AutoPentestX is a comprehensive, production-ready automated penetration testing toolkit designed for Linux systems. It performs fully automated security assessments with a single command, generating professional PDF vulnerability reports.

FOR EDUCATIONAL AND AUTHORIZED TESTING ONLY

This tool is designed for:

• Educational purposes in controlled lab environments
• Authorized penetration testing with written permission
• Security research on systems you own

Unauthorized access to computer systems is ILLEGAL and may result in criminal prosecution.

By using this tool, you agree to:

• Only test systems you own or have explicit written authorization to test
• Comply with all applicable local, state, and federal laws
• Accept full responsibility for your actions

The developers assume NO liability for misuse or damage caused by this tool.

From a single target IP or domain, AutoPentestX will:

1. ✅ Detect operating system automatically
2. ✅ Scan all ports comprehensively
3. ✅ Identify services and versions
4. ✅ Detect vulnerabilities
5. ✅ Perform web security scanning
6. ✅ Test for SQL injection
7. ✅ Lookup CVE database
8. ✅ Calculate risk scores
9. ✅ Attempt safe exploitation
10. ✅ Generate professional PDF report

• Network Scanning: Nmap-powered TCP/UDP port scanning
• OS Detection: Automatic operating system fingerprinting
• Service Enumeration: Detailed service and version detection
• Vulnerability Detection: Common vulnerability identification

• Nikto Integration: Web server vulnerability scanning
• SQLMap Integration: Automated SQL injection detection
• Web Service Discovery: Automatic HTTP/HTTPS service identification

• CVE Lookup: Automated CVE database queries
• CVSS Scoring: Industry-standard vulnerability scoring
• Risk Assessment: Intelligent risk level calculation
• Exploit Matching: Automatic exploit identification

• Safe Mode: Non-destructive security testing
• Metasploit Integration: Exploit simulation capability
• RC Script Generation: Metasploit resource scripts for manual testing
• Exploit Database: Pre-configured exploit mappings

• PDF Generation: Comprehensive vulnerability reports
• Executive Summary: High-level findings overview
• Technical Details: Complete vulnerability analysis
• Risk Scoring: CRITICAL/HIGH/MEDIUM/LOW classifications
• Recommendations: Actionable security guidance

• SQLite Database: Persistent scan result storage
• Detailed Logging: Complete activity tracking
• JSON Export: Machine-readable output
• Historical Data: Scan history and trends

AutoPentestX/
├── main.py                      # Main application orchestrator
├── autopentestx.sh              # Single-command launcher script
├── install.sh                   # Automated installation script
├── requirements.txt             # Python dependencies
├── config.json                  # Configuration settings
├── README.md                    # This file
├── LICENSE                      # MIT License
├── DISCLAIMER.md                # Legal disclaimer
│
├── modules/                     # Core functionality modules
│   ├── __init__.py
│   ├── database.py              # SQLite database handler
│   ├── scanner.py               # Network scanning (Nmap)
│   ├── vuln_scanner.py          # Vulnerability scanning (Nikto/SQLMap)
│   ├── cve_lookup.py            # CVE database lookups
│   ├── risk_engine.py           # Risk assessment calculations
│   ├── exploit_engine.py        # Safe exploitation engine
│   └── pdf_report.py            # PDF report generator
│
├── reports/                     # Generated PDF reports
├── logs/                        # Scan logs
├── database/                    # SQLite database files
└── exploits/                    # Generated Metasploit RC scripts

• Operating System: Kali Linux, Ubuntu 20.04+, or Debian-based Linux
• Python: 3.8 or higher
• Root Access: Required for certain scanning operations
• Internet Connection: For CVE lookups and package installation

# Clone the repository
git clone https://github.com/yourusername/AutoPentestX.git
cd AutoPentestX

# Make installation script executable
chmod +x install.sh

# Run installation
./install.sh

The installation script will:

• Install system dependencies (Nmap, Nikto, SQLMap)
• Optionally install Metasploit Framework
• Create Python virtual environment
• Install Python packages
• Create necessary directories
• Set proper permissions
• Test the installation

# Install system dependencies
sudo apt-get update
sudo apt-get install -y python3 python3-pip python3-venv nmap nikto sqlmap

# Create virtual environment
python3 -m venv venv
source venv/bin/activate

# Install Python dependencies
pip install -r requirements.txt

# Create directories
mkdir -p reports logs database exploits

# Set permissions
chmod +x main.py autopentestx.sh

# Activate virtual environment (if not already activated)
source venv/bin/activate

# Basic scan
python3 main.py -t 192.168.1.100

# Or use the wrapper script
./autopentestx.sh 192.168.1.100

python3 main.py -t <target> [options]

