--- license: mit tags: - security - pentesting - autonomous-agent - cybersecurity - tool-use - qwen2.5 language: - en base_model: - bartowski/Qwen2.5-14B_Uncensored_Instruct-GGUF pipeline_tag: text-generation library_name: transformers --- ![PenMaster Banner](banner_animated.gif) ![demo](./Final_EDIT.gif) 🔐 Local Security Model — Autonomous Pentesting Agent Developed by: automajicly Built on: Qwen2.5-14b-Instruct-Uncensored-GGUF by Bartowski OVERVIEW Local_Security_Model is an autonomous penetration testing agent designed for professional security assessments. Built on top of Qwen 2.5, it operates through a custom MCP (Model Context Protocol) architecture that enables real-time tool orchestration, vulnerability discovery, and exploit chaining — all running locally with no cloud dependency. This agent was developed as the core engine behind PenMaster Security, targeting small business security audits, WordPress hardening, and ecommerce vulnerability assessments. Key Capabilities • Autonomous reconnaissance — masscan + nmap port/service enumeration with zero manual input • Vulnerability assessment — searchsploit integration for CVE matching against discovered services • Web application testing — nikto and sqlmap for injection and misconfiguration detection • Credential auditing — hydra and ncrack for multi-protocol brute force testing • Payload delivery — curl/wget for staged payload retrieval and HTTP interaction • Structured reporting — auto-generated HTML pentest reports with severity ratings and remediation guidance Architecture agent_loop.py ← LLM reasoning + tool chain generation (Qwen 2.5 via LM Studio) mcp_server.py ← Flask-based tool execution server (port 8000, systemd managed) report_generator.py ← HTML report engine with PenMaster branding logs/ ← Structured JSON session logs reports/ ← Auto-generated client-facing pentest reports Model backend: Qwen 2.5-14B served locally via LM StudioExecution layer: Flask MCP server with systemd auto-restartInterface: Terminal-native, SSH-accessible from remote IDEs (Cursor) Tool Stack: TOOL PURPOSE masscan High speed port scanning nmap Service/version enumeration nitko Web server vulnerability scanning sqlmap SQL injection detection hydra Multi-protocol credential brute forcing ncrack Network authentication cracking searchsploit CVE/exploit database lookup curl/wget HTTP interaction and payload staging Intended Use This model and agent stack is designed for: • Professional penetration testing against authorized targets • Security audits for small businesses, WordPress sites, and ecommerce platforms • Vulnerability research in isolated lab environments • Security education and CTF preparation ⚠️ Authorized use only. This tool is intended exclusively for use against systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical. Target Environments • Kali Linux (primary deployment platform) • Isolated VM lab networks • Small business web infrastructure (with client authorization) Business Context Local_Security_Model is the core engine behind PenMaster Security — an independent penetration testing project offering: • Initial security audit and vulnerability report • Ongoing security hardening retainer • WordPress and ecommerce-focused assessments 📬 Contact: GitHub.com/XenoCoreGiger31