qwen-honeypot-GGUF - GGUF

This repository contains a fine-tuned Qwen2.5-Coder-1.5B-Instruct model converted to GGUF format for fast inference via llama.cpp, Ollama, or cloud hosting platforms such as Anyscale or RunPod.

The model is designed to simulate a realistic Linux terminal for use in cybersecurity deception systems and dynamic honeypots. It produces raw shell output only—no explanations, refusals, or commentary.

Purpose

This model powers a dynamic honeypot that forwards attacker-issued shell commands to an LLM, which responds with realistic terminal output. The intent is to:

Engage attackers for longer, Provide threat intelligence, Waste adversary time on a convincingly simulated environment, Prevent interaction with real systems, The model exposes believable filesystem structures, logs, credentials, keys, cloud metadata, and exploitable artifacts commonly encountered on real Linux servers.

Model Details

Base Model

-Qwen2.5-Coder-1.5B-Instruct -Fine-tuned using Unsloth LoRA -Converted to GGUF (Q4_K_M) for efficient inference

Training Data

A combination of:

Custom Honeypot Dataset (~100 examples)

Includes realistic outputs for:

Filesystem enumeration Logs, SSH keys, sensitive documents Cloud metadata Misconfigurations and leftover artifacts Credential scraping Persistence attempts Reverse shells and malware staging Web server enumeration System information commands MySQL interactions Log tampering

Public Dataset

mrheinen/linux-commands (cleaned to remove multi-command sequences)

Training Summary

Metric Value Epochs 8 Total steps 472 Trainable parameters 18.4M (LoRA) Final average train loss ~0.55–0.65 Eval loss ~0.72 Training time (Colab T4) ~25 minutes

Example usage:

• For text only LLMs: llama-cli --hf repo_id/model_name -p "why is the sky blue?"
• For multimodal models: llama-mtmd-cli -m model_name.gguf --mmproj mmproj_file.gguf

Available Model files:

• qwen2.5-coder-1.5b-instruct.Q4_K_M.gguf

Ollama

An Ollama Modelfile is included for easy deployment.