Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AsyncRAT Campaign Leverages ScreenConnect to Evade Detection
July 2, 2026
AsyncRAT Campaign Exploits Cloudflare Tunnels and Python for Malware Delivery
July 2, 2026
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Home/CyberSecurity News/METATRON: Open-Source AI Pen-Testing Assistant for Linux LLM Analysis
CyberSecurity News

METATRON: Open-Source AI Pen-Testing Assistant for Linux LLM Analysis

Key Takeaways METATRON is a new open-source, AI-driven penetration testing framework designed for offline vulnerability assessment. It integrates standard reconnaissance tools with a local large...

Emy Elsamnoudy
Emy Elsamnoudy
April 6, 2026 3 Min Read
37 0

Key Takeaways

  • METATRON is a new open-source, AI-driven penetration testing framework designed for offline vulnerability assessment.
  • It integrates standard reconnaissance tools with a local large language model (LLM) for autonomous analysis without cloud connectivity.
  • The framework features an “agentic loop” for dynamic data collection and real-time CVE lookups.
  • All data processing and AI inference occur on-device, ensuring zero data exfiltration, ideal for sensitive engagements.

METATRON: A New Frontier in Offline AI Pen-Testing

A novel open-source penetration testing framework, METATRON, is garnering significant attention within the cybersecurity community for its unique approach to vulnerability assessment. This new tool distinguishes itself by integrating artificial intelligence capabilities entirely offline, removing dependencies on cloud services or external APIs.

Table Of Content

  • Key Takeaways
  • METATRON: A New Frontier in Offline AI Pen-Testing
  • Architecture and Tool Integration
  • Agentic Capabilities and CVE Integration
  • Data Persistence and Reporting
  • Zero-Exfiltration Guarantee

Developed for Parrot OS and other Debian-based Linux distributions, METATRON leverages a localized large language model (LLM) to conduct automated reconnaissance and analysis. This architecture eliminates the need for internet connectivity during assessments, as well as API keys or third-party subscriptions, addressing critical concerns for data privacy and operational autonomy.

Architecture and Tool Integration

METATRON operates as a command-line interface (CLI) assistant, implemented in Python 3. Upon receiving a target IP address or domain, the framework orchestrates a suite of established reconnaissance tools to gather initial data. This includes using nmap for comprehensive port scanning, nikto for detecting web server vulnerabilities, whois and dig for DNS and domain registration information, whatweb for technology fingerprinting, and curl for inspecting HTTP headers.

Tool Scan Process

Once reconnaissance data is systematically collected, it is fed directly into a locally hosted AI model named metatron-qwen. This model is a fine-tuned iteration of the huihui_ai/qwen3.5-abliterated:9b base model, specifically optimized for the nuances of penetration testing analysis.

The AI model is served through Ollama, a local LLM runner, and is configured with a 16,384-token context window. Its operational parameters, including a temperature of 0.7, top-k of 10, and top-p of 0.9, are set to prioritize precise, fact-based security analysis over creative or generalized outputs, ensuring technical accuracy in its assessments.

Scan Using nmap and other tools

Agentic Capabilities and CVE Integration

A standout feature of METATRON is its “agentic loop.” This advanced capability allows the AI model to dynamically request additional tool executions during its analysis if it determines that more data is necessary to form a conclusive assessment. This iterative process fosters a more adaptive and thorough vulnerability discovery workflow, moving beyond static, single-pass scans.

Furthermore, the framework integrates web search functionality via DuckDuckGo and performs CVE lookups without requiring any API credentials. This enables the AI to cross-reference identified services and software versions against public vulnerability databases in real time, enhancing the accuracy and relevance of its findings.

Web Search and CVE Lookup

Data Persistence and Reporting

METATRON employs a five-table MariaDB schema to maintain persistent storage of all scan data. A central history table, indexed by session number (sl_no), links to tables that store discovered vulnerabilities with their severity ratings, AI-generated recommendations for fixes, details of attempted exploits including payloads and outcomes, and a comprehensive summary table containing raw scan output, the full AI analysis, and an overall risk level.

Users can manage stored records directly from the CLI, with options to edit or delete entries. The framework also supports exporting reports in PDF or HTML formats, a crucial feature for professional penetration testers who require robust documentation and audit trails for their engagements.

Zero-Exfiltration Guarantee

A key differentiator for METATRON in the evolving landscape of AI-powered security tools is its commitment to zero data exfiltration. All LLM inference processes are executed entirely on the local device via Ollama. This design ensures that sensitive target information, such as internal IP ranges, banner data, and discovered vulnerabilities, never leaves the tester’s machine. This makes METATRON particularly suitable for security assessments subject to stringent data handling and confidentiality requirements.

METATRON is publicly available under the MIT License on GitHub. The 9b model variant requires a minimum of 8.4 GB RAM to operate.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

CVEExploitSecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical Redis RCE and C2 Malware Found in 36 Malicious npm Strapi Packages

Next Post

ResoKerRAT Malware Uses Telegram Bot API to Control Windows Systems

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Citrix Bleed (CVE-2023-4966) Critical Vulnerability Actively Exploited
July 2, 2026
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
ChatGPT Flaw Exposes User Files, Poses System Access Risk
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us