155 lines
5.6 KiB
Markdown
155 lines
5.6 KiB
Markdown
---
|
|
license: apache-2.0
|
|
base_model: georgehenney/Qwen3-8B-heretic
|
|
tags:
|
|
- security
|
|
- cybersecurity
|
|
- pentest
|
|
- CVSS
|
|
- OWASP
|
|
- red-team
|
|
- bug-bounty
|
|
- 128k-context
|
|
- gguf
|
|
- qwen3
|
|
- ravenx
|
|
- rath-protocol
|
|
- tool-calling
|
|
language:
|
|
- en
|
|
pipeline_tag: text-generation
|
|
---
|
|
|
|
# RavenX-Sec Qwen3-8B v4.0 — Autonomous Security Intelligence Model 128K (GGUF)
|
|
|
|
> **GGUF** · Ollama / llama.cpp / LM Studio · 128K context · 6-step RATH protocol · 610K training examples · 21 datasets
|
|
|
|
This is the GGUF version of [`RavenX-Sec-8B-Security-RATH-128k-mlx-4bit`](https://huggingface.co/deadbydawn101/RavenX-Sec-8B-Security-RATH-128k-mlx-4bit) — the model **self-evolved** from 4 to 6 RATH steps during training.
|
|
|
|
> 🍎 **Looking for the MLX version?** → [RavenX-Sec-8B-Security-RATH-128k-mlx-4bit](https://huggingface.co/deadbydawn101/RavenX-Sec-8B-Security-RATH-128k-mlx-4bit)
|
|
|
|
**Built by [@DeadByDawn101](https://github.com/DeadByDawn101) (RavenX LLC)**
|
|
|
|
## Quick Start
|
|
|
|
```bash
|
|
ollama run hf.co/deadbydawn101/RavenX-Sec-8B-GGUF:ravenx-sec-v4.0-128k-Q8_0
|
|
```
|
|
|
|
## Available Quantizations
|
|
|
|
### v4.0-128k (Latest — Recommended)
|
|
|
|
| Filename | Quant | Size |
|
|
|----------|-------|------|
|
|
| `ravenx-sec-v4.0-128k-Q4_K_M.gguf` | Q4_K_M | 4.7 GB |
|
|
| `ravenx-sec-v4.0-128k-Q5_K_M.gguf` | Q5_K_M | 5.4 GB |
|
|
| `ravenx-sec-v4.0-128k-Q8_0.gguf` | Q8_0 | 8.1 GB |
|
|
| `ravenx-sec-v4.0-128k-f16.gguf` | F16 | 15.3 GB |
|
|
|
|
### Previous Versions
|
|
|
|
v3.0-128k, v3.0, v2.0 also available in this repo.
|
|
|
|
## Related Models
|
|
|
|
| Model | Format | Link |
|
|
|-------|--------|------|
|
|
| RavenX-Sec v4.0 MLX 4-bit | MLX Safetensors | [MLX version](https://huggingface.co/deadbydawn101/RavenX-Sec-8B-Security-RATH-128k-mlx-4bit) |
|
|
| **RavenX-Sec v4.0 GGUF** | GGUF | This repo |
|
|
|
|
## What This Is
|
|
|
|
A fine-tuned Qwen3-8B specialized for the complete vulnerability lifecycle: **find → classify → fix → verify → report → prevent**. Trained on 610,220 examples from 21 security-specific datasets with 8192 sequence length (zero truncation). Extended to 128K context via YaRN rope scaling.
