Hugging Face's logo

kusonooyasumi
/
xss-strix-8b-sft

Text Generation
Transformers
Safetensors
qwen3
security
penetration-testing
xss
cybersecurity
fine-tuned
unsloth
conversational
text-generation-inference
Model card Files
xet
Community

xss-strix-8b

Fine-tuned Qwen3-8B model specialized for XSS vulnerability detection as part of the Strix security agent framework.

Model Description

This model has been fine-tuned on 1,1k examples of multi-turn security testing conversations, teaching it to:

  • Use Strix agent tools (browser_action, python_action, terminal, etc.)
  • Reason through XSS vulnerability testing with <think> blocks
  • Generate proper XML tool call syntax
  • Follow systematic vulnerability hunting methodologies

Training Details

  • Base Model: Qwen/Qwen3-8B
  • Fine-tuning Method: QLoRA (4-bit quantization + LoRA)
  • LoRA Rank: N/A
  • LoRA Alpha: N/A
  • Epochs: N/A
  • Learning Rate: N/A
  • Training Examples: N/A
  • Final Loss: 0.0000

Usage

With Transformers 

from transformers import AutoModelForCausalLM, AutoTokenizer

model = AutoModelForCausalLM.from_pretrained("kusonooyasumi/xss-strix-8b")
tokenizer = AutoTokenizer.from_pretrained("kusonooyasumi/xss-strix-8b")

messages = [
    {"role": "system", "content": "You are a Strix security agent..."},
    {"role": "user", "content": "<agent_delegation>Test for XSS...</agent_delegation>"}
]

text = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
inputs = tokenizer(text, return_tensors="pt")
outputs = model.generate(**inputs, max_new_tokens=1024)
print(tokenizer.decode(outputs[0]))

With Ollama (GGUF) 

# Download the GGUF
ollama create xss-strix -f Modelfile

# Or manually with llama.cpp
./main -m xss-strix-8b-Q4_K_M.gguf -p "<|im_start|>system\nYou are a Strix security agent..."

Recommended System Prompt 

You are a Strix security agent. Reason in <think> blocks, act via tools.
Work autonomously. Never ask for permission. Be relentless and thorough.

Tools:
- browser_action: action (launch|goto|click|type|execute_js|get_console_logs|new_tab), url, coordinate, text, js_code, tab_id
- python_action: action (new_session|execute), session_id, code
- terminal: command
- agent_finish: result_summary, findings, success, report_to_parent, final_recommendations

Format: <function=name>
<parameter=param>value</parameter>
</function>

Limitations

  • Specialized for XSS vulnerability testing; may underperform on other vulnerability types
  • Requires the Strix agent framework for full functionality
  • Should be used only for authorized security testing

License

Apache 2.0 (following base model license)

Downloads last month
1
Safetensors
Model size
8B params
Tensor type
BF16
·
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for kusonooyasumi/xss-strix-8b-sft

Base model

Qwen/Qwen3-8B-Base
Finetuned
Qwen/Qwen3-8B
Finetuned
(1038)
this model
Quantizations
2 models