What it does METATRON is a Python CLI that chains familiar recon tools — nmap, whois, whatweb, curl, dig, nikto — against a target, then feeds the raw output to a local fine-tuned Qwen model via Ollama. The AI returns vulnerability analysis, exploit suggestions, and fixes, all stored in a MariaDB schema with full history, editing, and PDF/HTML export.

The interesting bit The “agentic loop” is the hook: the model can ask for additional tool runs mid-analysis, so the scan deepens without you manually chaining commands. Everything stays local — no API keys, no subscription, just a Debian-based box with ~8 GB RAM and two terminal tabs (one for Ollama, one for the app).

Key highlights

• Fine-tuned metatron-qwen model (based on huihui_ai/qwen3.5-abliterated) with pentest-specific parameters via Ollama Modelfile
• Five linked MariaDB tables track history, vulnerabilities, fixes, exploits attempted, and AI summaries per session
• DuckDuckGo web search + CVE lookup baked in, again with no API key
• Export to PDF or HTML for shareable reports
• Direct edit/delete of saved results from the CLI

Caveats

• Explicitly targets Parrot OS; setup assumes apt and systemd MariaDB, so portability to other distros is unclear
• The 9b model needs 8.4 GB RAM; the 4b fallback is mentioned but untested in the docs
• Two-terminal workflow is slightly clunky; Ollama must be manually pre-loaded in a separate shell

Verdict Worth a spin for pentesters, red-teamers, or security students who want AI-assisted recon without leaking target data to OpenAI. Skip it if you need Windows support, a slick GUI, or guaranteed model accuracy — this is glue code with ambition, not a polished product.