METATRON is a fully offline AI-driven penetration testing framework that combines automated recon with a local LLM, requiring no cloud connectivity or API keys.
A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with a locally hosted large language model, eliminating the need for cloud connectivity, API keys, or third-party subscriptions.
The CLI-based tool accepts a target IP address or domain and autonomously orchestrates a suite of standard reconnaissance tools including nmap for port scanning, nikto for web server vulnerability detection, whois and dig for DNS and registration data, whatweb for technology fingerprinting, and curl for HTTP header inspection. All results are piped into a locally running fine-tuned Qwen model served via Ollama, configured with a 16,384-token context window for precise security analysis.
One of METATRON’s most notable features is its agentic loop: the AI model can autonomously request additional tool executions mid-analysis if it determines more data is needed before rendering a verdict. It also integrates DuckDuckGo-based web search and CVE lookups without requiring API credentials, cross-referencing discovered services against known vulnerability databases in real time. A five-table MariaDB schema persists all scan data with severity ratings, recommended fixes, and attempted exploits.
The project’s key differentiator is its zero-exfiltration guarantee: all LLM inference happens on-device, meaning sensitive target data never leaves the tester’s machine. Minimum hardware requirement is 8.4 GB RAM for the 9b model variant. Available at github.com/sooryathejas/METATRON under MIT License.
Source: Cyber Security News — METATRON Open-Source AI Penetration Testing Assistant Brings Local LLM
