goollllll deadbydawn101 commited on
Commit
ec94da0
Β·
0 Parent(s):

Duplicate from deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-GGUF

Browse files
Files changed (4) hide show
  1. .gitattributes +38 -0
  2. Modelfile +10 -0
  3. README.md +322 -0
  4. RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf +3 -0
.gitattributes ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ *.7z filter=lfs diff=lfs merge=lfs -text
2
+ *.arrow filter=lfs diff=lfs merge=lfs -text
3
+ *.bin filter=lfs diff=lfs merge=lfs -text
4
+ *.bz2 filter=lfs diff=lfs merge=lfs -text
5
+ *.ckpt filter=lfs diff=lfs merge=lfs -text
6
+ *.ftz filter=lfs diff=lfs merge=lfs -text
7
+ *.gz filter=lfs diff=lfs merge=lfs -text
8
+ *.h5 filter=lfs diff=lfs merge=lfs -text
9
+ *.joblib filter=lfs diff=lfs merge=lfs -text
10
+ *.lfs.* filter=lfs diff=lfs merge=lfs -text
11
+ *.mlmodel filter=lfs diff=lfs merge=lfs -text
12
+ *.model filter=lfs diff=lfs merge=lfs -text
13
+ *.msgpack filter=lfs diff=lfs merge=lfs -text
14
+ *.npy filter=lfs diff=lfs merge=lfs -text
15
+ *.npz filter=lfs diff=lfs merge=lfs -text
16
+ *.onnx filter=lfs diff=lfs merge=lfs -text
17
+ *.ot filter=lfs diff=lfs merge=lfs -text
18
+ *.parquet filter=lfs diff=lfs merge=lfs -text
19
+ *.pb filter=lfs diff=lfs merge=lfs -text
20
+ *.pickle filter=lfs diff=lfs merge=lfs -text
21
+ *.pkl filter=lfs diff=lfs merge=lfs -text
22
+ *.pt filter=lfs diff=lfs merge=lfs -text
23
+ *.pth filter=lfs diff=lfs merge=lfs -text
24
+ *.rar filter=lfs diff=lfs merge=lfs -text
25
+ *.safetensors filter=lfs diff=lfs merge=lfs -text
26
+ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
27
+ *.tar.* filter=lfs diff=lfs merge=lfs -text
28
+ *.tar filter=lfs diff=lfs merge=lfs -text
29
+ *.tflite filter=lfs diff=lfs merge=lfs -text
30
+ *.tgz filter=lfs diff=lfs merge=lfs -text
31
+ *.wasm filter=lfs diff=lfs merge=lfs -text
32
+ *.xz filter=lfs diff=lfs merge=lfs -text
33
+ *.zip filter=lfs diff=lfs merge=lfs -text
34
+ *.zst filter=lfs diff=lfs merge=lfs -text
35
+ *tfevents* filter=lfs diff=lfs merge=lfs -text
36
+ RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf filter=lfs diff=lfs merge=lfs -text
37
+ RavenX-CyberAgent-35B-v5.1-F16.gguf filter=lfs diff=lfs merge=lfs -text
38
+ RavenX-CyberAgent-v6.2-Q4_K_M.gguf filter=lfs diff=lfs merge=lfs -text
Modelfile ADDED
@@ -0,0 +1,10 @@
 
 
 
 
 
 
 
 
 
 
 
1
+ # RavenX-CyberAgent v6.2 Modelfile for Ollama
2
+ # Usage: ollama create ravenx-cyberagent -f Modelfile
3
+
4
+ FROM ./RavenX-CyberAgent-v6.2-Q4_K_M.gguf
5
+
6
+ SYSTEM """You are RavenX-CyberAgent v6.2, an autonomous security assessment agent. You execute the RATH protocol: Attack Surface, Exploit, Impact, Remediation, Document, Prevent. You use tool_call for direct command execution. You are clinical, precise, and paranoid. Trust is binary."""
