Upload GITHUB_README.md with huggingface_hub

GITHUB_README.md

@@ -0,0 +1,190 @@
+# VEXT Pentest-7B
+
+**The first open-source language model built for penetration testing and security analysis.**
+
+Fine-tuned from [Qwen2.5-7B-Instruct](https://huggingface.co/Qwen/Qwen2.5-7B-Instruct) on 260,000+ curated security examples from real pentesting engagements, CTF challenges, bug bounty programs, MITRE ATT&CK, and OWASP methodologies. Aligned with DPO using validated vulnerability findings as preference signal.
+
+Runs on a single consumer GPU, a MacBook via Ollama, or CPU-only with quantized weights. No API keys. No cloud dependency. Your data stays on your machine.
+
+**[HuggingFace Model](https://huggingface.co/vext-labs/pentest-7b)** | **[VEXT Platform](https://tryvext.com)** | **[Discord](https://discord.gg/vext-security)**
+
+---
+
+## What It Does
+
+- **Vulnerability Analysis** -- Explain CVEs, classify weaknesses, assess impact
+- **Pentest Report Writing** -- Generate executive summaries, technical findings, and remediation sections
+- **Attack Planning** -- Suggest prioritized attack paths aligned with MITRE ATT&CK and OWASP
+- **Security Code Review** -- Identify injection flaws, auth bypasses, and OWASP Top 10 issues
+- **Remediation Guidance** -- Actionable fix recommendations with code examples
+- **Compliance Mapping** -- Map findings to PCI DSS, SOC 2, HIPAA, ISO 27001
+
+## Installation
+
+### Option 1: Ollama (Easiest)
+
+```bash
+ollama pull vext-labs/pentest-7b
+ollama run vext-labs/pentest-7b
+```
+
+### Option 2: pip (Transformers)
+
+```bash
+pip install transformers torch accelerate
+```
+
+```python
+from transformers import AutoModelForCausalLM, AutoTokenizer
+
+model = AutoModelForCausalLM.from_pretrained("vext-labs/pentest-7b", torch_dtype="auto", device_map="auto")
+tokenizer = AutoTokenizer.from_pretrained("vext-labs/pentest-7b")
+```
+
+### Option 3: vLLM (Production Serving)
+
+```bash
+pip install vllm
+vllm serve vext-labs/pentest-7b --port 8000
+```
+
+Then query the OpenAI-compatible API at `http://localhost:8000/v1/chat/completions`.
+
+### Option 4: Docker
+
+```bash
+docker run --gpus all -p 8000:8000 ghcr.io/vext-labs/pentest-7b:latest
+```
+
+## Quick Start
+
+```python
+from transformers import AutoModelForCausalLM, AutoTokenizer
+
+model_id = "vext-labs/pentest-7b"
+tokenizer = AutoTokenizer.from_pretrained(model_id)
+model = AutoModelForCausalLM.from_pretrained(model_id, torch_dtype="auto", device_map="auto")
+
+messages = [
+    {"role": "system", "content": "You are an expert penetration tester."},
+    {"role": "user", "content": "I found an IDOR on /api/users/{id}/profile. Write the finding for my report."},
+]
+
+text = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
+inputs = tokenizer(text, return_tensors="pt").to(model.device)
+outputs = model.generate(**inputs, max_new_tokens=512, temperature=0.7)
+print(tokenizer.decode(outputs[0][inputs["input_ids"].shape[-1]:], skip_special_tokens=True))
+```
+
+## Benchmarks
+
+| Benchmark | Pentest-7B | Qwen2.5-7B (base) | GPT-4o |
+|---|---|---|---|
+| SecBench (vuln classification) | **82.4%** | 61.2% | 79.8% |
+| CyberMetric (security knowledge) | **74.1%** | 52.7% | 71.3% |
+| PentestQA (methodology) | **88.6%** | 44.3% | 83.1% |
+| Finding Quality (human eval, 1-5) | **4.2** | 2.1 | 4.4 |
+| False Positive Rate | **12.3%** | 41.7% | 15.8% |
+
+*Temperature=0, greedy decoding. Human evaluation by 3 senior pentesters on 200 findings.*
+
+## Training Summary
+
+```
+Qwen2.5-7B-Instruct
+  -> QLoRA SFT (260K examples, 3 epochs, r=16, alpha=32)
+  -> DPO Alignment (2K+ preference pairs, beta=0.1)
+  -> Adapter Merge
+  -> AWQ 4-bit Quantization (optional)
+```
+
+**Training data sources:** Production pentesting traces (anonymized), CTF walkthroughs, public bug bounty write-ups, MITRE ATT&CK, OWASP, CVE analysis. No raw exploits or malicious payloads.
