goollllll's picture
Duplicate from deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-GGUF
ec94da0
|
Raw
History Blame Contribute Delete
11.7 kB
---
license: apache-2.0
base_model: huihui-ai/Huihui-Qwen3.6-35B-A3B-Claude-4.7-Opus-abliterated
tags:
- security
- cybersecurity
- pentest
- bug-bounty
- red-team
- agent
- tool-calling
- MCP
- GGUF
- llama-cpp
- ollama
- lm-studio
- vllm
- CVSS
- CWE
- MITRE-ATT&CK
- ravenx
- rath-protocol
- MoE
- 35B
- autonomous-agent
- abliterated
- qwen3.6
- openmythos
- quantized
language:
- en
pipeline_tag: text-generation
library_name: gguf
---
# RavenX-CyberAgent GGUF β€” Ollama / LM Studio / llama.cpp / vLLM
### 35B MoE (3B Active) | Q4_K_M 20.7 GB | 89 t/s Generation | 900 t/s Prompt | Agent Harness Agnostic
> **The most comprehensive open-source security agent model β€” in GGUF.** Runs in Ollama, LM Studio, llama.cpp, vLLM, and any GGUF runtime. 51/51 LoRA tensors merged. Identical to the MLX version.
**Built by [@DeadByDawn101](https://github.com/DeadByDawn101) | [RavenX LLC](https://github.com/DeadByDawn101)**
> *"We don't give up. We do what others don't and build what isn't possible."* β€” RavenX LLC
---
## Also Available (Same Model, Different Format)
| Format | Link | Best For |
|--------|------|----------|
| **GGUF (THIS)** | You are here | Ollama, LM Studio, llama.cpp, vLLM, NVIDIA GPUs |
| **MLX** | [RavenX-CyberAgent MLX](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx) | Apple Silicon native (M1-M4) |
**Both versions are identical** β€” same 51/51 LoRA tensors, same 745K+ training data, same 12 training rounds.
---
## Benchmarks (M4 Max 128GB, llama.cpp b9501)
```
Prompt Processing: 900.6 tokens/sec
Generation: 89.3 tokens/sec
Model Size: 20.7 GB (Q4_K_M, 4.89 BPW)
Peak Memory: ~24 GB
Context Tested: 32K (262K native)
```
**People are NOT getting the most out of local LLMs.** A 35B MoE at Q4_K_M gives dramatically better output than a 7B model at the SAME speed β€” because only 3B params activate per token.
| Model | Speed | Quality | Size |
|-------|-------|---------|------|
| Llama 7B Q4 | ~30 t/s | Basic chat | 4 GB |
| Mistral 7B Q4 | ~50 t/s | Decent | 4 GB |
| **RavenX 35B MoE Q4** | **89 t/s** | **Kill chains + CVSS + MITRE** | **20.7 GB** |
---
## Available Files
| File | Size | BPW | Best For |
|------|------|-----|----------|
| `RavenX-CyberAgent-35B-v5.1-F16.gguf` | 67.8 GB | 16.01 | Maximum quality |
| `RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf` | 20.7 GB | 4.89 | **Recommended** |
---
## Quick Start
### Ollama
```
# Modelfile
FROM ./RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf
SYSTEM "You are RavenX-Sec v5.1 by RavenX LLC. ALWAYS use EXACT 6 RATH step names: 1-Attack Surface, 2-Exploit, 3-Impact, 4-Remediation, 5-Document, 6-Prevent. Include CVSS scores, CWE IDs, and MITRE ATT&CK TTPs. Be concise. Never repeat."
PARAMETER temperature 0.7
PARAMETER top_p 0.9
PARAMETER num_ctx 32768
```
```bash
ollama create ravenx-cyberagent -f Modelfile
ollama run ravenx-cyberagent
```
### llama.cpp
```bash
llama-cli -m RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf \
--system-prompt "You are RavenX-Sec v5.1 by RavenX LLC. Use 6 RATH steps. Include CVSS, CWE, MITRE. Be concise." \
-cnv -n 8192 -c 32768
```
### LM Studio
Download the Q4_K_M GGUF, load in LM Studio, set the system prompt, chat.
