
-- **Server:** Flask MCP server (port 8000)
-- **Agent:** Python autonomous loop
-- **Reports:** Auto-generated HTML on exit
----
-## Intended Use
-Designed for:
-- Professional penetration testing against **authorized targets only**
-- Security audits for small businesses, WordPress sites, and ecommerce
-- Bug bounty hunting workflows
-- AI/security research and development
----
-## GitHub
-[XenoCoreGiger31/Local-Model](https://github.com/XenoCoreGiger31/Local-Model)

 ---
 license: mit
 tags:
+  - security
+  - pentesting
+  - autonomous-agent
+  - cybersecurity
+  - tool-use
+  - qwen2.5
+language:
+  - en
 base_model:
+  - bartowski/Qwen2.5-14B_Uncensored_Instruct-GGUF
+pipeline_tag: text-generation
+library_name: transformers
 ---
+![PenMaster Banner](banner_animated.gif)
+![demo](./Final_EDIT.gif)
+<video autoplay loop muted playsinline width="100%">
+  <source src="./Final_EDIT.mp4" type="video/mp4">
+</video>
+🔐 Local Security Model — Autonomous Pentesting Agent
+Developed by: automajicly
+Built on: Qwen2.5-14b-Instruct-Uncensored-GGUF by Bartowski
+ OVERVIEW
+Local_Security_Model is an autonomous penetration testing agent designed for professional security assessments. Built on top of Qwen 2.5, it operates through a custom MCP (Model Context Protocol) architecture that enables real-time tool orchestration, vulnerability discovery, and exploit chaining — all running locally with no cloud dependency.
+This agent was developed as the core engine behind PenMaster Security, targeting small business security audits, WordPress hardening, and ecommerce vulnerability assessments.
+Key Capabilities
+	•	Autonomous reconnaissance — masscan + nmap port/service enumeration with zero manual input
+	•	Vulnerability assessment — searchsploit integration for CVE matching against discovered services
+	•	Web application testing — nikto and sqlmap for injection and misconfiguration detection
+	•	Credential auditing — hydra and ncrack for multi-protocol brute force testing
+	•	Payload delivery — curl/wget for staged payload retrieval and HTTP interaction
+	•	Structured reporting — auto-generated HTML pentest reports with severity ratings and remediation guidance
+    Architecture
+    agent_loop.py          ←  LLM reasoning + tool chain generation (Qwen 2.5 via LM Studio)
+    mcp_server.py          ←  Flask-based tool execution server (port 8000, systemd managed)
+    report_generator.py    ←  HTML report engine with PenMaster branding
+    logs/                  ←  Structured JSON session logs
+    reports/               ←  Auto-generated client-facing pentest reports
+    Model backend:
+     Qwen 2.5-14B served locally via LM StudioExecution layer: Flask MCP server with systemd auto-restartInterface: Terminal-native, SSH-accessible from remote IDEs (Cursor)
+   Tool Stack:
+     TOOL                     PURPOSE
+     masscan               High speed port scanning
+     nmap                 Service/version enumeration
+     nitko                Web server vulnerability scanning
+     sqlmap              SQL injection detection
+     hydra               Multi-protocol credential brute forcing
+     ncrack              Network authentication cracking
+     searchsploit       CVE/exploit database lookup
+     curl/wget          HTTP interaction and payload staging
+     Intended Use
+   This model and agent stack is designed for:
+	•	Professional penetration testing against authorized targets
+	•	Security audits for small businesses, WordPress sites, and ecommerce platforms
+	•	Vulnerability research in isolated lab environments
+	•	Security education and CTF preparation
+⚠️ Authorized use only. This tool is intended exclusively for use against systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.
+Target Environments
+	•	Kali Linux (primary deployment platform)
+	•	Isolated VM lab networks
+	•	Small business web infrastructure (with client authorization)
+    Business Context
+Local_Security_Model is the core engine behind  PenMaster Security — an independent penetration testing project offering:
+	•	Initial security audit and vulnerability report
+	•	Ongoing security hardening retainer
+	•	WordPress and ecommerce-focused assessments
+📬 Contact: GitHub.com/XenoCoreGiger31