7
+
8
+ PARAMETER temperature 0.7
9
+ PARAMETER top_p 0.9
10
+ PARAMETER num_ctx 4096
README.md ADDED
@@ -0,0 +1,322 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: apache-2.0
3
+ base_model: huihui-ai/Huihui-Qwen3.6-35B-A3B-Claude-4.7-Opus-abliterated
4
+ tags:
5
+ - security
6
+ - cybersecurity
7
+ - pentest
8
+ - bug-bounty
9
+ - red-team
10
+ - agent
11
+ - tool-calling
12
+ - MCP
13
+ - GGUF
14
+ - llama-cpp
15
+ - ollama
16
+ - lm-studio
17
+ - vllm
18
+ - CVSS
19
+ - CWE
20
+ - MITRE-ATT&CK
21
+ - ravenx
22
+ - rath-protocol
23
+ - MoE
24
+ - 35B
25
+ - autonomous-agent
26
+ - abliterated
27
+ - qwen3.6
28
+ - openmythos
29
+ - quantized
30
+ language:
31
+ - en
32
+ pipeline_tag: text-generation
33
+ library_name: gguf
34
+ ---
35
+
36
+ # RavenX-CyberAgent GGUF β€” Ollama / LM Studio / llama.cpp / vLLM
37
+
38
+ ### 35B MoE (3B Active) | Q4_K_M 20.7 GB | 89 t/s Generation | 900 t/s Prompt | Agent Harness Agnostic
39
+
40
+ > **The most comprehensive open-source security agent model β€” in GGUF.** Runs in Ollama, LM Studio, llama.cpp, vLLM, and any GGUF runtime. 51/51 LoRA tensors merged. Identical to the MLX version.
41
+
42
+ **Built by [@DeadByDawn101](https://github.com/DeadByDawn101) | [RavenX LLC](https://github.com/DeadByDawn101)**
43
+
44
+ > *"We don't give up. We do what others don't and build what isn't possible."* β€” RavenX LLC
45
+
46
+ ---
47
+
48
+ ## Also Available (Same Model, Different Format)
49
+
50
+ | Format | Link | Best For |
51
+ |--------|------|----------|
52
+ | **GGUF (THIS)** | You are here | Ollama, LM Studio, llama.cpp, vLLM, NVIDIA GPUs |
53
+ | **MLX** | [RavenX-CyberAgent MLX](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx) | Apple Silicon native (M1-M4) |
54
+
55
+ **Both versions are identical** β€” same 51/51 LoRA tensors, same 745K+ training data, same 12 training rounds.
56
+
57
+ ---
58
+
59
+ ## Benchmarks (M4 Max 128GB, llama.cpp b9501)
60
+
61
+ ```
62
+ Prompt Processing: 900.6 tokens/sec
63
+ Generation: 89.3 tokens/sec
64
+ Model Size: 20.7 GB (Q4_K_M, 4.89 BPW)
65
+ Peak Memory: ~24 GB
66
+ Context Tested: 32K (262K native)
67
+ ```
68
+
69
+ **People are NOT getting the most out of local LLMs.** A 35B MoE at Q4_K_M gives dramatically better output than a 7B model at the SAME speed β€” because only 3B params activate per token.
70
+
71
+ | Model | Speed | Quality | Size |
72
+ |-------|-------|---------|------|
73
+ | Llama 7B Q4 | ~30 t/s | Basic chat | 4 GB |
74
+ | Mistral 7B Q4 | ~50 t/s | Decent | 4 GB |
75
+ | **RavenX 35B MoE Q4** | **89 t/s** | **Kill chains + CVSS + MITRE** | **20.7 GB** |
76
+
77
+ ---
78
+
79
+ ## Available Files
80
+
81
+ | File | Size | BPW | Best For |
82
+ |------|------|-----|----------|
83
+ | `RavenX-CyberAgent-35B-v5.1-F16.gguf` | 67.8 GB | 16.01 | Maximum quality |
84
+ | `RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf` | 20.7 GB | 4.89 | **Recommended** |
85
+
86
+ ---
87
+
88
+ ## Quick Start
89
+
90
+ ### Ollama
91
+
92
+ ```
93
+ # Modelfile
94
+ FROM ./RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf
95
+
96
+ SYSTEM "You are RavenX-Sec v5.1 by RavenX LLC. ALWAYS use EXACT 6 RATH step names: 1-Attack Surface, 2-Exploit, 3-Impact, 4-Remediation, 5-Document, 6-Prevent. Include CVSS scores, CWE IDs, and MITRE ATT&CK TTPs. Be concise. Never repeat."