---
## Agent Harness Agnostic
This model works with **ANY** agent framework β€” not locked to any platform:
| Framework | Integration |
|-----------|------------|
| **OpenClaw** | Ollama backend, full SOUL.md support |
| **Hermes** | llama.cpp server, self-improving loop |
| **Ollama** | Native GGUF |
| **LM Studio** | GUI + API server |
| **vLLM** | Production serving |
| **llama.cpp** | CLI + server mode |
### Better Results: Custom SOUL.md
The model works great with just a system prompt. But add a custom `SOUL.md` or `agent.md` configuration and results improve significantly:
```markdown
# SOUL.md β€” RavenX Security Agent
name: RavenX-Sec
version: 5.1
protocol: 6-step RATH
style: Direct, actionable, no fluff
includes: CVSS 3.1, CWE IDs, MITRE ATT&CK TTPs, compliance mapping
```
### Thinking Toggle (OFF / LOW / MED / HIGH)
The model supports chain-of-thought reasoning via think blocks. Toggle depth for your use case:
| Mode | Add to System Prompt | Use Case |
|------|---------------------|----------|
| **OFF** | "Skip internal reasoning. Output directly." | Fast scans, real-time |
| **LOW** | "Think briefly in 1-2 sentences, then output." | Standard checks |
| **MED** | "Think through the problem step by step." | Detailed reports |
| **HIGH** | "Think deeply about every angle. Map full kill chains." | Complex APT analysis |
**HIGH produces incredible multi-phase kill chain analysis** β€” but uses more tokens for reasoning. Toggle based on your needs.
---
## Example Output
**Prompt:** `Kubernetes EKS pentest: anonymous auth, privileged pods, SA tokens everywhere, no network policies, etcd without TLS, Jenkins SSH keys as secrets, Grafana admin/admin`
**1-Attack Surface** β€” 7-finding table with CWE-284, CWE-250, CWE-798, CWE-319
**2-Exploit (Kill Chain)**
- Phase 1: Initial Access via Grafana default creds
- Phase 2: SA token impersonation, kubectl exec into privileged pod
- Phase 3: Persistence via malicious pod with hostPath mount
- Phase 4: etcd direct read, extract all K8s secrets including Jenkins SSH keys
- Phase 5: Lateral movement to production nodes via stolen SSH keys
**3-Impact** β€” CVSS 9.8, full cluster compromise, data exfiltration, APT persistence
**4-Remediation** β€” disable anonymous auth, enforce PSA, network policies, etcd TLS
**5-Document** β€” MITRE T1078.004, T1611, T1557, compliance mapping
**6-Prevent** β€” admission controllers, Falco monitoring, secret rotation, CIS benchmarks
---
## Training (12 Rounds)
| Round | Examples | Iters | LR | Val Loss | Focus |
|-------|----------|-------|----|----------|-------|
| R1 | 675,696 | 2,000 | 1e-5 | 0.684 | Deep security + agent knowledge |
| R2 | 680,150 | 500 | 5e-6 | 0.768 | RATH format reinforcement |
| R3 | 705,165 | 1,000 | 5e-6 | 0.688 | Claude Mythos reasoning chains |
| R4 | 730,849 | 1,000 | 5e-6 | 0.674 | Pentesting tools + frameworks |
| R5 | 730,869 | 200 | 5e-6 | 0.717 | Meta-response tuning |
| R6 | 730,869 | 1,000 | 5e-6 | β€” | Extended (checkpoint 1000 = production) |
| R7 | 732,361 | 1,500 | 3e-6 | 0.926 | Bug bounty data (36 shuvonsec repos) |
| R8 | 732,364 | 200 | 5e-6 | β€” | Strict RATH step naming fix |
| R9 | 745,697 | 1,500 | 3e-6 | 0.693 | MITRE + blackhat + code + quantum |
| R10 | 745,724 | 1,500 | 3e-6 | **0.688** | **GRAM distilled traces + 17 tool-calling** |
| R11 | 745,843 | 1,500 | 3e-6 | 0.822 | 119 comprehensive tool-calling examples |
| R12 | 745,843 | 1,500 | 3e-6 | 0.820 | Tool-calling integration round |
**Hardware:** Apple M4 Max 128GB Β· Peak memory: ~90GB Β· Framework: MLX (mlx-lm)
**Total training examples:** 745K+ from 110 sources
## Ecosystem
| Repo | Description |
|------|-------------|
| [OpenMythos-MLX](https://github.com/DeadByDawn101/OpenMythos-MLX) | RDT + MoDA (4x depth extrapolation confirmed!) |
| [RavenX-Sec](https://github.com/DeadByDawn101/RavenX-Sec) | Training pipeline |
| [turboquant-mlx](https://github.com/DeadByDawn101/turboquant-mlx) | KV cache compression |
| [grove-mlx](https://github.com/DeadByDawn101/grove-mlx) | Distributed training |
---
---
