Hugging Face's logo

regaan
/
pocsmith

PEFT
Safetensors
English
security
exploit-generation
code-generation
cybersecurity
lora
Model card Files
xet
Community

PoCSmith - AI-Powered Proof-of-Concept Generator

Fine-tuned CodeLlama-7B model for generating security exploits and shellcode for defensive security research.

Model Description

PoCSmith is a LoRA-adapted CodeLlama-7B model trained on 1,472 CVE-exploit pairs and shellcode examples. It generates proof-of-concept exploits and multi-platform shellcode for authorized security testing.

Author: Regaan
GitHub: noobforanonymous/PoCSmith

Training Details

  • Base Model: CodeLlama-7B
  • Method: QLoRA 4-bit quantization
  • Dataset: 1,472 samples (CVE-Exploit pairs + shellcode)
  • Training Time: 3h 17min on RTX 4050 (6GB VRAM)
  • Final Loss: 0.84 (30% reduction)
  • Token Accuracy: 78.4%

Training Configuration 

- LoRA Rank: 64
- LoRA Alpha: 16
- Learning Rate: 2e-4
- Epochs: 3
- Quantization: 4-bit (nf4)
- Batch Size: 1 (gradient accumulation x4)

Usage

Installation 

pip install torch transformers peft bitsandbytes accelerate

Loading the Model 

from transformers import AutoTokenizer, AutoModelForCausalLM
from peft import PeftModel
import torch

# Load base model with 4-bit quantization
base_model = AutoModelForCausalLM.from_pretrained(
    "codellama/CodeLlama-7b-hf",
    load_in_4bit=True,
    device_map="auto"
)

# Load tokenizer
tokenizer = AutoTokenizer.from_pretrained("codellama/CodeLlama-7b-hf")

# Load LoRA adapters
model = PeftModel.from_pretrained(base_model, "regaan/pocsmith")

# Generate
prompt = "Generate a reverse shell for Linux x64"
inputs = tokenizer(prompt, return_tensors="pt").to("cuda")
outputs = model.generate(**inputs, max_new_tokens=512)
print(tokenizer.decode(outputs[0]))

Using the Full Framework

For a complete CLI tool with CVE parsing and shellcode generation:

git clone https://github.com/noobforanonymous/PoCSmith.git
cd PoCSmith
pip install -e .

# Generate exploit from CVE
python src/cli/main.py cve CVE-2024-1234

# Generate shellcode
python src/cli/main.py shellcode --platform linux_x64 --type reverse_shell

Capabilities

  • CVE-based Exploit Generation: Generate PoCs from CVE descriptions
  • Multi-platform Shellcode: x86, x64, ARM support
  • Multiple Payload Types: Reverse shells, bind shells, exec
  • Clean Output: Properly formatted code with comments

Limitations

  • Requires 6GB+ VRAM for inference
  • May generate non-working code for complex vulnerabilities
  • Should not be solely relied upon for production exploits
  • Requires manual review and testing

Ethical Use

This model is designed exclusively for:

  • Authorized penetration testing
  • Security research
  • Educational purposes
  • CTF competitions

NOT for:

  • Unauthorized system access
  • Malicious attacks
  • Illegal activities

By using this model, you agree to:

  1. Only test systems you own or have written permission to test
  2. Follow responsible disclosure practices
  3. Comply with all applicable laws

Citation 

@software{pocsmith2024,
  author = {Regaan},
  title = {PoCSmith: AI-Powered Proof-of-Concept Generator},
  year = {2025},
  url = {https://github.com/noobforanonymous/PoCSmith}
}

License

MIT License - See LICENSE file

Version: 1.0
Model Size: 343MB (LoRA adapters)
Base Model Size: 13GB (CodeLlama-7B)

Downloads last month
23
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support

Model tree for regaan/pocsmith

Base model

codellama/CodeLlama-7b-hf
Adapter
(548)
this model