Required Arguments:
  -t, --target          Target IP address or domain name

Optional Arguments:
  -n, --tester-name     Name of the penetration tester (default: AutoPentestX Team)
  --no-safe-mode        Disable safe mode (NOT RECOMMENDED)
  --skip-web            Skip web vulnerability scanning (Nikto/SQLMap)
  --skip-exploit        Skip exploitation assessment
  --version             Show version information
  -h, --help            Show help message

python3 main.py -t 192.168.1.100

python3 main.py -t example.com -n "John Doe"

python3 main.py -t 10.0.0.1 --skip-web --skip-exploit

./autopentestx.sh 192.168.1.100

After each scan, a comprehensive PDF report is generated in the reports/ directory:

Filename Format: AutoPentestX_Report_<target>_<timestamp>.pdf

Report Contents:

• Cover page with scan metadata
• Executive summary
• Overall risk assessment
• Scan details (OS, ports, services)
• Open ports table
• Vulnerabilities identified
• CVE details with CVSS scores
• Exploitation assessment
• Security recommendations
• Professional formatting

All scan data is stored in SQLite database: database/autopentestx.db

Database Tables:

• scans - Scan metadata and summary
• ports - Discovered open ports
• vulnerabilities - Identified vulnerabilities
• web_vulnerabilities - Web-specific findings
• exploits - Exploitation attempts

Detailed logs are saved in logs/ directory:

• Scan activities
• Tool outputs
• Error messages
• Timestamps

User Input (Target)
    ↓
OS Detection (Nmap)
    ↓
Port Scanning (TCP/UDP)
    ↓
Service Detection & Version Enumeration
    ↓
Vulnerability Scanning (Nikto/SQLMap)
    ↓
CVE Database Lookup
    ↓
Risk Score Calculation
    ↓
Exploit Matching & Simulation
    ↓
PDF Report Generation
    ↓
Database Storage

CVSS-based Classification:

• CRITICAL: CVSS 9.0-10.0
• HIGH: CVSS 7.0-8.9
• MEDIUM: CVSS 4.0-6.9
• LOW: CVSS 0.1-3.9
• UNKNOWN: No CVSS score available

Risk Factors:

• Base CVSS score
• Exploitability (2x weight)
• Public exploit availability (1.5x weight)
• Network accessibility (1.3x weight)
• Service sensitivity

• Non-Destructive: No actual exploitation occurs
• Simulation Only: Tests feasibility without execution
• RC Script Generation: Creates Metasploit scripts for manual review
• Audit Trail: All actions logged

• Skip specific scan types
• Timeout configurations
• Rate limiting
• Safe mode toggle

• Confidential report watermarks
• Local-only data storage
• No external data transmission (except CVE API)
• Secure database storage

Edit config.json to customize:

{
  "scan_settings": {
    "default_safe_mode": true,
    "timeout": 300
  },
  "vulnerability_scanning": {
    "nikto_enabled": true,
    "sqlmap_enabled": true
  },
  "risk_scoring": {
    "cvss_thresholds": {
      "critical": 9.0,
      "high": 7.0,
      "medium": 4.0,
      "low": 0.1
    }
  }
}

Issue: "Permission denied" errors during scanning

# Solution: Run Nmap portions with sudo or adjust permissions
sudo python3 main.py -t <target>

Issue: Nikto or SQLMap not found

# Solution: Install missing tools
sudo apt-get install nikto sqlmap

Issue: Import errors

# Solution: Ensure virtual environment is activated
source venv/bin/activate
pip install -r requirements.txt

Issue: PDF generation fails

# Solution: Install reportlab dependencies
pip install --upgrade reportlab

Contributions are welcome! Please follow these guidelines:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly
5. Submit a pull request

Code Standards:

• PEP 8 compliance
• Comprehensive comments
• Error handling
• Security best practices

This project is licensed under the MIT License - see the LICENSE file for details.

• AutoPentestX Team - Initial development
• Cybersecurity researchers and ethical hackers

• Offensive Security - Kali Linux and penetration testing methodologies
• Rapid7 - Metasploit Framework
• Nmap Project - Network scanning capabilities
• CIRCL - CVE database API
• MITRE - CVE database and classification
• Security Community - Continuous research and tool development

For issues, questions, or contributions:

• Open an issue on GitHub
• Check existing documentation
• Review closed issues for solutions

• Initial release
• Complete automated penetration testing workflow
• PDF report generation
• CVE database integration
• Safe exploitation mode
• SQLite database storage
• Comprehensive documentation

This tool is designed for educational purposes. Recommended learning resources:

• OWASP Testing Guide
• Penetration Testing Execution Standard
• CEH Certification
• OSCP Certification

• Scan Duration: 5-30 minutes depending on target size
• Resource Usage: Moderate CPU/Memory consumption
• Network Impact: Generates significant network traffic
• Recommendations: Run during authorized testing windows

Planned features for future releases:

• Multi-target scanning
• Scheduled scans
• Web dashboard
• Email notifications
• Integration with vulnerability management platforms
• Enhanced exploit database
• Machine learning-based vulnerability prediction

Remember: With great power comes great responsibility. Use this tool ethically and legally.

Happy Hacking (Ethically)! 🎩🔒