METATRON

Overview

METATRON is an AI-powered offline penetration testing assistant that combines traditional reconnaissance tools (nmap, whois, whatweb, curl, dig, nikto) with local LLM models via Ollama. It automates the reconnaissance phase, feeds results to a local AI model for intelligent vulnerability analysis, and suggests exploits—all without internet connectivity or API keys.

Built for Parrot OS and Debian-based systems, METATRON uses MariaDB for persistence and runs completely offline, making it ideal for air-gapped networks and sensitive security operations.

Release: April 2026
License: MIT
GitHub: sooryathejas/METATRON

Installation

Prerequisites

• Linux (Parrot OS/Debian-based)
• Docker or Docker Compose (recommended)
• Ollama installed locally
• At least 8GB RAM (16GB+ recommended for large scans)
• MariaDB or MySQL server

Install from Source

# Clone the repository
git clone https://github.com/sooryathejas/METATRON.git
cd METATRON

# Install Python dependencies
pip install -r requirements.txt

# Install system dependencies
sudo apt-get update
sudo apt-get install -y nmap whois whatweb nikto curl dnsutils

# Set up MariaDB
sudo mysql -u root -p < database/schema.sql

Docker Installation

# Using docker-compose
docker-compose up -d

# Verify services
docker-compose ps

Configure Ollama

# Download a local model (llama2 recommended for security analysis)
ollama pull llama2

# Or use mistral for faster analysis
ollama pull mistral

# Verify model is running
ollama list

Configuration

Environment Setup

Create .env file in project root:

OLLAMA_HOST=http://localhost:11434
OLLAMA_MODEL=llama2
DB_HOST=localhost
DB_USER=metatron
DB_PASSWORD=secure_password_here
DB_NAME=metatron_db
SCAN_TIMEOUT=3600
THREADS=4

Database Configuration

-- Initialize database
CREATE DATABASE metatron_db;
CREATE USER 'metatron'@'localhost' IDENTIFIED BY 'secure_password';
GRANT ALL PRIVILEGES ON metatron_db.* TO 'metatron'@'localhost';
FLUSH PRIVILEGES;

Core Commands

Command	Purpose	Example
metatron scan	Start full reconnaissance scan	metatron scan 192.168.1.100 -p all
metatron nmap	Run Nmap scan with AI analysis	metatron nmap 10.0.0.0/24 -sV
metatron analyze	Analyze scan results with local LLM	metatron analyze scan_id
metatron suggest	Get exploit suggestions	metatron suggest scan_id --service http
metatron whois	Perform WHOIS lookup	metatron whois example.com
metatron dns	DNS enumeration with AI insights	metatron dns example.com
metatron web	Web reconnaissance (whatweb + curl)	metatron web https://example.com
metatron db	List all scans in database	metatron db list
metatron export	Export report to JSON/PDF	metatron export scan_id --format pdf
metatron status	Check service status	metatron status

