{"id":117,"date":"2026-04-07T23:15:13","date_gmt":"2026-04-07T23:15:13","guid":{"rendered":"https:\/\/www.purple-liquid.com\/?p=117"},"modified":"2026-04-24T16:39:09","modified_gmt":"2026-04-24T16:39:09","slug":"metatron-macos-installation-runbook","status":"publish","type":"post","link":"https:\/\/www.purple-liquid.com\/?p=117","title":{"rendered":"RUNBOOK: METATRON \u2014 macOS Installation"},"content":{"rendered":"\n

METATRON<\/a> is an AI-powered network reconnaissance and vulnerability analysis tool. It combines classic scanning utilities (nmap, nikto, whatweb) with a local Ollama LLM to automatically analyze results, suggest fixes, and log findings to a MariaDB database \u2014 all from a single terminal interface.<\/p>\n\n\n\n

Tested on macOS (Apple Silicon). All deviations from the original Linux README are noted.<\/p>\n\n\n\n

\n\n\n\n

Prerequisites<\/h2>\n\n\n\n

Install Homebrew if not already present:<\/p>\n\n\n\n

\/bin\/bash -c \"$(curl -fsSL https:\/\/raw.githubusercontent.com\/Homebrew\/install\/HEAD\/install.sh)\"<\/code><\/pre>\n\n\n\n
\n\n\n\n
1. System Tools<\/h2>\n\n\n\n
brew install nmap whois curl bind nikto<\/code><\/pre>\n\n\n\n
dig<\/code> is provided by bind<\/code>. whatweb<\/code> is not in Homebrew \u2014 install from source:<\/p>\n\n\n\n
brew install libyaml ruby\ngit clone https:\/\/github.com\/urbanadventurer\/WhatWeb.git ~\/WhatWeb\ncd ~\/WhatWeb\n\/opt\/homebrew\/opt\/ruby\/bin\/bundle install\nsudo ln -sf ~\/WhatWeb\/whatweb \/usr\/local\/bin\/whatweb<\/code><\/pre>\n\n\n\n
Intel Mac: replace \/opt\/homebrew<\/code> with \/usr\/local<\/code> in the bundle command.<\/p><\/blockquote>\n\n\n\n
\n\n\n\n
2. Clone & Python Environment<\/h2>\n\n\n\n
git clone https:\/\/github.com\/sooryathejas\/METATRON.git ~\/METATRON\ncd ~\/METATRON\npython3 -m venv venv\nsource venv\/bin\/activate\npip install -r requirements.txt<\/code><\/pre>\n\n\n\n
\n\n\n\n
3. Ollama & AI Model<\/h2>\n\n\n\n
brew install ollama\nollama serve &   # or leave running in a dedicated terminal<\/code><\/pre>\n\n\n\n
Pull the base model (requires 8.4 GB RAM; use 4b<\/code> if constrained):<\/p>\n\n\n\n
ollama pull huihui_ai\/qwen3.5-abliterated:9b\n# low-RAM alternative:\n# ollama pull huihui_ai\/qwen3.5-abliterated:4b\n# then edit Modelfile: change FROM line to the 4b model name<\/code><\/pre>\n\n\n\n
Build the custom model:<\/p>\n\n\n\n
cd ~\/METATRON\nollama create metatron-qwen -f Modelfile\nollama list   # verify metatron-qwen appears<\/code><\/pre>\n\n\n\n
\n\n\n\n
4. MariaDB<\/h2>\n\n\n\n
brew install mariadb\nbrew services start mariadb<\/code><\/pre>\n\n\n\n
Connect (do NOT use sudo mysql<\/code> \u2014 use your macOS username or plain mysql<\/code>):<\/p>\n\n\n\n
mysql<\/code><\/pre>\n\n\n\n
Create the database and user:<\/p>\n\n\n\n
CREATE DATABASE metatron;\nCREATE USER 'metatron'@'localhost' IDENTIFIED BY '123';\nGRANT ALL PRIVILEGES ON metatron.* TO 'metatron'@'localhost';\nFLUSH PRIVILEGES;\nEXIT;<\/code><\/pre>\n\n\n\n
If mysql<\/code> gives Access denied<\/code>, run:<\/p>\n
ALTER USER 'root'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('');\nFLUSH PRIVILEGES;\nEXIT;<\/code><\/pre>\n
Then reconnect with mysql -u root<\/code>.<\/p><\/blockquote>\n\n\n\n
Create the schema using a file to avoid terminal copy-paste corruption:<\/p>\n\n\n\n
cat > \/tmp\/metatron_schema.sql << 'EOF'\nCREATE TABLE history (\n    sl_no     INT AUTO_INCREMENT PRIMARY KEY,\n    target    VARCHAR(255) NOT NULL,\n    scan_date DATETIME NOT NULL,\n    status    VARCHAR(50) DEFAULT 'active'\n);\n\nCREATE TABLE vulnerabilities (\n    id          INT AUTO_INCREMENT PRIMARY KEY,\n    sl_no       INT,\n    vuln_name   VARCHAR(255),\n    severity    VARCHAR(50),\n    port        VARCHAR(20),\n    service     VARCHAR(100),\n    description TEXT,\n    FOREIGN KEY (sl_no) REFERENCES history(sl_no)\n);\n\nCREATE TABLE fixes (\n    id       INT AUTO_INCREMENT PRIMARY KEY,\n    sl_no    INT,\n    vuln_id  INT,\n    fix_text TEXT,\n    source   VARCHAR(50),\n    FOREIGN KEY (sl_no) REFERENCES history(sl_no),\n    FOREIGN KEY (vuln_id) REFERENCES vulnerabilities(id)\n);\n\nCREATE TABLE exploits_attempted (\n    id           INT AUTO_INCREMENT PRIMARY KEY,\n    sl_no        INT,\n    exploit_name VARCHAR(255),\n    tool_used    VARCHAR(100),\n    payload      TEXT,\n    result       VARCHAR(500),\n    notes        TEXT,\n    FOREIGN KEY (sl_no) REFERENCES history(sl_no)\n);\n\nCREATE TABLE summary (\n    id           INT AUTO_INCREMENT PRIMARY KEY,\n    sl_no        INT,\n    raw_scan     LONGTEXT,\n    ai_analysis  LONGTEXT,\n    risk_level   VARCHAR(50),\n    generated_at DATETIME,\n    FOREIGN KEY (sl_no) REFERENCES history(sl_no)\n);\nEOF\n\nmysql -u metatron -p123 metatron < \/tmp\/metatron_schema.sql<\/code><\/pre>\n\n\n\n
