automajicly's picture
Update README.md
90a97b2 verified
|
Raw
History Blame Contribute Delete
3.02 kB
---
license: mit
language:
- en
tags:
- penetration-testing
- autonomous-agent
- mcp
- kali-linux
- llm
- cybersecurity
- red-team
- ethical-hacking
- bug-bounty
- python
- flask
- bug-bounty,
- pentesting-tools,
- mcp,
- mcp-server,
- mcp-agent-loop,
- ethical-hacker,
- ethical-hacking-tools,
library_name: other
pipeline_tag: text-generation
base_model:
- Qwen/Qwen2.5-1.5B-Instruct-GGUF
---
# πŸ” PenMaster Security
**Autonomous AI-powered penetration testing agent β€” fully local, no cloud, no API keys.**
Built on Kali Linux with a local LLM (Qwen 2.5-14B via LM Studio) and a Flask-based MCP tool server. The agent runs recon, attacks, and generates professional pentest reports β€” all autonomously.
![demo](./Final_EDIT.gif)
---
## What It Does
- πŸ” Autonomous recon β€” masscan + nmap to discover open ports and services
- βš”οΈ Autonomous attack loop β€” selects and chains tools based on what it finds
- 🧠 Persistent negative experience cache β€” learns what fails across ALL sessions and never repeats mistakes
- πŸ“ Auto-generates branded HTML pentest reports on session end (Ctrl+C)
- πŸ”’ 100% local β€” Qwen 2.5-14B running in LM Studio, nothing leaves your machine
---
## Tool Arsenal (18 Tools)
| Tool | Purpose |
|------|---------|
| `run_masscan` | Fast port discovery |
| `run_nmap` | Deep service/version scanning |
| `run_nikto` | Web vulnerability scanning |
| `run_sqlmap` | SQL injection testing |
| `run_hydra` | Credential brute forcing |
| `run_ncrack` | Network authentication cracking |
| `run_searchsploit` | CVE/exploit database lookup |
| `run_metasploit` | Exploit framework integration |
| `run_curl` | HTTP interaction and payload staging |
| `run_wget` | File retrieval and payload staging |
| `run_enum4linux` | SMB/Samba enumeration |
| `run_smbclient` | SMB share access and enumeration |
| `run_ftp` | FTP service interaction |
| `run_ssh` | SSH service interaction |
| `run_telnet` | Telnet service interaction |
| `run_wpscan` | WordPress vulnerability scanning |
| `run_dirb` | Web directory brute forcing |
| `run_set` | Social Engineering Toolkit |
---
## Sovereign Agent Upgrades
- βœ… Autonomous tool reasoning β€” agent selects tools based on discovered services
- βœ… Persistent negative experience cache β€” SHA-256 fingerprinting blacklists failing tool/parameter combos across sessions
- βœ… Social Engineering Toolkit (SET) integration
- βœ… Auto HTML pentest report generation
---
## Stack
- **Model:** Qwen 2.5-14B Instruct (abliterated) via LM Studio
- **OS:** Kali Linux
- **Server:** Flask MCP server (port 8000)
- **Agent:** Python autonomous loop
- **Reports:** Auto-generated HTML on exit
---
## Intended Use
Designed for:
- Professional penetration testing against **authorized targets only**
- Security audits for small businesses, WordPress sites, and ecommerce
- Bug bounty hunting workflows
- AI/security research and development
---
## GitHub
[XenoCoreGiger31/Local-Model](https://github.com/XenoCoreGiger31/Local-Model)