Reconnaissance Workflow

Basic Scan

# Simple host discovery
metatron scan 192.168.1.100

# Full port scan with service detection
metatron scan 192.168.1.100 -p all -sV

# Scan entire subnet
metatron scan 192.168.1.0/24 --fast

Nmap Integration

# TCP SYN scan
metatron nmap 10.0.0.50 -sS

# UDP scan
metatron nmap 10.0.0.50 -sU -p 53,123,161

# OS detection with service versions
metatron nmap 10.0.0.50 -O -sV

# Aggressive scan
metatron nmap 10.0.0.50 -A

# Save results to database
metatron nmap 10.0.0.50 -sV --save-db

Web Reconnaissance

# Whatweb analysis
metatron web https://example.com --full

# Check SSL/TLS certificate
metatron web https://example.com --check-ssl

# Technology stack detection
metatron web https://example.com --technologies

# Save web reconnaissance
metatron web https://example.com --save-db

DNS Enumeration

# Standard DNS lookup
metatron dns example.com

# Zone transfer attempt
metatron dns example.com --transfer

# Subdomain enumeration
metatron dns example.com --subdomains

# DNSSEC validation
metatron dns example.com --dnssec

AI Analysis Features

Vulnerability Analysis

# Analyze all findings from a scan
metatron analyze scan_id --level deep

# Focus on critical vulnerabilities
metatron analyze scan_id --filter critical

# Generate CVSS scores with AI insights
metatron analyze scan_id --cvss

# Compare against known exploits
metatron analyze scan_id --exploit-db

Exploit Suggestions

# Get exploit suggestions for a scan
metatron suggest scan_id

# Filter by service type
metatron suggest scan_id --service http --service ssh

# Priority-based suggestions
metatron suggest scan_id --priority high

# Export suggested exploits
metatron suggest scan_id --export json

Custom AI Prompts

# Use custom LLM prompt for analysis
metatron analyze scan_id --custom-prompt "Find all OWASP Top 10 issues"

# Security-focused analysis
metatron analyze scan_id --mode security

# Compliance-focused analysis (HIPAA, PCI-DSS)
metatron analyze scan_id --mode compliance --standard pci-dss

Advanced Usage

Batch Scanning

# Scan multiple targets from file
metatron scan-batch targets.txt

# Parallel scanning (4 threads)
metatron scan-batch targets.txt --threads 4

# Resume interrupted batch
metatron scan-batch targets.txt --resume

Database Operations

# List all scans
metatron db list

# View specific scan details
metatron db show scan_id

# Delete old scans (30+ days)
metatron db cleanup --older-than 30

# Export all scans
metatron db export --format json --output report.json

# Generate audit trail
metatron db audit-log --format csv

Report Generation

# Generate PDF report
metatron export scan_id --format pdf --output report.pdf

# HTML executive summary
metatron export scan_id --format html --template executive

# JSON for integration
metatron export scan_id --format json

# CSV vulnerability list
metatron export scan_id --format csv --filter vulnerabilities

Offline Model Management

# List available models
ollama list

# Download additional models
ollama pull neural-chat

# Switch active model
metatron config set OLLAMA_MODEL mistral

# Remove unused models
ollama rm llama2

Integration with Security Tools

Metasploit Integration

# Export findings to Metasploit resource script
metatron export scan_id --format msfconsole --output exploit.rc

# Use in msfconsole
msfconsole -r exploit.rc

Burp Suite Export

# Export as Burp Suite XML
metatron export scan_id --format burp-xml

# Combine with manual testing
# Import XML into Burp Suite Scanner

Nessus/OpenVAS Comparison

# Export in OpenVAS format
metatron export scan_id --format openvas-xml

# Compare with Nessus results
metatron compare scan_id --nessus-file nessus_report.nessus

Configuration Examples

High-Performance Scanning

# metatron.yaml
scan:
  timeout: 7200
  threads: 8
  parallelism: aggressive
  
nmap:
  aggressive: true
  os_detection: true
  service_detection: sV
  
ollama:
  model: mistral
  temperature: 0.3
  max_tokens: 2048

Conservative/Stealth Mode

scan:
  timeout: 14400
  threads: 1
  parallelism: conservative
  rate_limit: slow
  
nmap:
  aggressive: false
  timing: polite
  fragment: true
  
ollama:
  model: llama2
  temperature: 0.1

Performance Tuning

Memory Optimization

# For limited-memory systems
metatron scan target --low-memory
metatron config set OLLAMA_MODEL mistral-small

# Monitor resource usage
metatron status --verbose

Network Optimization

# Reduce network bandwidth
metatron nmap target -T2 --max-rate 100

# Increase scan speed (careful on network)
metatron nmap target -T5 --min-rate 1000

Troubleshooting

Ollama Connection Issues

# Check Ollama service
ollama list

# Restart Ollama
systemctl restart ollama

# Verify connectivity
curl http://localhost:11434/api/tags

# Set explicit host
metatron config set OLLAMA_HOST http://localhost:11434

Database Errors

# Check MariaDB status
sudo systemctl status mariadb

# Verify database connection
mysql -u metatron -p metatron_db -e "SELECT 1;"

# Repair database
sudo mysqlcheck -u root -p --repair --all-databases

Scan Timeouts

# Increase timeout for large networks
metatron scan target --timeout 7200

# Use fast mode for quick scanning
metatron scan target --fast

# Enable progressive output
metatron scan target --verbose

Best Practices

Security Operations

1. Air-Gapped Networks: METATRON is ideal for isolated security assessments
2. Model Updates: Regularly update local LLM models for better analysis
3. Database Backup: Schedule regular MariaDB backups
4. Scan Logging: All scans are automatically logged to database
5. API Key Prevention: No external APIs needed—completely offline

Reconnaissance Methodology

1. Start with host discovery scans
2. Run service enumeration with nmap
3. Perform web reconnaissance on discovered web servers
4. DNS enumeration for subdomain discovery
5. Feed all results to AI analysis engine
6. Review and prioritize findings
7. Generate compliance/audit reports

Compliance & Auditing

# Generate SOC 2 report
metatron export scan_id --template soc2 --format pdf

# HIPAA compliance check
metatron analyze scan_id --standard hipaa

# PCI-DSS assessment
metatron analyze scan_id --standard pci-dss

Resources

• GitHub Repository: https://github.com/sooryathejas/METATRON
• Ollama Models: https://ollama.ai/library
• Nmap Documentation: https://nmap.org/book/
• Parrot OS Guide: https://docs.parrotsec.org/

Community & Support

• GitHub Issues for bug reports and feature requests
• Offline documentation included in repository
• Compatible with Parrot OS security toolkit ecosystem