Hugging Face's logo

Spaces:
niranjan2777
/
Sentinel-web-pentesting
Running

App Files Community
niranjan2777 commited on
Commit
3c015d5
·
verified ·
1 Parent(s): 8c5da4b

Update README.md

Browse files
Files changed (1) hide show
  1. README.md +43 -34
README.md CHANGED
@@ -1,49 +1,58 @@
1
  ---
2
- title: SENTINEL Autonomous Pentesting Agent
3
- emoji: 🛡️
4
- colorFrom: red
5
- colorTo: gray
6
- sdk: gradio
7
- sdk_version: 4.36.1
8
- app_file: app.py
9
- pinned: false
10
  license: apache-2.0
11
- short_description: Fine-tuned Llama-3-8B that autonomously exploits web vulns
 
12
  tags:
13
- - security
14
  - llama-3
15
- - autonomous-agent
 
 
 
16
  - web-pentesting
 
17
  - sql-injection
18
- - cybersecurity
 
19
  ---
20
 
21
- # 🛡️ SENTINEL — Autonomous Web Pentesting Agent
 
 
 
 
 
 
 
 
22
 
23
- **SENTINEL** is a fine-tuned **Llama-3-8B-Instruct** model trained via SFT+GRPO to autonomously reason about web application vulnerabilities and generate exploit payloads.
 
 
 
24
 
25
- ## What it does
26
 
27
- Given a **goal** (e.g. `AUTHENTICATED`, `DATA_EXFILTRATED`) and an **HTML snippet** (the current page DOM), SENTINEL outputs a single structured JSON action — exactly like a human pentester would decide their next move.
 
 
 
 
 
 
28
 
29
- ```json
30
- {
31
- "Thought": "Login form with username/password fields on a .php endpoint — classic SQLi target.",
32
- "Action": "SQL_INJECT",
33
- "Action_Input": {
34
- "target_url": "http://target/login.php",
35
- "method": "POST",
36
- "parameters": {"username": "admin'--", "password": "x"},
37
- "rationale": "OR-tautology bypass on username field"
38
- }
39
- }
40
- ```
41
 
42
- ## Model Details
43
 
44
- - **Base model:** `meta-llama/Meta-Llama-3-8B-Instruct`
45
- - **Fine-tuning:** SFT on curated web-exploit trajectories + GRPO reward shaping
46
- - **Quantization:** Q5_K_M GGUF (~5.7 GB), served via `llama-cpp-python`
47
- - **The GGUF weights** are hosted in a separate model repo and downloaded at runtime to bypass the Space 1 GB git limit.
 
 
 
 
 
48
 
49
- > ⚠️ **Authorized testing only.** SENTINEL is designed for use against intentionally vulnerable targets (DVWA, Juice Shop, HackTheBox, etc.). Do not use against systems you do not own.
 
1
  ---
2
+ pipeline_tag: text-generation
 
 
 
 
 
 
 
3
  license: apache-2.0
4
+ language:
5
+ - en
6
  tags:
 
7
  - llama-3
8
+ - gguf
9
+ - quantization
10
+ - ollama
11
+ - cybersecurity
12
  - web-pentesting
13
+ - autonomous-agent
14
  - sql-injection
15
+ - penetration-testing
16
+ base_model: meta-llama/Meta-Llama-3-8B-Instruct
17
  ---
18
 
19
+ # SENTINEL — Llama-3-8B (Quantized GGUF)
20
+
21
+ This directory contains the **fully merged and quantized** version of the SENTINEL autonomous web-exploitation agent.
22
+
23
+ this folder contains a standalone, compressed model ready for immediate local inference using tools like [Ollama](https://ollama.com/) or [llama.cpp](https://github.com/ggerganov/llama.cpp).
24
+
25
+ ## Quantization Details (`model-q5_k_m.gguf`)
26
+
27
+ The base Llama-3-8B-Instruct model and the SENTINEL SFT+GRPO fine-tuned adapter have been merged into a single file and compressed using **GGUF Quantization**.
28
 
29
+ - **Format:** GGUF
30
+ - **Quantization Method:** `Q5_K_M` (5-bit quantization with medium k-quants)
31
+ - **Size:** ~5.7 GB
32
+ - **Why Q5_K_M?** This specific quantization level strikes the ideal balance between performance and quality. It drastically reduces the memory footprint (allowing it to run comfortably on an RTX 3050 4GB or standard laptop RAM) while maintaining near-perfect accuracy compared to the uncompressed 16-bit model.
33
 
34
+ ## Included Files
35
 
36
+ * **`model-q5_k_m.gguf`**: The standalone quantized model weights.
37
+ * **`Modelfile`**: The configuration file for creating an Ollama endpoint. It is highly optimized for performance and low VRAM:
38
+ * Uses the Llama-3 `<|start_header_id|>` ChatML format.
39
+ * `num_ctx 2048`: Reduced context window from 4096 to save ~400MB of VRAM on lower-end GPUs.
40
+ * `temperature 0.0`: Forces the model to be completely deterministic, preventing hallucinated reasoning during pentesting.
41
+ * `num_predict 256`: Caps generation at 256 tokens since SENTINEL's expected JSON outputs are small (~150 tokens).
42
+ * **`smoke_test.ps1`**: A PowerShell script to quickly verify that the model is generating valid JSON responses in the correct SENTINEL schema.
43
 
44
+ ## How to Run with Ollama
 
 
 
 
 
 
 
 
 
 
 
45
 
46
+ You can instantly deploy this model locally using the included Modelfile.
47
 
48
+ 1. Open a terminal in this directory.
49
+ 2. Build the model in Ollama:
50
+ ```bash
51
+ ollama create sentinel -f Modelfile
52
+ ```
53
+ 3. Run the model:
54
+ ```bash
55
+ ollama run sentinel
56
+ ```
57
 
58
+ *(For use with the SENTINEL pentesting agent pipeline, simply ensure Ollama is serving the model in the background: `ollama serve`)*