fawazo
/

training-scripts

Model card Files Files and versions

xet

Community

fawazo commited on Dec 8, 2025

Commit

8186f7a

verified ·

1 Parent(s): a71f7c1

Upload train_pentest_combined.py with huggingface_hub

Browse files

Files changed (1) hide show

train_pentest_combined.py +208 -0

train_pentest_combined.py ADDED Viewed

	@@ -0,0 +1,208 @@

+# /// script
+# dependencies = [
+#     "trl>=0.12.0",
+#     "peft>=0.7.0",
+#     "transformers>=4.36.0",
+#     "accelerate>=0.24.0",
+#     "trackio",
+#     "datasets>=2.14.0",
+# ]
+# ///
+import json
+from datasets import load_dataset, concatenate_datasets, Dataset
+from peft import LoraConfig
+from trl import SFTTrainer, SFTConfig
+# Custom system prompt for pentesting JSON output
+PENTEST_SYSTEM_PROMPT = """You are an expert penetration testing AI assistant. Your role is to analyze web application traffic (HTTP requests and responses) and identify security vulnerabilities.
+When given web traffic data, you MUST respond with a valid JSON object in one of these formats:
+1. When you find a vulnerability:
+{"action": "report", "vulnerability": {"type": "SQLi|XSS|SSRF|IDOR|RCE|LFI|XXE|CSRF|Auth_Bypass|Info_Disclosure", "severity": "critical|high|medium|low", "description": "detailed explanation", "evidence": "specific evidence from the request/response", "remediation": "how to fix"}}
+2. When you want to send a follow-up request to test further:
+{"action": "request", "method": "GET|POST|PUT|DELETE", "path": "/endpoint", "headers": {}, "body": "if applicable", "reasoning": "why this test"}
+3. When you want to run a command (for authorized testing):
+{"action": "command", "cmd": "command to execute", "reasoning": "why this command helps"}
+4. When analysis is complete with no findings:
+{"action": "complete", "summary": "analysis summary", "tested": ["list of tests performed"]}
+Always respond with ONLY the JSON object, no additional text. Analyze thoroughly for OWASP Top 10, MITRE ATT&CK techniques, and common web vulnerabilities."""
+def load_and_convert_trendyol():
+    """Load Trendyol dataset and convert to ChatML format"""
+    print("Loading Trendyol dataset...")
+    ds = load_dataset("Trendyol/Trendyol-Cybersecurity-Instruction-Tuning-Dataset", split="train")
+    print(f"  Loaded {len(ds)} examples")
+    def convert(example):
+        return {
+            "messages": [
+                {"role": "system", "content": PENTEST_SYSTEM_PROMPT},
+                {"role": "user", "content": example["user"]},
+                {"role": "assistant", "content": example["assistant"]}
+            ]
+        }
+    return ds.map(convert, remove_columns=ds.column_names)
+def load_and_convert_fenrir():
+    """Load Fenrir dataset and convert to ChatML format"""
+    print("Loading Fenrir v2.0 dataset...")
+    ds = load_dataset("AlicanKiraz0/Cybersecurity-Dataset-Fenrir-v2.0", split="train")
+    print(f"  Loaded {len(ds)} examples")
+    def convert(example):
+        return {
+            "messages": [
+                {"role": "system", "content": PENTEST_SYSTEM_PROMPT},
+                {"role": "user", "content": example["user"]},
+                {"role": "assistant", "content": example["assistant"]}
+            ]
+        }
+    cols_to_remove = [c for c in ds.column_names if c != "messages"]
+    return ds.map(convert, remove_columns=cols_to_remove)
+def load_pentest_agent():
+    """Load pentest-agent dataset (already in ChatML format)"""
+    print("Loading pentest-agent dataset...")
+    try:
+        ds = load_dataset(
+            "jason-oneal/pentest-agent-dataset",
+            data_files="chatml_train.jsonl",
