METATRON – Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux

Home Cyber Security METATRON – Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to... A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with a locally hosted large language model (LLM), eliminating the need for cloud connectivity, API keys, or third-party subscriptions. METATRON is a CLI-based penetration testing assistant written in Python 3 that accepts a target IP address or domain and autonomously orchestrates a suite of standard reconnaissance tools. These include nmap for port scanning, nikto for web server vulnerability detection, whois and dig for DNS and registration data, whatweb for technology fingerprinting, and curl for HTTP header inspection. Tool Scan Process Once recon data is collected, all results are piped directly into a locally running AI model — metatron-qwen — a fine-tuned variant of the huihui_ai/qwen3.5-abliterated:9b base model, customized specifically for penetration testing analysis. The model is served via Ollama, a local LLM runner, and is configured with a 16,384-token context window, a temperature of 0.7, top-k of 10, and top-p of 0.9 — parameters optimized for precise, technically grounded security analysis rather than creative generation. Scan Using nmap and other tools Agentic Loop and CVE Integration One of METATRON’s more technically notable features is its agentic loop: the AI model can autonomously request additional tool executions mid-analysis if it determines more data is needed before rendering a verdict. This enables a dynamic, iterative assessment workflow rather than a single static scan pass. The framework also integrates DuckDuckGo-based web search and CVE lookups without requiring any API credentials, allowing the model to cross-reference discovered services and versions against known public vulnerability databases in real time. Web Search and CVE Lookup METATRON uses a five-table MariaDB schema to persist all scan data, structured around a central history table keyed by session number (sl_no). Linked tables store discovered vulnerabilities with severity ratings, recommended fixes sourced from AI analysis, attempted exploits with payloads and results, and a full summary table containing raw scan output alongside the complete AI analysis dump and overall risk level. Users can edit or delete any saved record directly from the CLI, and export reports in PDF or HTML format for documentation or client delivery — a critical feature for professional penetration testers who need audit trails. The project’s most significant differentiator in the current AI tooling landscape is its zero-exfiltration guarantee. All LLM inference happens on-device through Ollama, meaning sensitive target data, including internal IP ranges, banner information, and discovered vulnerabilities, never leaves the tester’s machine. This positions METATRON as a viable option for engagements with strict data handling requirements. METATRON is available on GitHub under the MIT License at github.com/sooryathejas/METATRON, with minimum hardware requirements of 8.4 GB RAM for the 9b model variant. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News 36 Malicious npm Strapi Packages Used to Deploy Redis RCE and Persistent C2 Malware Cyber Security News CISA Adds TrueConf Vulnerability to KEV Catalog Following Active Exploitation Cyber Security 2,000+ FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the Wild Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026