---
library_name: mlx
license: apache-2.0
base_model: mlx-community/gemma-4-e2b-it-4bit
tags:
- mlx
- lora
- gemma4
- pentesting
- kali-linux
- nethunter
- security
language:
- en
pipeline_tag: text-generation
---

# Gemma 4 E2B-IT — Kali NetHunter Pentest LoRA

LoRA adapters for [mlx-community/gemma-4-e2b-it-4bit](https://huggingface.co/mlx-community/gemma-4-e2b-it-4bit) finetuned on Kali NetHunter penetration testing data for use on a rooted OnePlus 8T.

## What it does

Teaches the model to respond like an expert pentester with structured output:
- Nmap scan analysis with risk-rated tables
- Attack plans with exact bash commands
- WiFi, SMB, DNS enumeration workflows
- NetHunter + Termux specific tooling

## Training

- **Base model:** `mlx-community/gemma-4-e2b-it-4bit` (Gemma 4 E2B instruction-tuned, 4-bit quantized)
- **Method:** LoRA (rank 8, alpha 16, 4 layers)
- **Data:** 18 pentest examples + 2 validation (chat format with system/user/assistant)
- **Iterations:** 200 @ batch_size=1, lr=1e-5, grad_checkpoint=true
- **Hardware:** Apple Silicon 8GB (peak memory: 4.8GB)
- **Final loss:** Train 0.54, Val 2.13

## Usage

> **Note:** Requires mlx-lm installed from the `gemma4` branch (Gemma 4 support not yet in the stable release).

```bash
# Install mlx-lm with Gemma 4 support
git clone https://github.com/ml-explore/mlx-lm.git
cd mlx-lm && git checkout gemma4
pip install -e .
```

```python
from mlx_lm import load, generate

model, tokenizer = load(
    "mlx-community/gemma-4-e2b-it-4bit",
    adapter_path="0xsoftboi/gemma-4-e2b-it-kali-nethunter-lora"
)

messages = [
    {"role": "system", "content": "Expert pentester on rooted OnePlus 8T with Kali NetHunter + Termux. Give exact commands. Be concise."},
    {"role": "user", "content": "Generate an attack plan for SMB"}
]

prompt = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
response = generate(model, tokenizer, prompt=prompt, max_tokens=300)
print(response)
```

## Bug fix required

The upstream `gemma4` branch has a bug in `mlx_lm/models/gemma4.py` that prevents loading multimodal Gemma 4 checkpoints. The weight sanitizer adds a double `model.` prefix. Fix: [0xSoftBoi/mlx-lm@gemma4-fixes](https://github.com/0xSoftBoi/mlx-lm/tree/gemma4-fixes)

## Limitations

- Small training set (18 examples) — good at matching the pentest output style but may hallucinate specific CVEs or command flags
- E2B is a 2B-parameter model — works great on-device but less capable than larger variants
- Some safety guardrails from the base instruct model remain active

## License

Apache 2.0 (same as base model)