What is METATRON?
METATRON is a local-first, CLI-based penetration testing assistant for Parrot OS. Runs nmap, nikto, whois + local LLM analysis—no API keys, no cloud, no subscriptions.
You point METATRON at a target. It runs real recon tools. Feeds results to a local AI model. Gets back vulnerability analysis, exploit ideas, and remediation steps. Everything stays on your machine. No telemetry. No paywall.
Built for Parrot OS. Runs offline. Powered by Ollama + a fine-tuned Qwen model. Stores every scan in MariaDB. Exports to PDF or HTML.
Built by Soorya Thejas!
How it works (in 4 steps)
- Target input: Drop an IP or domain into the CLI menu
- Automated recon: METATRON fires off
nmap,whois,whatweb,curl,dig,nikto—no stubs, no mocks - Local AI analysis: Results go to
metatron-qwen(running via Ollama). The model correlates findings, flags risks, suggests next steps, and can even request additional tool runs mid-session - Store + export: Full scan history lands in MariaDB. Edit, delete, or export clean reports in PDF/HTML: ready for clients or internal docs
Why it stands out
- 100% local: No cloud calls, no API keys, no usage tracking. Your data never leaves the box.
- Agentic workflow: The AI doesn’t just summarize; it can ask for more scans, dig deeper, and adapt its approach.
- Real tools, real output: Not a wrapper around fake results. METATRON runs the same CLI utilities you’d use manually.
- Structured history: Five linked MariaDB tables let you query past scans, compare targets, or audit findings.
- Report-ready exports: One-click PDF/HTML output without leaving the terminal.
- Free forever: MIT-style ethos. No feature gates. No “pro” tier.
Quick specs
| Component | Detail |
|---|---|
| OS | Parrot OS (Debian-based) |
| Language | Python 3 |
| LLM Runner | Ollama |
| Model | metatron-qwen (fine-tuned Qwen 3.5, 9B/4B options) |
| Context Window | 16K tokens |
| Database | MariaDB (local) |
| Recon Tools | nmap, whois, whatweb, curl, dig, nikto |
| Search | DuckDuckGo (no key) + CVE lookup |
| Export | PDF, HTML |
Get it running (fast)
# Clone + setup
git clone https://github.com/sooryathejas/METATRON.git
cd METATRON
python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt
# System deps
sudo apt install nmap whois whatweb curl dnsutils nikto
# AI backend
curl -fsSL https://ollama.com/install.sh | sh
ollama pull huihui_ai/qwen3.5-abliterated:9b # or :4b for <8GB RAM
ollama create metatron-qwen -f Modelfile
# Launch
python main.py
💡 Tip: The 4B variant runs comfortably on 8GB RAM systems. The 9B model prefers 16GB+.
Disclaimer
This tool is intended for educational purposes and authorized penetration testing only.
- Only use Metatron on systems you own or have explicit written permission to test.
- Unauthorized scanning or exploitation of systems is illegal.
- The author is not responsible for any misuse of this tool.
Bottom line
If you do security work and want AI assistance that respects air-gapped workflows, client confidentiality, or just a clean offline setup, METATRON gives you smart analysis without sending a single byte to the cloud.
Run local. Test hard. Stay private.
