METATRON: Open-Source AI Pen-Testing Assistant for Linux LLM Analysis
Key Takeaways METATRON is a new open-source, AI-driven penetration testing framework designed for offline vulnerability assessment. It integrates standard reconnaissance tools with a local large...
Key Takeaways
- METATRON is a new open-source, AI-driven penetration testing framework designed for offline vulnerability assessment.
- It integrates standard reconnaissance tools with a local large language model (LLM) for autonomous analysis without cloud connectivity.
- The framework features an “agentic loop” for dynamic data collection and real-time CVE lookups.
- All data processing and AI inference occur on-device, ensuring zero data exfiltration, ideal for sensitive engagements.
METATRON: A New Frontier in Offline AI Pen-Testing
A novel open-source penetration testing framework, METATRON, is garnering significant attention within the cybersecurity community for its unique approach to vulnerability assessment. This new tool distinguishes itself by integrating artificial intelligence capabilities entirely offline, removing dependencies on cloud services or external APIs.
Table Of Content
Developed for Parrot OS and other Debian-based Linux distributions, METATRON leverages a localized large language model (LLM) to conduct automated reconnaissance and analysis. This architecture eliminates the need for internet connectivity during assessments, as well as API keys or third-party subscriptions, addressing critical concerns for data privacy and operational autonomy.
Architecture and Tool Integration
METATRON operates as a command-line interface (CLI) assistant, implemented in Python 3. Upon receiving a target IP address or domain, the framework orchestrates a suite of established reconnaissance tools to gather initial data. This includes using nmap for comprehensive port scanning, nikto for detecting web server vulnerabilities, whois and dig for DNS and domain registration information, whatweb for technology fingerprinting, and curl for inspecting HTTP headers.

Once reconnaissance data is systematically collected, it is fed directly into a locally hosted AI model named metatron-qwen. This model is a fine-tuned iteration of the huihui_ai/qwen3.5-abliterated:9b base model, specifically optimized for the nuances of penetration testing analysis.
The AI model is served through Ollama, a local LLM runner, and is configured with a 16,384-token context window. Its operational parameters, including a temperature of 0.7, top-k of 10, and top-p of 0.9, are set to prioritize precise, fact-based security analysis over creative or generalized outputs, ensuring technical accuracy in its assessments.

Agentic Capabilities and CVE Integration
A standout feature of METATRON is its “agentic loop.” This advanced capability allows the AI model to dynamically request additional tool executions during its analysis if it determines that more data is necessary to form a conclusive assessment. This iterative process fosters a more adaptive and thorough vulnerability discovery workflow, moving beyond static, single-pass scans.
Furthermore, the framework integrates web search functionality via DuckDuckGo and performs CVE lookups without requiring any API credentials. This enables the AI to cross-reference identified services and software versions against public vulnerability databases in real time, enhancing the accuracy and relevance of its findings.

Data Persistence and Reporting
METATRON employs a five-table MariaDB schema to maintain persistent storage of all scan data. A central history table, indexed by session number (sl_no), links to tables that store discovered vulnerabilities with their severity ratings, AI-generated recommendations for fixes, details of attempted exploits including payloads and outcomes, and a comprehensive summary table containing raw scan output, the full AI analysis, and an overall risk level.
Users can manage stored records directly from the CLI, with options to edit or delete entries. The framework also supports exporting reports in PDF or HTML formats, a crucial feature for professional penetration testers who require robust documentation and audit trails for their engagements.
Zero-Exfiltration Guarantee
A key differentiator for METATRON in the evolving landscape of AI-powered security tools is its commitment to zero data exfiltration. All LLM inference processes are executed entirely on the local device via Ollama. This design ensures that sensitive target information, such as internal IP ranges, banner data, and discovered vulnerabilities, never leaves the tester’s machine. This makes METATRON particularly suitable for security assessments subject to stringent data handling and confidentiality requirements.
METATRON is publicly available under the MIT License on GitHub. The 9b model variant requires a minimum of 8.4 GB RAM to operate.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.