+            split="train"
+        )
+        print(f"  Loaded {len(ds)} examples")
+        # Update system prompt to our custom one
+        def update_system(example):
+            messages = example["messages"]
+            if messages and messages[0]["role"] == "system":
+                messages[0]["content"] = PENTEST_SYSTEM_PROMPT
+            else:
+                messages.insert(0, {"role": "system", "content": PENTEST_SYSTEM_PROMPT})
+            return {"messages": messages}
+        return ds.map(update_system)
+    except Exception as e:
+        print(f"  Warning: Could not load pentest-agent dataset: {e}")
+        return None
+# Load all datasets
+print("=" * 50)
+print("LOADING AND COMBINING DATASETS")
+print("=" * 50)
+datasets_to_combine = []
+# Load each dataset
+trendyol_ds = load_and_convert_trendyol()
+datasets_to_combine.append(trendyol_ds)
+fenrir_ds = load_and_convert_fenrir()
+datasets_to_combine.append(fenrir_ds)
+pentest_ds = load_pentest_agent()
+if pentest_ds is not None:
+    datasets_to_combine.append(pentest_ds)
+# Combine all datasets
+print("\nCombining datasets...")
+combined_dataset = concatenate_datasets(datasets_to_combine)
+print(f"Total combined examples: {len(combined_dataset)}")
+# Shuffle the combined dataset
+combined_dataset = combined_dataset.shuffle(seed=42)
+# Create train/eval split
+print("\nCreating train/eval split...")
+split_dataset = combined_dataset.train_test_split(test_size=0.05, seed=42)
+train_dataset = split_dataset["train"]
+eval_dataset = split_dataset["test"]
+print(f"  Train: {len(train_dataset)} examples")
+print(f"  Eval: {len(eval_dataset)} examples")
+# Training configuration for 3B model
+print("\n" + "=" * 50)
+print("CONFIGURING TRAINING")
+print("=" * 50)
+config = SFTConfig(
+    output_dir="qwen2.5-coder-3b-pentest",
+    push_to_hub=True,
+    hub_model_id="fawazo/qwen2.5-coder-3b-pentest",
+    hub_strategy="every_save",
+    hub_private_repo=False,
+    # Training parameters optimized for 3B model
+    num_train_epochs=2,
+    per_device_train_batch_size=2,
+    gradient_accumulation_steps=8,  # Effective batch size = 16
+    learning_rate=1e-4,
+    max_length=2048,
+    # Memory optimization
+    gradient_checkpointing=True,
+    bf16=True,
+    # Logging & checkpointing
+    logging_steps=50,
+    save_strategy="steps",
+    save_steps=500,
+    save_total_limit=3,
+    # Evaluation
+    eval_strategy="steps",
+    eval_steps=500,
+    # Optimization
+    warmup_ratio=0.05,
+    lr_scheduler_type="cosine",
+    weight_decay=0.01,
+    # Monitoring
+    report_to="trackio",
+    project="pentest-agent",
+    run_name="qwen2.5-coder-3b-combined-150k",
+)
+# LoRA configuration - higher rank for better adaptation
+peft_config = LoraConfig(
+    r=32,
+    lora_alpha=64,
+    lora_dropout=0.05,
+    bias="none",
+    task_type="CAUSAL_LM",
+    target_modules=["q_proj", "k_proj", "v_proj", "o_proj", "gate_proj", "up_proj", "down_proj"],
+)
+# Initialize trainer
+print("\nInitializing trainer with Qwen2.5-Coder-3B...")
+trainer = SFTTrainer(
+    model="Qwen/Qwen2.5-Coder-3B",
+    train_dataset=train_dataset,
+    eval_dataset=eval_dataset,
+    args=config,
+    peft_config=peft_config,
+)
+# Train
+print("\n" + "=" * 50)
+print("STARTING TRAINING")
+print("=" * 50)
+trainer.train()
+# Push final model
+print("\nPushing final model to Hub...")
+trainer.push_to_hub()
+print("\n" + "=" * 50)
+print("TRAINING COMPLETE!")
+print("=" * 50)
+print("Model saved to: https://huggingface.co/fawazo/qwen2.5-coder-3b-pentest")
+print("Trackio dashboard: https://huggingface.co/spaces/fawazo/trackio")