automajicly's picture
Update app.py
21127d9 verified
Raw
History Blame Contribute Delete
2.57 kB
import gradio as gr
def penmaster_info():
return """
# πŸ” PenMaster Security
**Autonomous AI-powered penetration testing agent β€” fully local, no cloud, no API keys.**
Built on Kali Linux with a local LLM (Qwen 2.5-14B via LM Studio) and a Flask-based MCP tool server.
## Tool Arsenal (18 Tools)
- masscan, nmap, nikto, sqlmap
- hydra, ncrack, medusa, john
- searchsploit, gobuster, enum4linux
- metasploit, wpscan, whatweb
- curl, wget, write_file, read_file
- **SET (Social Engineering Toolkit)** NEW
## Architecture
agent_loop.py β†’ mcp_server.py (Flask) β†’ security tools
## Stack
- Model: Qwen 2.5-14B Instruct Abliterated
- Agent: Python autonomous loop
- MCP Server: Flask on port 8000
- OS: Kali Linux (UTM on Apple Silicon M1)
## GitHub
github.com/XenoCoreGiger31/Local-Model
"""
with gr.Blocks() as demo:
gr.Markdown("# πŸ” PenMaster Security Agent")
gr.Markdown("**Autonomous AI penetration testing β€” local, private, no API keys required.**")
gr.Markdown(penmaster_info())
gr.Markdown("""
## About This Project
PenMaster Security is an autonomous penetration testing agent built entirely from scratch by a self-taught developer and security researcher. The project started as a learning exercise and evolved into a fully functional security tool capable of conducting end-to-end penetration tests autonomously against real targets.
The agent runs entirely offline on local hardware β€” a MacBook Pro M1 running Kali Linux in a UTM virtual machine. No cloud services, no API keys, no external dependencies. The LLM (Qwen 2.5-14B Instruct Abliterated) runs locally via LM Studio and communicates with the agent through a custom Flask MCP server.
Every tool in the arsenal has been manually tested and validated against Metasploitable in a controlled lab environment. The agent has successfully breached multiple services autonomously including FTP, SSH, SMB, HTTP, and database services.
The latest upgrade adds Social Engineering Toolkit (SET) integration, bringing the total autonomous toolset to 18 tools and expanding PenMaster capabilities into social engineering attack vectors including credential harvesting and site cloning.
This project is intended exclusively for authorized penetration testing and security research. All testing was conducted in a private lab environment against systems owned and controlled by the developer.
## Support This Project
If you find this useful, consider starring the GitHub repo or sponsoring development at github.com/XenoCoreGiger31/Local-Model
""")
demo.launch()