A newer version of the Gradio SDK is available: 6.15.2
metadata
title: SENTINEL Autonomous Pentesting Agent
emoji: 🛡️
colorFrom: red
colorTo: gray
sdk: gradio
sdk_version: 4.36.1
app_file: app.py
pinned: false
python_version: 3.10.13
license: apache-2.0
short_description: Fine-tuned Llama-3-8B that autonomously exploits web vulns
tags:
- security
- llama-3
- autonomous-agent
- web-pentesting
- sql-injection
- cybersecurity
🛡️ SENTINEL — Autonomous Web Pentesting Agent
SENTINEL is a fine-tuned Llama-3-8B-Instruct model trained via SFT+GRPO to autonomously reason about web application vulnerabilities and generate exploit payloads.
What it does
Given a goal (e.g. AUTHENTICATED, DATA_EXFILTRATED) and an HTML snippet (the current page DOM), SENTINEL outputs a single structured JSON action — exactly like a human pentester would decide their next move.
{
"Thought": "Login form with username/password fields on a .php endpoint — classic SQLi target.",
"Action": "SQL_INJECT",
"Action_Input": {
"target_url": "http://target/login.php",
"method": "POST",
"parameters": {"username": "admin'--", "password": "x"},
"rationale": "OR-tautology bypass on username field"
}
}
Model Details
- Base model:
meta-llama/Meta-Llama-3-8B-Instruct - Fine-tuning: SFT on curated web-exploit trajectories + GRPO reward shaping
- Quantization: Q5_K_M GGUF (~5.7 GB), served via
llama-cpp-python - The GGUF weights are hosted in a separate model repo and downloaded at runtime to bypass the Space 1 GB git limit.
⚠️ Authorized testing only. SENTINEL is designed for use against intentionally vulnerable targets (DVWA, Juice Shop, HackTheBox, etc.). Do not use against systems you do not own.