| --- |
| license: mit |
| tags: |
| - security |
| - pentesting |
| - autonomous-agent |
| - cybersecurity |
| - tool-use |
| - qwen2.5 |
| language: |
| - en |
| base_model: |
| - bartowski/Qwen2.5-14B_Uncensored_Instruct-GGUF |
| pipeline_tag: text-generation |
| library_name: transformers |
| --- |
| |
|  |
|
|
|  |
|
|
| <video autoplay loop muted playsinline width="100%"> |
| <source src="./Final_EDIT.mp4" type="video/mp4"> |
| </video> |
|
|
|
|
| π Local Security Model β Autonomous Pentesting Agent |
|
|
| Developed by: automajicly |
| Built on: Qwen2.5-14b-Instruct-Uncensored-GGUF by Bartowski |
|
|
| OVERVIEW |
|
|
| Local_Security_Model is an autonomous penetration testing agent designed for professional security assessments. Built on top of Qwen 2.5, it operates through a custom MCP (Model Context Protocol) architecture that enables real-time tool orchestration, vulnerability discovery, and exploit chaining β all running locally with no cloud dependency. |
| This agent was developed as the core engine behind PenMaster Security, targeting small business security audits, WordPress hardening, and ecommerce vulnerability assessments. |
|
|
| Key Capabilities |
| β’ Autonomous reconnaissance β masscan + nmap port/service enumeration with zero manual input |
| β’ Vulnerability assessment β searchsploit integration for CVE matching against discovered services |
| β’ Web application testing β nikto and sqlmap for injection and misconfiguration detection |
| β’ Credential auditing β hydra and ncrack for multi-protocol brute force testing |
| β’ Payload delivery β curl/wget for staged payload retrieval and HTTP interaction |
| β’ Structured reporting β auto-generated HTML pentest reports with severity ratings and remediation guidance |
| |
| Architecture |
| |
| agent_loop.py β LLM reasoning + tool chain generation (Qwen 2.5 via LM Studio) |
| mcp_server.py β Flask-based tool execution server (port 8000, systemd managed) |
| report_generator.py β HTML report engine with PenMaster branding |
| logs/ β Structured JSON session logs |
| reports/ β Auto-generated client-facing pentest reports |
| |
|
|
| Model backend: |
| Qwen 2.5-14B served locally via LM StudioExecution layer: Flask MCP server with systemd auto-restartInterface: Terminal-native, SSH-accessible from remote IDEs (Cursor) |
| |
| Tool Stack: |
| |
| TOOL PURPOSE |
| |
| masscan High speed port scanning |
| |
| nmap Service/version enumeration |
| |
| nitko Web server vulnerability scanning |
| |
| sqlmap SQL injection detection |
| |
| hydra Multi-protocol credential brute forcing |
| |
| ncrack Network authentication cracking |
| |
| searchsploit CVE/exploit database lookup |
| |
| curl/wget HTTP interaction and payload staging |
| |
| |
| |
| Intended Use |
| |
| This model and agent stack is designed for: |
| β’ Professional penetration testing against authorized targets |
| β’ Security audits for small businesses, WordPress sites, and ecommerce platforms |
| β’ Vulnerability research in isolated lab environments |
| β’ Security education and CTF preparation |
| β οΈ Authorized use only. This tool is intended exclusively for use against systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical. |
| |
|
|
| Target Environments |
| β’ Kali Linux (primary deployment platform) |
| β’ Isolated VM lab networks |
| β’ Small business web infrastructure (with client authorization) |
| |
|
|
| Business Context |
| Local_Security_Model is the core engine behind PenMaster Security β an independent penetration testing project offering: |
| β’ Initial security audit and vulnerability report |
| β’ Ongoing security hardening retainer |
| β’ WordPress and ecommerce-focused assessments |
| π¬ Contact: GitHub.com/XenoCoreGiger31 |
| |
|
|
|
|