| --- |
| license: apache-2.0 |
| base_model: deepseek-ai/deepseek-coder-1.3b-instruct |
| tags: |
| - security |
| - vulnerability-detection |
| - penetration-testing |
| - code-analysis |
| - cybersecurity |
| - lora |
| - deepseek |
| library_name: peft |
| pipeline_tag: text-generation |
| --- |
| |
| # Pentest Vulnerability Detector |
|
|
| ## Model Description |
|
|
| This is a fine-tuned version of DeepSeek-Coder-1.3B-Instruct, specialized for detecting security vulnerabilities in code. |
|
|
| **Base Model:** deepseek-ai/deepseek-coder-1.3b-instruct |
| **Training Data:** 440 synthetic vulnerability examples |
| **Training Method:** LoRA (Low-Rank Adaptation) with 4-bit quantization |
| **Training Platform:** Google Colab (Free T4 GPU) |
|
|
| ## Capabilities |
|
|
| The model can detect and analyze: |
| - SQL Injection |
| - Cross-Site Scripting (XSS) |
| - Command Injection / RCE |
| - Insecure Direct Object Reference (IDOR) |
| - Server-Side Request Forgery (SSRF) |
| - Authentication Bypass |
| - Cross-Site Request Forgery (CSRF) |
| - Path Traversal |
|
|
| ## Training Details |
|
|
| - **Examples:** 440 vulnerability patterns |
| - **Epochs:** 3 |
| - **Batch Size:** 2 (with gradient accumulation) |
| - **Learning Rate:** 2e-4 |
| - **LoRA Rank:** 8 |
| - **Quantization:** 4-bit (NF4) |
| - **Training Time:** ~45-60 minutes on T4 GPU |
|
|
| ## Usage |
|
|
| ```python |
| from transformers import AutoModelForCausalLM, AutoTokenizer |
| from peft import PeftModel |
| |
| # Load base model |
| base_model = "deepseek-ai/deepseek-coder-1.3b-instruct" |
| model = AutoModelForCausalLM.from_pretrained(base_model, device_map="auto") |
| tokenizer = AutoTokenizer.from_pretrained(base_model) |
| |
| # Load LoRA adapter |
| model = PeftModel.from_pretrained(model, "YOUR_USERNAME/pentest-vulnerability-detector") |
| |
| # Analyze code |
| code = "SELECT * FROM users WHERE id = 'user_input'" |
| prompt = f"System: You are a security expert.\n\nUser: Analyze this code:\n{code}\n\nAssistant:" |
| |
| inputs = tokenizer(prompt, return_tensors="pt").to(model.device) |
| outputs = model.generate(**inputs, max_new_tokens=200) |
| response = tokenizer.decode(outputs[0], skip_special_tokens=True) |
| print(response) |
| ``` |
|
|
| ## Inference Script |
|
|
| For easier usage, use the provided inference script: |
|
|
| ```bash |
| python inference_deepseek.py --model ./model --code "YOUR_CODE_HERE" |
| ``` |
|
|
| ## Model Performance |
|
|
| The model provides: |
| - Vulnerability type identification |
| - Severity assessment (CRITICAL/HIGH/MEDIUM/LOW) |
| - Detailed attack vector analysis |
| - Specific remediation recommendations |
| - Code-specific security guidance |
|
|
| ## Limitations |
|
|
| - Not 100% accurate - always verify findings manually |
| - May have false positives/negatives |
| - Best used as a pre-screening tool |
| - Should complement, not replace, manual security testing |
| - Trained on synthetic data - may need fine-tuning for specific use cases |
|
|
| ## Ethical Use |
|
|
| This model is intended for: |
| - Security research |
| - Penetration testing (authorized only) |
| - Code review and security auditing |
| - Educational purposes |
|
|
| **Do not use for:** |
| - Unauthorized system access |
| - Malicious activities |
| - Illegal purposes |
|
|
| ## Training Data |
|
|
| The model was trained on 440 synthetic vulnerability examples covering: |
| - 100 SQL Injection patterns |
| - 80 XSS patterns |
| - 60 Command Injection patterns |
| - 50 IDOR patterns |
| - 40 SSRF patterns |
| - 40 Authentication Bypass patterns |
| - 40 CSRF patterns |
| - 30 Path Traversal patterns |
|
|
| ## Citation |
|
|
| If you use this model, please cite: |
|
|
| ``` |
| @misc{pentest-vulnerability-detector, |
| author = {YOUR_NAME}, |
| title = {Pentest Vulnerability Detector}, |
| year = {2025}, |
| publisher = {Hugging Face}, |
| howpublished = {\url{https://huggingface.co/YOUR_USERNAME/pentest-vulnerability-detector}} |
| } |
| ``` |
|
|
| ## License |
|
|
| This model adapter is released under the **Apache 2.0 License**. |
|
|
| The base model (DeepSeek-Coder-1.3B-Instruct) has its own license terms. |
|
|
| ### Apache 2.0 License Summary: |
| - ✅ Commercial use allowed |
| - ✅ Modification allowed |
| - ✅ Distribution allowed |
| - ✅ Patent use allowed |
| - ⚠️ Must include license and copyright notice |
| - ⚠️ Must state changes made |
|
|
| See LICENSE file for full terms. |
|
|
| ## Contact |
|
|
| For questions or issues, please open an issue on the model repository. |
|
|
| ## Acknowledgments |
|
|
| - Base model: DeepSeek-Coder by DeepSeek AI |
| - Training framework: Hugging Face Transformers, PEFT |
| - Training platform: Google Colab |
|
|