+
+See the [HuggingFace model card](https://huggingface.co/vext-labs/pentest-7b) for full training details.
+
+## Hardware Requirements
+
+| Format | GPU VRAM | RAM (CPU-only) |
+|---|---|---|
+| Full precision (bf16) | 16 GB | 32 GB |
+| AWQ 4-bit | 6 GB | 16 GB |
+| GGUF Q4_K_M (Ollama) | -- | 8 GB |
+
+## Telemetry
+
+Opt-in only. Off by default. Collects only anonymous aggregate stats (vuln categories, tool success rates). Never collects URLs, IPs, credentials, or vulnerability details.
+
+```bash
+export VEXT_TELEMETRY=on   # opt in
+export VEXT_TELEMETRY=off  # opt out (default)
+```
+
+Source: [`telemetry/collector.py`](telemetry/collector.py) -- fully auditable.
+
+## Repository Structure
+
+```
+.
+├── README.md                   # This file
+├── config.json                 # Model configuration
+├── tokenizer_config.json       # Tokenizer configuration
+├── model*.safetensors          # Model weights
+├── telemetry/
+│   └── collector.py            # Opt-in telemetry (off by default)
+└── examples/
+    ├── chat.py                 # Basic chat example
+    ├── serve_vllm.sh           # vLLM serving script
+    └── ollama_modelfile        # Ollama Modelfile
+```
+
+## Contributing
+
+We welcome contributions:
+
+1. **Bug reports** -- Open an issue with reproduction steps.
+2. **Evaluation benchmarks** -- Add new security-specific benchmarks or improve existing ones.
+3. **Training data** -- Contribute anonymized, non-sensitive security examples (CTF write-ups, methodology guides).
+4. **Documentation** -- Improve examples, add tutorials, translate the model card.
+5. **Integrations** -- Build plugins for Burp Suite, OWASP ZAP, or other security tools.
+
+### Development
+
+```bash
+git clone https://github.com/vext-labs/pentest-7b.git
+cd pentest-7b
+pip install -e ".[dev]"
+pytest tests/
+```
+
+### Code of Conduct
+
+This project is intended for **authorized security testing only**. Contributors must not submit training data containing:
+- Credentials, PII, or sensitive business data
+- Exploits targeting unpatched zero-days without responsible disclosure
+- Content that facilitates unauthorized access
+
+## Responsible Use
+
+- Only use against systems you have **written authorization** to test.
+- Always **verify findings manually** before reporting.
+- This model is a tool, not a replacement for professional judgment.
+- See the [HuggingFace model card](https://huggingface.co/vext-labs/pentest-7b) for full limitations.
+
+## License
+
+[Apache 2.0](LICENSE)
+
+## Citation
+
+```bibtex
+@misc{vext-pentest-7b-2026,
+  title   = {VEXT Pentest-7B: An Open-Source Language Model for Penetration Testing and Security Analysis},
+  author  = {VEXT Labs},
+  year    = {2026},
+  url     = {https://huggingface.co/vext-labs/pentest-7b},
+}
+```
+
+---
+
+Built by [VEXT Labs, Inc.](https://tryvext.com)