97
+
98
+ PARAMETER temperature 0.7
99
+ PARAMETER top_p 0.9
100
+ PARAMETER num_ctx 32768
101
+ ```
102
+
103
+ ```bash
104
+ ollama create ravenx-cyberagent -f Modelfile
105
+ ollama run ravenx-cyberagent
106
+ ```
107
+
108
+ ### llama.cpp
109
+
110
+ ```bash
111
+ llama-cli -m RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf \
112
+ --system-prompt "You are RavenX-Sec v5.1 by RavenX LLC. Use 6 RATH steps. Include CVSS, CWE, MITRE. Be concise." \
113
+ -cnv -n 8192 -c 32768
114
+ ```
115
+
116
+ ### LM Studio
117
+
118
+ Download the Q4_K_M GGUF, load in LM Studio, set the system prompt, chat.
119
+
120
+ ---
121
+
122
+ ## Agent Harness Agnostic
123
+
124
+ This model works with **ANY** agent framework β€” not locked to any platform:
125
+
126
+ | Framework | Integration |
127
+ |-----------|------------|
128
+ | **OpenClaw** | Ollama backend, full SOUL.md support |
129
+ | **Hermes** | llama.cpp server, self-improving loop |
130
+ | **Ollama** | Native GGUF |
131
+ | **LM Studio** | GUI + API server |
132
+ | **vLLM** | Production serving |
133
+ | **llama.cpp** | CLI + server mode |
134
+
135
+ ### Better Results: Custom SOUL.md
136
+
137
+ The model works great with just a system prompt. But add a custom `SOUL.md` or `agent.md` configuration and results improve significantly:
138
+
139
+ ```markdown
140
+ # SOUL.md β€” RavenX Security Agent
141
+ name: RavenX-Sec
142
+ version: 5.1
143
+ protocol: 6-step RATH
144
+ style: Direct, actionable, no fluff
145
+ includes: CVSS 3.1, CWE IDs, MITRE ATT&CK TTPs, compliance mapping
146
+ ```
147
+
148
+ ### Thinking Toggle (OFF / LOW / MED / HIGH)
149
+
150
+ The model supports chain-of-thought reasoning via think blocks. Toggle depth for your use case:
151
+
152
+ | Mode | Add to System Prompt | Use Case |
153
+ |------|---------------------|----------|
154
+ | **OFF** | "Skip internal reasoning. Output directly." | Fast scans, real-time |
155
+ | **LOW** | "Think briefly in 1-2 sentences, then output." | Standard checks |
156
+ | **MED** | "Think through the problem step by step." | Detailed reports |
157
+ | **HIGH** | "Think deeply about every angle. Map full kill chains." | Complex APT analysis |
158
+
159
+ **HIGH produces incredible multi-phase kill chain analysis** β€” but uses more tokens for reasoning. Toggle based on your needs.
