Introducing METATRON: The Open-Source AI Penetration Testing Assistant for Linux
In the ever-evolving landscape of cybersecurity, the demand for efficient and secure penetration testing tools has never been higher. Addressing this need, METATRON emerges as a groundbreaking open-source framework designed to revolutionize vulnerability assessments. Tailored for Parrot OS and other Debian-based Linux distributions, METATRON offers a fully offline, AI-driven approach, ensuring that sensitive data remains within the confines of the user’s system.
Key Features of METATRON:
1. Automated Reconnaissance:
– METATRON streamlines the initial phases of penetration testing by autonomously orchestrating a suite of standard reconnaissance tools. By simply inputting a target IP address or domain, users can initiate comprehensive scans without manual intervention.
2. Integrated Reconnaissance Tools:
– The framework seamlessly integrates several essential tools:
– nmap: Conducts thorough port scanning to identify open ports and services.
– nikto: Detects vulnerabilities in web servers, highlighting potential security risks.
– whois and dig: Retrieve DNS and registration data, offering insights into domain ownership and configurations.
– whatweb: Performs technology fingerprinting to determine the technologies and frameworks in use.
– curl: Inspects HTTP headers, providing valuable information about server configurations.
3. Local AI Analysis with metatron-qwen:
– At the heart of METATRON lies its locally hosted AI model, metatron-qwen. This fine-tuned variant of the `huihui_ai/qwen3.5-abliterated:9b` base model is specifically customized for penetration testing analysis. By running the model locally via Ollama, METATRON eliminates the need for cloud connectivity, API keys, or third-party subscriptions, ensuring that all data processing occurs on-device.
4. Dynamic Agentic Loop:
– One of METATRON’s standout features is its agentic loop. During analysis, the AI model can autonomously request additional tool executions if it determines that more data is required before rendering a verdict. This dynamic, iterative assessment workflow enhances the depth and accuracy of vulnerability evaluations.
5. CVE Integration and Web Search:
– METATRON integrates DuckDuckGo-based web search and Common Vulnerabilities and Exposures (CVE) lookups without necessitating any API credentials. This allows the model to cross-reference discovered services and versions against known public vulnerability databases in real-time, providing up-to-date security insights.
6. Comprehensive Data Management:
– The framework employs a five-table MariaDB schema to persist all scan data. This structured approach includes:
– History Table: Central repository keyed by session number, tracking all assessments.
– Vulnerabilities Table: Stores discovered vulnerabilities along with severity ratings.
– Recommendations Table: Contains suggested fixes sourced from AI analysis.
– Exploits Table: Documents attempted exploits, including payloads and results.
– Summary Table: Compiles raw scan outputs alongside complete AI analysis dumps and overall risk levels.
Users have the flexibility to edit or delete any saved record directly from the command-line interface (CLI) and can export reports in PDF or HTML formats. This feature is particularly beneficial for professional penetration testers who require detailed documentation and audit trails.
7. Zero-Exfiltration Guarantee:
– A significant differentiator of METATRON is its commitment to data privacy. All large language model (LLM) inference occurs on-device through Ollama, ensuring that sensitive target data, including internal IP ranges, banner information, and discovered vulnerabilities, never leaves the tester’s machine. This zero-exfiltration guarantee makes METATRON an ideal choice for engagements with strict data handling requirements.
Technical Specifications:
– Programming Language: Python 3
– Supported Operating Systems: Parrot OS and other Debian-based Linux distributions
– Minimum Hardware Requirements: 8.4 GB RAM for the 9b model variant
– AI Model Parameters:
– Context Window: 16,384 tokens
– Temperature: 0.7
– Top-k: 10
– Top-p: 0.9
Getting Started with METATRON:
To begin using METATRON:
1. Installation:
– Clone the METATRON repository from GitHub:
“`
git clone https://github.com/sooryathejas/METATRON.git
“`
– Navigate to the METATRON directory:
“`
cd METATRON
“`
– Install the required dependencies:
“`
pip install -r requirements.txt
“`
2. Running METATRON:
– Launch METATRON by providing a target IP address or domain:
“`
python metatron.py –target
“`
3. Reviewing Results:
– Upon completion, review the generated reports and analysis stored in the designated output directory.
Conclusion:
METATRON represents a significant advancement in the field of penetration testing. By combining automated reconnaissance with local AI analysis, it offers a robust, privacy-focused solution for security professionals. Its offline capabilities ensure that sensitive data remains secure, while its dynamic features provide comprehensive and accurate vulnerability assessments. As cybersecurity threats continue to evolve, tools like METATRON will be instrumental in safeguarding digital assets.
