METATRON brings local LLMs to pentesting

Most security teams still run their scans with one hand tied behind their back. The tools can probe a target machine, but the analysis step often sends raw findings to a cloud model, which means internal hostnames, software versions, and exposed services may leave the lab before the report is even written. (springer.com) A penetration test is a controlled break-in. An authorized tester uses the same doors an attacker would try, then writes down which locks failed, which windows were open, and which alarms never rang. (springer.com) Modern scans create a flood of machine output. A single run can include port lists from Nmap, web fingerprints from WhatWeb, Domain Name System records from dig, header responses from curl, and web server findings from Nikto, all of which still need a human to connect into one story. (github.com) Large language models are good at that stitching job. They can read dozens of tool outputs, spot that an old web server and a weak login page belong to the same attack path, and turn scattered text into a plan a tester can follow. (springer.com) The problem is where the model runs. If the model sits on a third-party cloud service, the tester has to ship scan data off the local machine, and that can collide with privacy rules, client contracts, or simple common sense when the target is sensitive. (springer.com) That is why local models matter. A local model runs on the tester’s own hardware, so the scan results stay in the same room as the keyboard instead of crossing the internet to an outside provider. (github.com) This setup is especially useful in air-gapped networks. An air-gapped system is a computer environment deliberately kept off the public internet, like a vault with no phone line, so cloud tools are not just risky there but unusable. (github.com) The new project in this story is called METATRON. Its GitHub page describes it as a command-line artificial intelligence penetration testing assistant for Linux that runs entirely on the local machine with no cloud service, no application programming interface keys, and no subscription requirement. (github.com) METATRON works by chaining familiar recon tools into one loop. The project says it accepts a target internet protocol address or domain, runs Nmap, whois, WhatWeb, curl, dig, and Nikto, then feeds those results into a locally running model for analysis. (github.com) The model layer appears to be built around Ollama, which is a local model runner, and the repository’s code points to a model name called metatron-qwen served through a localhost endpoint at port 11434. The same code sets a maximum of 9 tool loops, which suggests the assistant can ask for more data, run another command, and keep iterating before it stops. (github.com) That looping behavior is what people mean by agentic testing here. Instead of answering once like a chatbot, the system can inspect a scan result, decide it needs another command, run that command, and fold the new output back into the next step. (github.com) The repository also says METATRON stores results in MariaDB with scan history. That turns one-off command output into a running record, which is useful when a team wants to compare a host on Monday with the same host after a patch on Friday. (github.com) The operating system focus is narrow for now. The project describes itself as built for Linux, with repeated references to Parrot OS and Debian-based systems rather than Windows or macOS. (github.com; cybersecuritynews.com) That narrow focus is part of why the tool is getting attention. Security teams have used generative artificial intelligence for write-ups and scripting for more than a year, but an open-source assistant that keeps recon, reasoning, and storage on a local Linux box offers a cleaner fit for private engagements than a workflow that depends on outside model providers. (springer.com; github.com) The catch is that local does not mean magic. A model that reads tool output can still hallucinate, miss context, or recommend an exploit path that a human tester should reject, which is why the useful frame for METATRON is “assistant” rather than “autopilot.” (springer.com) Even so, METATRON shows where a slice of security work is heading. If a tester can run reconnaissance, analysis, and follow-up questions on one offline Linux machine, then language models stop being a cloud add-on and start looking more like another local tool in the kit, alongside Nmap and Nikto. (github.com; cybersecuritynews.com)