OPEN LINK ↗
// 54d agoOPENSOURCE RELEASE
METATRON adds agentic local pentest loop
METATRON is a CLI penetration-testing assistant that runs locally on Linux with Ollama, using a fine-tuned Qwen 3.5 9B model to analyze recon results and suggest next steps. The standout bit is the agentic loop: the model can ask for more tool runs mid-analysis instead of waiting for a fixed script flow.
// ANALYSIS
This is a strong demo of where local LLMs are actually useful: not just summarizing scan output, but steering the next recon step without cloud dependency. The tradeoff is that agentic pentesting only matters if the tool boundaries, logs, and prompts are tight enough to keep the loop reproducible and safe.
- –Local inference lowers cost and keeps target data off third-party APIs, which matters for security work
- –The design is opinionated toward Parrot OS, MariaDB, and a specific toolchain, so portability will determine whether it feels like a real product or a lab project
- –Agentic tool use can improve coverage versus a static script, but it also raises the bar for guardrails, audit trails, and deterministic replay
- –Fine-tuning Qwen 3.5 9B for pentest workflows is a sensible size/perf choice for offline use, especially if the model can reliably call tools
- –The repo reads more like an open-source security workflow prototype than a polished platform, which is fine, but it sets expectations accordingly
// TAGS
metatroncliagentllmautomationopen-source
DISCOVERED
54d ago
2026-04-04
PUBLISHED
54d ago
2026-04-04
RELEVANCE
8/ 10
AUTHOR
Additional-Tax-5863
