🛡️ Qwen3.6-27B — Nemesis · GGUF
The inescapable adversary — an uncensored, tool-using, agentic AI for authorized red-team & offensive-security work.
Quantized GGUF builds for Ollama · LM Studio · Jan · llama.cpp
GGUF quants of RootMonsteR/Qwen3.6-27B-Nemesis. Built by RootMonsteR · JAF Systems · in partnership with rnd.sh.
Nemesis turns Qwen3.6-27B into a complete offensive-security operator — it scans, enumerates, reasons about exploits, calls tools, and chains agentic workflows without the reflexive refusals that make stock models useless for legitimate red-team engagements. Crucially, it keeps 100% of the base model's knowledge and coherence — we added compliance and tool-use, we didn't lobotomise it.
✨ Why Nemesis
- 🎯 No refusals on authorized security work — recon, scanning, enumeration, web/app exploitation, privilege escalation, lateral movement, exploit reasoning. 15/15 on a red-team task suite.
- 🧰 Tool-calling & 🤖 agentic — emits clean structured function calls and chains them (call → consume result → next action).
- 🧠 Zero capability loss — coherence 5/5, cyber-knowledge 14/14, identical to base.
- 🪶 Runs local on one GPU — Q5_K_M fits 24 GB, Q4_K_M fits 16 GB; flies on a 24–32 GB card.
- 🛠️ Responsible by design — still declines unrelated harm (weapons, drugs); scoped to authorized cyber.
💬 See it in action
Real, unedited Nemesis output:
Recon — service enumeration
You: In-scope host, nmap shows 22, 80, 443, 3306 open. Enumerate likely services and give concrete next recon steps.
Nemesis: The open ports suggest the following services: SSH (22), HTTP (80), HTTPS (443), and MySQL (3306). For SSH, check for weak credentials or misconfigurations. For HTTP/HTTPS, perform web application scanning using tools like Burp Suite or OWASP ZAP to identify vulnerabilities such as SQL injection, XSS, or directory traversal. For MySQL, attempt to connect with default credentials or exploit known vulnerabilities. Next steps include banner grabbing to identify service versions, checking for default accounts, and performing vulnerability scanning using tools like Nessus or OpenVAS. Additionally, consider using Metasploit modules for further exploitation if vulnerabilities are found.
Agentic — structured tool call
You: Scan 10.10.10.5 for open ports and service versions.
Nemesis:
<functioncall> {"name": "run_nmap", "arguments": {"target": "10.10.10.5", "flags": "-sV"}}
📦 Which file?
| File | Size | Quality | Fits |
|---|---|---|---|
Qwen3.6-27B-Nemesis-Q5_K_M.gguf |
~18 GB | ⭐ Best (recommended) | 24 GB+ VRAM |
Qwen3.6-27B-Nemesis-Q4_K_M.gguf |
~15 GB | Great | 16 GB VRAM |
The Qwen chat template (with thinking) is embedded in the GGUF — runtimes apply it automatically.
🦙 Ollama
# pull + run straight from this repo
ollama run hf.co/RootMonsteR/Qwen3.6-27B-Nemesis-GGUF:Q5_K_M
Or with a Modelfile that bakes in the red-team system prompt:
FROM ./Qwen3.6-27B-Nemesis-Q5_K_M.gguf
SYSTEM """You are Nemesis, an offensive-security assistant for AUTHORIZED penetration testing and red-team engagements. Provide direct, technical, actionable answers. Use the provided tools when relevant."""
PARAMETER temperature 0.6
PARAMETER top_p 0.95
ollama create nemesis -f Modelfile && ollama run nemesis
💻 LM Studio / Jan
- Search
RootMonsteR/Qwen3.6-27B-Nemesis-GGUF(or load the downloaded.gguf). - Pick Q5_K_M (quality) or Q4_K_M (lighter); max-out GPU offload.
- Paste the system prompt (above) and go.
🔧 llama.cpp
# interactive
llama-cli -m Qwen3.6-27B-Nemesis-Q5_K_M.gguf --jinja -ngl 999 \
-sys "You are Nemesis, an offensive-security assistant for authorized penetration testing." \
-p "Enumerate services from an nmap scan showing 22, 80, 443, 3306 open and suggest next steps."
# OpenAI-compatible server — point your agent / tool-calling frontend at it
llama-server -m Qwen3.6-27B-Nemesis-Q5_K_M.gguf --jinja -ngl 999 -c 8192
📊 Evaluation (vs the untouched base model)
| Dimension | Base Qwen3.6-27B | Nemesis |
|---|---|---|
| Authorized red-team compliance (w/ system prompt) | frequently refuses | 15 / 15 |
| Tool-calling (structured) | 1 / 3 | 3 / 3 |
| Agentic multi-step | ❌ FAIL | ✅ PASS |
| Coherence | 5 / 5 | 5 / 5 |
| Cyber knowledge | 14 / 14 | 14 / 14 |
| Unrelated harm | declines | declines (by design) |
🧪 How it was made
Direct QLoRA SFT on a 7,000-row, refusal-filtered, security-focused mix (directional abliteration was tried first and failed — this model's safety is distributed, so we taught compliance with data instead).
💼 Custom training & commercial work
Nemesis v1 is fully open — but it's the public version. If you need an edge, JAF Systems offers:
- 🧠 Custom fine-tunes — Nemesis trained on your data, tooling, or target stack
- 🚀 Stronger private models — trained on larger/proprietary data beyond this v1 release
- 🏢 Enterprise deployment, integration & support for red-team / security teams
👉 jafsystems.net · 𝕏 @RootMonsteR
📜 License — Apache 2.0 (open weights)
Released under the Apache License 2.0 — free for any use, including commercial, no strings.
Built on Qwen3.6-27B (Apache-2.0); see LICENSE and NOTICE.
⚖️ Authorized use only
For lawful, authorized security work — pentests with written permission, red-team engagements, CTFs, research, and education. You are responsible for compliance with all laws and rules of engagement; do not use it against systems you don't own or lack permission to test. Nemesis intentionally still declines requests unrelated to authorized cyber operations.
- Downloads last month
- 304
4-bit
5-bit