160
+
161
+ ---
162
+
163
+ ## Example Output
164
+
165
+ **Prompt:** `Kubernetes EKS pentest: anonymous auth, privileged pods, SA tokens everywhere, no network policies, etcd without TLS, Jenkins SSH keys as secrets, Grafana admin/admin`
166
+
167
+ **1-Attack Surface** β€” 7-finding table with CWE-284, CWE-250, CWE-798, CWE-319
168
+
169
+ **2-Exploit (Kill Chain)**
170
+ - Phase 1: Initial Access via Grafana default creds
171
+ - Phase 2: SA token impersonation, kubectl exec into privileged pod
172
+ - Phase 3: Persistence via malicious pod with hostPath mount
173
+ - Phase 4: etcd direct read, extract all K8s secrets including Jenkins SSH keys
174
+ - Phase 5: Lateral movement to production nodes via stolen SSH keys
175
+
176
+ **3-Impact** β€” CVSS 9.8, full cluster compromise, data exfiltration, APT persistence
177
+
178
+ **4-Remediation** β€” disable anonymous auth, enforce PSA, network policies, etcd TLS
179
+
180
+ **5-Document** β€” MITRE T1078.004, T1611, T1557, compliance mapping
181
+
182
+ **6-Prevent** β€” admission controllers, Falco monitoring, secret rotation, CIS benchmarks
183
+
184
+ ---
185
+
186
+ ## Training (12 Rounds)
187
+
188
+ | Round | Examples | Iters | LR | Val Loss | Focus |
189
+ |-------|----------|-------|----|----------|-------|
190
+ | R1 | 675,696 | 2,000 | 1e-5 | 0.684 | Deep security + agent knowledge |
191
+ | R2 | 680,150 | 500 | 5e-6 | 0.768 | RATH format reinforcement |
192
+ | R3 | 705,165 | 1,000 | 5e-6 | 0.688 | Claude Mythos reasoning chains |
193
+ | R4 | 730,849 | 1,000 | 5e-6 | 0.674 | Pentesting tools + frameworks |
194
+ | R5 | 730,869 | 200 | 5e-6 | 0.717 | Meta-response tuning |
195
+ | R6 | 730,869 | 1,000 | 5e-6 | β€” | Extended (checkpoint 1000 = production) |
196
+ | R7 | 732,361 | 1,500 | 3e-6 | 0.926 | Bug bounty data (36 shuvonsec repos) |
197
+ | R8 | 732,364 | 200 | 5e-6 | β€” | Strict RATH step naming fix |
198
+ | R9 | 745,697 | 1,500 | 3e-6 | 0.693 | MITRE + blackhat + code + quantum |
199
+ | R10 | 745,724 | 1,500 | 3e-6 | **0.688** | **GRAM distilled traces + 17 tool-calling** |
200
+ | R11 | 745,843 | 1,500 | 3e-6 | 0.822 | 119 comprehensive tool-calling examples |
201
+ | R12 | 745,843 | 1,500 | 3e-6 | 0.820 | Tool-calling integration round |
202
+
203
+ **Hardware:** Apple M4 Max 128GB Β· Peak memory: ~90GB Β· Framework: MLX (mlx-lm)
204
+ **Total training examples:** 745K+ from 110 sources
205
+
206
+ ## Ecosystem
207
+
208
+ | Repo | Description |
209
+ |------|-------------|
210
+ | [OpenMythos-MLX](https://github.com/DeadByDawn101/OpenMythos-MLX) | RDT + MoDA (4x depth extrapolation confirmed!) |
211
+ | [RavenX-Sec](https://github.com/DeadByDawn101/RavenX-Sec) | Training pipeline |
212
+ | [turboquant-mlx](https://github.com/DeadByDawn101/turboquant-mlx) | KV cache compression |
213
+ | [grove-mlx](https://github.com/DeadByDawn101/grove-mlx) | Distributed training |
214
+
215
+ ---
216
+
217
+
218
+
219
+ ---
220
+
221
+ ## IN-CONTEXT ADAPTATION (Breakthrough Discovery)
222
+
223
+ **This model can learn from references IN THE PROMPT β€” no retraining needed.**
224
+
225
+ ### What We Discovered
226
+
227
+ When pointed at a GitHub repo containing pentest report templates, the model:
228
+ 1. Analyzed the repo's report structure (NIST format)
229
+ 2. Applied that structure to its current findings
230
+ 3. Produced a complete, client-ready pentest deliverable
231
+ 4. All at 80+ tokens/sec locally
232
+
233
+ ### Example
234
+
235
+ ```
236
+ PROMPT: "Use your MCP tool to look at github.com/juliocesarfort/public-pentesting-reports
237
+ and learn how to format a pentest report, then create a report on the pentest
238
+ you just did on [target]"
239
+
240
+ OUTPUT: Complete professional pentest report with:
241
+ β†’ Executive Summary (5 critical, 7 high, 4 medium, 3 low)
242
+ β†’ 5-Phase Kill Chain with real commands
243
+ β†’ 19 findings with CVSS + CWE + MITRE ATT&CK
244
+ β†’ Risk Matrix ranked by severity
245
+ β†’ Remediation Timeline (0-30, 30-60, 60-90, 90+ days)
