CP
cyberpings

METATRON - New AI Tool Enhances Penetration Testing on Linux

SeverityMEDIUM

Moderate severity — notable industry update or emerging trend

Featured image for METATRON - New AI Tool Enhances Penetration Testing on Linux
CSCyber Security News·Reporting by Guru Baran
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, METATRON is a new tool that helps find security weaknesses in systems using AI.

Quick Summary

A new open-source tool called METATRON is revolutionizing penetration testing. Designed for Linux, it uses AI to assess vulnerabilities offline. This ensures sensitive data remains secure, making it ideal for professionals.

What Is METATRON?

METATRON is an open-source penetration testing framework designed for security professionals. It operates fully offline, utilizing a locally hosted large language model (LLM) for vulnerability assessments. This approach eliminates the need for cloud connectivity and third-party services, making it a secure option for sensitive environments.

Key Features

Built for Parrot OS and other Debian-based Linux distributions, METATRON combines various automated reconnaissance tools. It includes:

  • nmap for port scanning
  • nikto for web server vulnerability detection
  • whois and dig for DNS data
  • whatweb for technology fingerprinting
  • curl for HTTP header inspection

These tools work together to gather comprehensive data about the target system. Once the reconnaissance is complete, the results are analyzed by METATRON's AI model, named metatron-qwen. This model is a fine-tuned version of the huihui_ai/qwen3.5-abliterated:9b base model, specifically customized for penetration testing.

How It Works

The AI model can autonomously request additional tool executions during the analysis. This feature, known as the agentic loop, allows for a more dynamic and thorough assessment process. Additionally, METATRON integrates DuckDuckGo-based web searches and CVE lookups, enabling real-time cross-referencing of discovered services against known vulnerabilities without needing API credentials.

Data Management

METATRON uses a structured five-table MariaDB schema to store scan data. This includes:

  • A central history table
  • Tables for discovered vulnerabilities with severity ratings
  • Records of attempted exploits and their outcomes
  • A summary table with raw scan output and AI analysis

Users can manage their data directly from the command line interface (CLI), allowing for easy editing and exporting of reports in PDF or HTML formats. This feature is particularly beneficial for penetration testers needing to document their findings.

Security and Compliance

One of METATRON's standout features is its zero-exfiltration guarantee. All AI inference occurs on-device, ensuring that sensitive data, such as internal IP ranges and vulnerabilities, never leaves the tester's machine. This makes METATRON a suitable choice for engagements with strict data handling requirements.

Getting Started

METATRON is available on GitHub under the MIT License. It requires a minimum of 8.4 GB RAM for the 9b model variant. Security researchers and professionals can leverage this tool to enhance their penetration testing capabilities while ensuring data security and compliance.

🔒 Pro insight: METATRON's offline AI capabilities significantly reduce the risk of data exposure during penetration tests, appealing to organizations with strict compliance needs.

Original article from

CSCyber Security News· Guru Baran
Read Full Article

Share

Related Pings

LOWTools & Tutorials

Proton Authenticator - End-to-End Encrypted 2FA App Explained

Proton Authenticator is a new open-source 2FA app that enhances online security. It generates time-based passwords and offers encrypted backups for user data. This app ensures privacy without ads or tracking, making it a reliable choice for securing accounts.

Help Net Security·
LOWTools & Tutorials

Best User Access Management Tools - Top Picks for 2026

Explore the best user access management tools for 2026! These tools enhance security and streamline user permissions, helping organizations protect sensitive data and ensure compliance.

Cyber Security News·
LOWTools & Tutorials

Elastic Security - Nine New Integrations Announced

Elastic Security Labs just launched nine new integrations! These tools boost cloud security, endpoint visibility, and email threat detection, helping teams respond to threats faster.

Elastic Security Labs·
MEDIUMTools & Tutorials

6 Critical Mistakes Undermining Cyber Resilience Explained

Organizations often make critical mistakes that weaken their cyber resilience. This article outlines six key errors and how to fix them for better security. Don't let silos hold you back.

CSO Online·
MEDIUMTools & Tutorials

CoBRA - Simplifying Mixed Boolean-Arithmetic Obfuscation

CoBRA simplifies Mixed Boolean-Arithmetic obfuscation, helping security engineers analyze malware and software protection schemes. It boasts a 99.86% success rate, making it a powerful tool in the cybersecurity toolkit. Available as a CLI tool, C++ library, and LLVM pass plugin.

Trail of Bits Blog·
LOWTools & Tutorials

Best Application Performance Monitoring Tools - 2026 Guide

Explore the top application performance monitoring tools for 2026. These tools are crucial for enhancing user experience and optimizing application efficiency. Learn which solutions fit your needs best.

Cyber Security News·