|
|
|
|
The model **self-evolved** from a 4-step to a **6-step RATH protocol** during training:
|
|
|
|
| Step | What It Does |
|
|
|------|-------------|
|
|
| **R — Risk / Identify** | Finding context, affected systems, exposure |
|
|
| **A — Assessment** | CVSS score + vector, CWE, scope, ground truth |
|
|
| **T — Threat** | Attacker objectives, attack vectors, likelihood |
|
|
| **H — Highlight / Remediate** | Immediate action, recommended fix, workaround, verification |
|
|
| **D — Document** | Severity, weakness classification, steps, SLA |
|
|
| **P — Prevent** | Process improvements, controls, training, monitoring |
|
|
|
|
## Example Output (v4.0 — 6-Step RATH)
|
|
|
|
```
|
|
RATH STEP 1: IDENTIFY
|
|
- Finding: OpenSSH 7.4 running on port 22 of production server
|
|
- Context: Older version with known vulnerabilities
|
|
|
|
RATH STEP 2: ASSESS
|
|
- CVSS Score: 6.3 for multiple vulnerabilities
|
|
- Impact: Remote code execution, information disclosure
|
|
- Scope: Entire server and SSH-dependent services
|
|
|
|
RATH STEP 3: THREAT
|
|
- Attacker Objective: Exploit known CVEs in OpenSSH 7.4
|
|
- Attack Vectors: Remote code execution via SSH
|
|
- Likelihood: High — well-documented and widely exploited
|
|
|
|
RATH STEP 4: REMEDIATE
|
|
- Immediate: Apply latest security patches
|
|
- Recommended: Upgrade to OpenSSH 8.x or higher
|
|
- Workaround: Apply all available security updates
|
|
- Verification: Check version post-remediation
|
|
|
|
RATH STEP 5: DOCUMENT
|
|
- Severity: Critical
|
|
- Weakness: Outdated software
|
|
- SLA: Follow org patching SLA for critical vulns
|
|
|
|
RATH STEP 6: PREVENT
|
|
- Process: Implement automated patch management
|
|
- Controls: Deploy CVE scanning, maintain system inventory
|
|
- Training: Educate team on software update importance
|
|
- Monitoring: Enable continuous vulnerability scanning
|
|
|
|
✅ RATH VERDICT: REMEDIATE IMMEDIATELY
|
|
```
|
|
|
|
## Model Details
|
|
|
|
| Parameter | Value |
|
|
|-----------|-------|
|
|
| **Architecture** | Qwen3-8B |
|
|
| **Base** | georgehenney/Qwen3-8B-heretic (abliterated) |
|
|
| **Context Window** | 128K (YaRN rope scaling, factor 4.0) |
|
|
| **Training Data** | 610,220 examples |
|
|
| **Security Content** | 53% (323K examples) |
|
|
| **Agent/Tool Content** | 37% (228K examples) |
|
|
| **Datasets** | 21 sources |
|
|
| **Max Seq Length** | 8192 (zero truncation) |
|
|
| **Tokens Trained** | 3,644,923 |
|
|
| **Method** | MLX LoRA (rank 32, 8 layers, 1e-5 LR, 2000 iters) |
|
|
| **Hardware** | Apple M4 Max 128GB |
|
|
| **Peak Memory** | 69.5 GB |
|
|
|
|
## Training Datasets (21)
|
|
|
|
**Security (11):** Trendyol/Cybersecurity-Instruction-Tuning (50K) · SkywardNomad92/pentest-findings-v2 (50K) · WNT3D/Ultimate-Offensive-Red-Team (25.6K) · auren-research/cve-sft-v5 (10K) · theelderemo/pentesting-explanations (5.9K) · Rootkit7/pentest-redteam-steering (2K) · acnimatic3722/kali-linux-pentesting-data (343) · AYI-NEDJIMI/bug-bounty-pentest-en · CJJones/Synthetic_PenTest_Reports · Whoisjutanlee/4-Security-Tools-Pentesting · cpagac/venomx-pentesting-harmful
|
|
|
|
**Agent/Tool/Coding (5):** burtenshaw/agent-tools · Nanbeige/ToolMind · togethercomputer/CoderForge-Preview · automatelab/mcp-servers-tool-catalog · Jackrong/Claude-opus-4.7-TraceInversion-5000x
|
|
|
|
**Agentic:** WithinUsAI/AgentAngel_100k (50K capped) · WithinUsAI/claude_mythos_distilled_25k (16K security)
|
|
|
|
**Extracted:** hackingBuddyGPT · PentestGPT · Shannon · Ghidra · OpenMythos + Synthetic RATH chains
|
|
|
|
## Frameworks Supported
|
|
|
|
CVSS 3.1 · NIST CSF 2.0 · OWASP Top 10 · CWE · MITRE ATT&CK · PCI DSS · HIPAA · SOX
|
|
|
|
## Source Code & Training Pipeline
|
|
|
|
**[github.com/DeadByDawn101/RavenX-Sec](https://github.com/DeadByDawn101/RavenX-Sec)**
|
|
|
|
## License
|
|
|
|
Apache-2.0
|
|
|
|
---
|
|
|
|
*"We don't give up. We do what others don't and build what isn't possible." — RavenX LLC*
|