246
+ β†’ Specific commands for EVERY finding
247
+ ```
248
+
249
+ ### Why This Works
250
+
251
+ The model was trained on 745K+ examples including:
252
+ - 42K self-improving agent examples (Hermes)
253
+ - 6.7K AI-Scientist research automation
254
+ - 3.6K AutoResearch pipeline data
255
+ - 25K Claude Mythos reasoning chains
256
+ - 551 Mythos character distillation (behavioral depth)
257
+ - 1,003 blackhat AI offensive security conversations
258
+
259
+ This combination created **emergent meta-learning** β€” the model learned HOW TO LEARN from references. It can:
260
+
261
+ | Point At | Result |
262
+ |----------|--------|
263
+ | Mandiant report template | Mandiant-formatted report |
264
+ | CrowdStrike template | CrowdStrike-formatted report |
265
+ | NIST framework | NIST-formatted assessment |
266
+ | Company internal template | Custom-formatted deliverable |
267
+ | ANY GitHub repo | Adapted output format |
268
+
269
+ **No retraining. No fine-tuning. Just point and generate.**
270
+
271
+ ### What This Means
272
+
273
+ A $50K-$150K pentest engagement deliverable β€” generated in 60 seconds on a laptop. The model adapts its output format from ANY reference, produces client-ready reports with real commands, and maintains full RATH protocol structure throughout.
274
+
275
+ This is not prompt engineering. This is **In-Context Adaptation** β€” a capability that emerged from training on self-improving agent + research automation + reasoning chain data.
276
+
277
+
278
+
279
+
280
+ ---
281
+
282
+ ## ⚠️ Important Disclaimer
283
+
284
+ **This model is released for RESEARCH PURPOSES ONLY under fair use.**
285
+
286
+ This is an extremely capable autonomous security assessment model. It has been trained on 745K+ examples from 110 sources covering penetration testing, vulnerability assessment, exploit development, tool usage, and attack chain methodology.
287
+
288
+ **Responsible Use:**
289
+ - This model is intended for authorized security testing, research, and education ONLY
290
+ - Users must have explicit written authorization before assessing any target
291
+ - Use within a properly configured agent harness with appropriate guardrails
292
+ - All security testing must comply with applicable laws and regulations
293
+ - The model authors are not responsible for misuse
294
+
295
+ **What This Model Can Do:**
296
+ - Generate complete RATH security assessments with CVSS, CWE, MITRE ATT&CK
297
+ - Produce tool-calling commands (nmap, sqlmap, nuclei, kubectl, aws-cli, etc.)
298
+ - Create professional pentest reports ($50K+ consulting quality)
299
+ - Learn output formats from reference repositories (In-Context Adaptation)
300
+ - Operate with agent memory (TurboVec + FTS5 + markdown) at model + harness level
301
+
302
+ **Agent Harness Considerations:**
303
+ - The harness MUST strip `<think>` blocks (Qwen3.6 architecture always generates them)
304
+ - The harness MUST validate `<tool_call>` JSON before execution
305
+ - The harness SHOULD implement authorization checks before executing commands
306
+ - The harness SHOULD implement rate limiting and scope restrictions
307
+ - Memory operations require the [ravenx-memory](https://github.com/DeadByDawn101/ravenx-memory) system
308
+
309
+ **Built by:** [@DeadByDawn101](https://github.com/DeadByDawn101) / RavenX LLC
310
+ **AI Pair Programmer:** Claude (Anthropic)
311
+
312
+
313
+ ## License
314
+
315
+ Apache-2.0
316
+
317
+ *Built on Apple Silicon. Quantized with llama.cpp. Agent harness agnostic. Thinking toggleable.* πŸ¦β€β¬›
318
+
319
+
320
+ ---
321
+
322
+ > **New:** Try [v6.2 Experimental GGUF](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-v6.2-Experimental-GGUF) β€” improved reasoning, 90 tok/s, Soul Infusion identity training. Benchmarked 80.9%.
RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ version https://git-lfs.github.com/spec/v1
2
+ oid sha256:8f75846d57b4947df776f400bbf7c85e7a9092bf9f596b315a775535d6de665f
3
+ size 21713463264