A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment.<\/p>\n
Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with a locally hosted large language model (LLM), eliminating the need for cloud connectivity, API keys, or third-party subscriptions.<\/p>\n
METATRON is a CLI-based penetration testing assistant written in Python 3 that accepts a target IP address or domain and autonomously orchestrates a suite of standard reconnaissance tools.<\/p>\n
These include nmap for port scanning, nikto for web server vulnerability detection<\/a>, whois and dig for DNS and registration data, whatweb for technology fingerprinting, and curl for HTTP header inspection.<\/p>\n Once recon data is collected, all results are piped directly into a locally running AI model \u2014 metatron-qwen \u2014 a fine-tuned variant of the The model is served via Ollama, a local LLM runner, and is configured with a 16,384-token context window, a temperature of 0.7, top-k of 10, and top-p of 0.9 \u2014 parameters optimized for precise, technically grounded security analysis rather than creative generation.<\/p>\n One of METATRON\u2019s more technically notable features is its agentic loop: the AI model can autonomously request additional tool executions mid-analysis if it determines more data is needed before rendering a verdict. This enables a dynamic, iterative assessment workflow rather than a single static scan pass.<\/p>\n The framework also integrates DuckDuckGo-based web search and CVE lookups without requiring any API credentials, allowing the model to cross-reference discovered services and versions against known public vulnerability databases in real time.<\/p>\n METATRON uses a five-table MariaDB schema to persist all scan data, structured around a central Users can edit or delete any saved record directly from the CLI, and export reports in PDF or HTML format for documentation or client delivery \u2014 a critical feature for professional penetration testers who need audit trails.<\/p>\n The project\u2019s most significant differentiator in the current AI tooling landscape is its zero-exfiltration guarantee. All LLM inference happens on-device through Ollama, meaning sensitive target data, including internal IP ranges, banner information, and discovered vulnerabilities, never leaves the tester\u2019s machine. This positions METATRON as a viable option for engagements with strict data handling requirements.<\/p>\n METATRON is available on GitHub under the MIT License at github.com\/sooryathejas\/METATRON<\/a>, with minimum hardware requirements of 8.4 GB RAM for the 9b model variant.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post METATRON \u2013 Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjkjs2nlGTipce3hOJwb1dJttbU3o8c1s39e6xP0bfDCy9LR-l51bFiMgzdnmPwP9c3aI7y0uSIbMBrM0fp1IdBAi8dWVHrA3E5WwiRQIClsq-RngyyqS89PNAT9uR2r-GWZVQr2wtnjTUqECenpvfhX6HFr7i1DkhUMjqZeGj9ckEaP5AoQgtZVwRhVoK-\/s16000\/METATRON%2520AI%2520Penetration%2520Testing%2520menu.webp?ssl=1\")
huihui_ai\/qwen3.5-abliterated:9b<\/code> base model, customized specifically for penetration testing analysis<\/a>.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhm3QWTMBGxqnNOLmZMywxamvOXXAJHU6JdK_H6IApnTHLgxoR-0wmFway97IE15eJnsY_odRbeRUc926aDjDmep2iA32LT5p6ShemP9Zg1dXqyWqes8OonSOpYzo-XbsHW6HHB1W9OUvEV5GB8sr4Z8CvT90RiLCoecu2lcQKJufpi_-M3eJYQs6uY4i3O\/s16000\/METATRON%2520AI%2520Penetration%2520Testing%2520Scan.webp?ssl=1\")
Agentic Loop and CVE Integration<\/strong><\/h2>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjClJISpR7iQ8r5FRr3QIXR9GMlxtqdEasY0hsFEHl41q5CsixLicHNKQDfNK9PJ31dG2LmGOzepKZigdTfF3O_lDdsKCBLZpaWzovi0PftiOTAYOFWWZT9KAdcRUtYkAykKKdAkSUX8RZDZTVMSQtv49V_XHWIPJRutW_yW9OrATTmCbyAQeYKEuu5NmVI\/s16000\/METATRON%2520AI%2520Penetration%2520Testing%2520CVE.webp?ssl=1\")
history<\/code> table keyed by session number (sl_no<\/code>). Linked tables store discovered vulnerabilities with severity ratings, recommended fixes sourced from AI analysis, attempted exploits with payloads and results, and a full summary table containing raw scan output alongside the complete AI analysis dump and overall risk level.<\/p>\n