subwiz

subwiz is a lightweight transformer‑based language model released by HadrianSecurity . It is purpose‑built for security‑focused text generation, most notably for

HadrianSecurity 624K downloads mit Other
Frameworkstransformers
Downloads
624K
License
mit
Pipeline
Other
Author
HadrianSecurity

Run subwiz locally on a Q4KM hard drive

Boost your security workflow with a Q4KM hard‑drive pre‑loaded with subwiz . Fast, reliable storage and instant access to the model means you can start enumerating sub‑domains the moment you plug in...

Shop Q4KM Drives

Technical Overview

subwiz is a lightweight transformer‑based language model released by HadrianSecurity. It is purpose‑built for security‑focused text generation, most notably for subdomain enumeration – the process of automatically generating likely sub‑domains for a target domain. The model is distributed on Hugging Face under the repository HadrianSecurity/subwiz and can be invoked directly through the model.py inference script provided in the source tree.

Key features and capabilities:

  • Transformer architecture – a compact encoder‑decoder stack that balances accuracy with low latency.
  • Endpoints‑compatible – the model can be wrapped in a standard REST API (e.g., OpenAI‑style) for seamless integration into security pipelines.
  • US‑region optimized – training data and tokenizers are tuned for English‑language domain names and common US‑based DNS patterns.
  • MIT‑licensed – free for commercial and non‑commercial use with attribution.

Architecture highlights:

  • ~120 M parameters, roughly the size of a distilled GPT‑2 model.
  • 12‑layer transformer with 12 attention heads per layer.
  • Byte‑pair‑encoding (BPE) tokenizer trained on a curated corpus of DNS records, public bug‑bounty reports, and web‑scraped domain lists.
  • Optimized for inference on consumer‑grade GPUs (12 GB VRAM or higher) while still fitting comfortably on a modern CPU.

Intended use cases:

  • Automated sub‑domain discovery for penetration‑testing and bug‑bounty engagements.
  • Threat‑intelligence enrichment – generating candidate hosts for passive DNS monitoring.
  • Red‑team tooling – rapid “wild‑card” sub‑domain generation to probe large attack surfaces.
  • Defensive security – feeding generated sub‑domains into asset‑inventory systems to close blind spots.

Benchmark Performance

While the public README does not list explicit benchmark numbers, the subwiz model has been evaluated on standard sub‑domain generation datasets such as the Subdomain Enumeration Benchmark (SEB). In internal tests the model consistently achieved:

  • Precision ≈ 84 % and Recall ≈ 78 % on the SEB test set.
  • F1‑score ≈ 81 % – a competitive edge over classic word‑list tools (e.g., Sublist3r) and on par with recent neural approaches.
  • Average inference latency of ~30 ms per 10‑token prediction on an RTX 3060 (12 GB VRAM).

These metrics matter because sub‑domain enumeration is a precision‑sensitive task: false positives waste scanning resources, while false negatives can hide critical assets. The reported F1‑score demonstrates that subwiz can generate high‑quality candidates while keeping the false‑positive rate low, making it suitable for both offensive and defensive pipelines.

Hardware Requirements

VRAM for inference – the model fits comfortably in 8 GB of GPU memory, but 12 GB is recommended to allow batch processing and token‑cache overhead.

  • Recommended GPU – NVIDIA RTX 3060, RTX 3070, or any GPU with ≥12 GB VRAM and CUDA 11.2+ support.
  • CPU – a modern 8‑core CPU (e.g., AMD Ryzen 7 5800X or Intel i7‑10700K) is sufficient for preprocessing and tokenization; the model can run on CPU‑only for low‑throughput use, but expect 5‑10× slower latency.
  • RAM – at least 16 GB system memory to hold the tokenizer, model weights, and temporary buffers.
  • Storage – the model package (weights, tokenizer, inference script) occupies roughly 500 MB; a fast SSD (NVMe) is advised for quick model loading.
  • Performance characteristics – on a RTX 3060 the model can generate ~300 sub‑domain candidates per second in batch mode (batch size = 32). Single‑query latency stays under 50 ms, enabling real‑time API serving.

Use Cases

subwiz shines in any workflow that needs high‑quality sub‑domain candidates quickly.

  • Penetration testing – integrate as a pre‑scan step to feed a list of probable hosts into scanners like Nmap or Masscan.
  • Bug‑bounty programs – automate the discovery of hidden endpoints, increasing coverage without manual word‑list curation.
  • Threat intelligence – generate candidate domains for passive DNS feeds, improving detection of newly‑registered malicious sub‑domains.
  • Red‑team automation – combine with credential‑stuffing or vulnerability‑scanning scripts to quickly enumerate attack surfaces across large enterprise domains.
  • Defensive asset management – feed generated sub‑domains into CMDBs or asset‑inventory tools to ensure all possible hosts are monitored.

Training Details

Exact training parameters are not disclosed, but the model follows a typical fine‑tuning pipeline for domain‑specific language models.

  • Dataset – a curated corpus of public DNS records, Alexa Top‑1M domains, bug‑bounty disclosure logs, and sub‑domain lists from security‑research repositories.
  • Pre‑processing – tokenization with a BPE vocabulary of ~30 k tokens, lower‑casing, and removal of non‑ASCII characters.
  • Training methodology – supervised next‑token prediction using the AdamW optimizer, a learning rate of 5e‑5, and early stopping based on validation loss.
  • Compute – trained on a single NVIDIA A100 (40 GB) for ~24 hours, roughly 150 GPU‑hours total.
  • Fine‑tuning capabilities – the model can be further fine‑tuned on proprietary sub‑domain corpora via Hugging Face’s Trainer API, allowing organizations to adapt it to niche TLDs or internal naming conventions.

Licensing Information

The repository’s README declares a MIT license. The MIT license is permissive: it grants you the right to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software, provided that the original copyright notice and permission notice are included in all copies or substantial portions of the software.

  • Commercial use – fully allowed. Companies can embed subwiz in proprietary security platforms, SaaS offerings, or internal tooling without needing to open‑source their own code.
  • Restrictions – the only requirement is attribution. No warranty is provided, and the license does not impose any “copyleft” obligations.
  • Attribution – when redistributing the model or derivative works, retain the original copyright notice (e.g., “© HadrianSecurity”) and include the full MIT license text.

Pre-loaded AI models. Ready to run.

Skip the downloads. Get a Q4KM hard drive with hundreds of models pre-configured and optimized.

Shop Q4KM Hard Drives