If you need to redo the schema (e.g. after a failed partial run), drop tables first:<\/p>\n\n\n\n
mysql -u metatron -p123 metatron -e \"DROP TABLE IF EXISTS summary, fixes, exploits_attempted, vulnerabilities, history;\"\nmysql -u metatron -p123 metatron < \/tmp\/metatron_schema.sql<\/code><\/pre>\n\n\n\n
\n\n\n\n
5. Running METATRON<\/h2>\n\n\n\n
Requires two terminal tabs.<\/p>\n\n\n\n
Terminal 1 \u2014 load the model:<\/strong><\/p>\n\n\n\n
ollama run metatron-qwen<\/code><\/pre>\n\n\n\n
Wait for the >>><\/code> prompt before proceeding.<\/p>\n\n\n\n
Terminal 2 \u2014 launch METATRON:<\/strong><\/p>\n\n\n\n
cd ~\/METATRON\nsource venv\/bin\/activate\npython metatron.py<\/code><\/pre>\n\n\n\n
\n\n\n\n
Troubleshooting<\/h2>\n\n\n\n
Error<\/th>Fix<\/th><\/tr><\/thead>
Access denied for user 'root'@'localhost'<\/code><\/td>Use plain mysql<\/code> (no flags) or sudo mysql<\/code><\/td><\/tr>
ERROR 1050: Table already exists<\/code><\/td>Drop tables in reverse FK order, then re-import schema file<\/td><\/tr>
psych<\/code> gem compile error during bundle install<\/code><\/td>brew install libyaml ruby<\/code> then use \/opt\/homebrew\/opt\/ruby\/bin\/bundle install<\/code><\/td><\/tr>
Could not find a valid gem 'whatweb'<\/code><\/td>WhatWeb is not on RubyGems \u2014 clone from GitHub (see step 1)<\/td><\/tr>
Copy-paste SQL errors in mysql prompt<\/td>Always use mysql < file.sql<\/code> instead of pasting<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n
Uninstall<\/h2>\n\n\n\n
Remove components in the order below.<\/p>\n\n\n\n
1. METATRON app directory:<\/strong><\/p>\n\n\n\n
rm -rf ~\/METATRON<\/code><\/pre>\n\n\n\n
2. WhatWeb:<\/strong><\/p>\n\n\n\n
sudo rm \/usr\/local\/bin\/whatweb\nrm -rf ~\/WhatWeb<\/code><\/pre>\n\n\n\n
3. Ollama model and service:<\/strong><\/p>\n\n\n\n
ollama rm metatron-qwen\nbrew uninstall ollama<\/code><\/pre>\n\n\n\n
4. MariaDB \u2014 drop the database, user, then the service:<\/strong><\/p>\n\n\n\n
mysql -e \"DROP DATABASE IF EXISTS metatron; DROP USER IF EXISTS 'metatron'@'localhost';\"\nbrew services stop mariadb\nbrew uninstall mariadb\nrm -rf \/opt\/homebrew\/var\/mysql<\/code><\/pre>\n\n\n\n
Intel Mac: the data directory is \/usr\/local\/var\/mysql<\/code>.<\/p><\/blockquote>\n\n\n\n
5. Homebrew packages (optional \u2014 only if not used elsewhere):<\/strong><\/p>\n\n\n\n
brew uninstall nmap whois curl bind nikto libyaml ruby<\/code><\/pre>\n\n","protected":false},"excerpt":{"rendered":"
METATRON is an AI-powered network reconnaissance and vulnerability analysis tool. It combines classic scanning utilities (nmap, nikto, whatweb) with a local Ollama LLM to automatically analyze results, suggest fixes, and log findings to a MariaDB database \u2014 all from a single terminal interface. Tested on macOS (Apple Silicon). All deviations from the original Linux README […]<\/p>\n","protected":false},"author":1,"featured_media":120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[10,12,11,9,13],"class_list":["post-117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech","tag-ai","tag-metasploit","tag-metatron","tag-runbook","tag-security"],"_links":{"self":[{"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/posts\/117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=117"}],"version-history":[{"count":4,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/posts\/117\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/posts\/117\/revisions\/122"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=\/wp\/v2\/media\/120"}],"wp:attachment":[{"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.purple-liquid.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}