## IN-CONTEXT ADAPTATION (Breakthrough Discovery)
**This model can learn from references IN THE PROMPT β€” no retraining needed.**
### What We Discovered
When pointed at a GitHub repo containing pentest report templates, the model:
1. Analyzed the repo's report structure (NIST format)
2. Applied that structure to its current findings
3. Produced a complete, client-ready pentest deliverable
4. All at 80+ tokens/sec locally
### Example
```
PROMPT: "Use your MCP tool to look at github.com/juliocesarfort/public-pentesting-reports
and learn how to format a pentest report, then create a report on the pentest
you just did on [target]"
OUTPUT: Complete professional pentest report with:
β†’ Executive Summary (5 critical, 7 high, 4 medium, 3 low)
β†’ 5-Phase Kill Chain with real commands
β†’ 19 findings with CVSS + CWE + MITRE ATT&CK
β†’ Risk Matrix ranked by severity
β†’ Remediation Timeline (0-30, 30-60, 60-90, 90+ days)
β†’ Specific commands for EVERY finding
```
### Why This Works
The model was trained on 745K+ examples including:
- 42K self-improving agent examples (Hermes)
- 6.7K AI-Scientist research automation
- 3.6K AutoResearch pipeline data
- 25K Claude Mythos reasoning chains
- 551 Mythos character distillation (behavioral depth)
- 1,003 blackhat AI offensive security conversations
This combination created **emergent meta-learning** β€” the model learned HOW TO LEARN from references. It can:
| Point At | Result |
|----------|--------|
| Mandiant report template | Mandiant-formatted report |
| CrowdStrike template | CrowdStrike-formatted report |
| NIST framework | NIST-formatted assessment |
| Company internal template | Custom-formatted deliverable |
| ANY GitHub repo | Adapted output format |
**No retraining. No fine-tuning. Just point and generate.**
### What This Means
A $50K-$150K pentest engagement deliverable β€” generated in 60 seconds on a laptop. The model adapts its output format from ANY reference, produces client-ready reports with real commands, and maintains full RATH protocol structure throughout.
This is not prompt engineering. This is **In-Context Adaptation** β€” a capability that emerged from training on self-improving agent + research automation + reasoning chain data.
---
## ⚠️ Important Disclaimer
**This model is released for RESEARCH PURPOSES ONLY under fair use.**
This is an extremely capable autonomous security assessment model. It has been trained on 745K+ examples from 110 sources covering penetration testing, vulnerability assessment, exploit development, tool usage, and attack chain methodology.
**Responsible Use:**
- This model is intended for authorized security testing, research, and education ONLY
- Users must have explicit written authorization before assessing any target
- Use within a properly configured agent harness with appropriate guardrails
- All security testing must comply with applicable laws and regulations
- The model authors are not responsible for misuse
**What This Model Can Do:**
- Generate complete RATH security assessments with CVSS, CWE, MITRE ATT&CK
- Produce tool-calling commands (nmap, sqlmap, nuclei, kubectl, aws-cli, etc.)
- Create professional pentest reports ($50K+ consulting quality)
- Learn output formats from reference repositories (In-Context Adaptation)
- Operate with agent memory (TurboVec + FTS5 + markdown) at model + harness level
**Agent Harness Considerations:**
- The harness MUST strip `<think>` blocks (Qwen3.6 architecture always generates them)
- The harness MUST validate `<tool_call>` JSON before execution
- The harness SHOULD implement authorization checks before executing commands
- The harness SHOULD implement rate limiting and scope restrictions
- Memory operations require the [ravenx-memory](https://github.com/DeadByDawn101/ravenx-memory) system
**Built by:** [@DeadByDawn101](https://github.com/DeadByDawn101) / RavenX LLC
**AI Pair Programmer:** Claude (Anthropic)
## License
Apache-2.0
*Built on Apple Silicon. Quantized with llama.cpp. Agent harness agnostic. Thinking toggleable.* πŸ¦β€β¬›
---
> **New:** Try [v6.2 Experimental GGUF](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-v6.2-Experimental-GGUF) β€” improved reasoning, 90 tok/s, Soul Infusion identity training. Benchmarked 80.9%.