CalvinBackup/AutoPentestX
1
0
Fork 0
mirror of https://github.com/Gowtham-Darkseid/AutoPentestX.git synced 2026-05-20 19:44:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clean up README by removing unnecessary sections

Browse Source 
Removed extensive sections from the README including core objectives, features, installation instructions, usage examples, and other details.
This commit is contained in:
Gowtham
2026-02-01 19:40:42 +05:30
committed by GitHub
parent b0245b057f
commit d76449ba46
1 changed files with 0 additions and 513 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
-513
View File
@@ -4,517 +4,4 @@
[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
[![Platform](https://img.shields.io/badge/platform-Linux-lightgrey.svg)](https://www.linux.org/)
## Terminal Cli
<img width="1159" height="651" alt="image" src="https://github.com/user-attachments/assets/0187dccf-3391-4315-9835-de494c072d7e" />
##
<img width="1137" height="432" alt="image" src="https://github.com/user-attachments/assets/22ff45c5-0a62-4a44-a9ce-cd84e53ed618" />
**AutoPentestX** is a comprehensive, production-ready automated penetration testing toolkit designed for Linux systems. It performs fully automated security assessments with a single command, generating professional PDF vulnerability reports.
## ⚠️ Legal Disclaimer
**FOR EDUCATIONAL AND AUTHORIZED TESTING ONLY**
This tool is designed for:
- Educational purposes in controlled lab environments
- Authorized penetration testing with written permission
- Security research on systems you own
**Unauthorized access to computer systems is ILLEGAL and may result in criminal prosecution.**
By using this tool, you agree to:
- Only test systems you own or have explicit written authorization to test
- Comply with all applicable local, state, and federal laws
- Accept full responsibility for your actions
The developers assume NO liability for misuse or damage caused by this tool.
---
## 🎯 Core Objective
From a single target IP or domain, AutoPentestX will:
1. ✅ Detect operating system automatically
2. ✅ Scan all ports comprehensively
3. ✅ Identify services and versions
4. ✅ Detect vulnerabilities
5. ✅ Perform web security scanning
6. ✅ Test for SQL injection
7. ✅ Lookup CVE database
8. ✅ Calculate risk scores
9. ✅ Attempt safe exploitation
10. ✅ Generate professional PDF report
---
## 🚀 Features
### Comprehensive Scanning
- **Network Scanning**: Nmap-powered TCP/UDP port scanning
- **OS Detection**: Automatic operating system fingerprinting
- **Service Enumeration**: Detailed service and version detection
- **Vulnerability Detection**: Common vulnerability identification
### Web Security Testing
- **Nikto Integration**: Web server vulnerability scanning
- **SQLMap Integration**: Automated SQL injection detection
- **Web Service Discovery**: Automatic HTTP/HTTPS service identification
### Intelligence & Analysis
- **CVE Lookup**: Automated CVE database queries
- **CVSS Scoring**: Industry-standard vulnerability scoring
- **Risk Assessment**: Intelligent risk level calculation
- **Exploit Matching**: Automatic exploit identification
### Safe Exploitation
- **Safe Mode**: Non-destructive security testing
- **Metasploit Integration**: Exploit simulation capability
- **RC Script Generation**: Metasploit resource scripts for manual testing
- **Exploit Database**: Pre-configured exploit mappings
### Professional Reporting
- **PDF Generation**: Comprehensive vulnerability reports
- **Executive Summary**: High-level findings overview
- **Technical Details**: Complete vulnerability analysis
- **Risk Scoring**: CRITICAL/HIGH/MEDIUM/LOW classifications
- **Recommendations**: Actionable security guidance
### Data Management
- **SQLite Database**: Persistent scan result storage
- **Detailed Logging**: Complete activity tracking
- **JSON Export**: Machine-readable output
- **Historical Data**: Scan history and trends
---
## 📁 Project Structure
```
AutoPentestX/
├── main.py # Main application orchestrator
├── autopentestx.sh # Single-command launcher script
├── install.sh # Automated installation script
├── requirements.txt # Python dependencies
├── config.json # Configuration settings
├── README.md # This file
├── LICENSE # MIT License
├── DISCLAIMER.md # Legal disclaimer
├── modules/ # Core functionality modules
│ ├── __init__.py
│ ├── database.py # SQLite database handler
│ ├── scanner.py # Network scanning (Nmap)
│ ├── vuln_scanner.py # Vulnerability scanning (Nikto/SQLMap)
│ ├── cve_lookup.py # CVE database lookups
│ ├── risk_engine.py # Risk assessment calculations
│ ├── exploit_engine.py # Safe exploitation engine
│ └── pdf_report.py # PDF report generator
├── reports/ # Generated PDF reports
├── logs/ # Scan logs
├── database/ # SQLite database files
└── exploits/ # Generated Metasploit RC scripts
```
---
## 🔧 Installation
### Prerequisites
- **Operating System**: Kali Linux, Ubuntu 20.04+, or Debian-based Linux
- **Python**: 3.8 or higher
- **Root Access**: Required for certain scanning operations
- **Internet Connection**: For CVE lookups and package installation
### Automated Installation
```bash
# Clone the repository
git clone https://github.com/yourusername/AutoPentestX.git
cd AutoPentestX
# Make installation script executable
chmod +x install.sh
# Run installation
./install.sh
```
The installation script will:
- Install system dependencies (Nmap, Nikto, SQLMap)
- Optionally install Metasploit Framework
- Create Python virtual environment
- Install Python packages
- Create necessary directories
- Set proper permissions
- Test the installation
### Manual Installation
```bash
# Install system dependencies
sudo apt-get update
sudo apt-get install -y python3 python3-pip python3-venv nmap nikto sqlmap
# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install Python dependencies
pip install -r requirements.txt
# Create directories
mkdir -p reports logs database exploits
# Set permissions
chmod +x main.py autopentestx.sh
```
---
## 💻 Usage
### Quick Start
```bash
# Activate virtual environment (if not already activated)
source venv/bin/activate
# Basic scan
python3 main.py -t 192.168.1.100
# Or use the wrapper script
./autopentestx.sh 192.168.1.100
```
### Command Line Options
```bash
python3 main.py -t <target> [options]
Required Arguments:
-t, --target Target IP address or domain name
Optional Arguments:
-n, --tester-name Name of the penetration tester (default: AutoPentestX Team)
--no-safe-mode Disable safe mode (NOT RECOMMENDED)
--skip-web Skip web vulnerability scanning (Nikto/SQLMap)
--skip-exploit Skip exploitation assessment
--version Show version information
-h, --help Show help message
```
### Usage Examples
#### Basic Scan
```bash
python3 main.py -t 192.168.1.100
```
#### Scan with Custom Tester Name
```bash
python3 main.py -t example.com -n "John Doe"
```
#### Quick Scan (Skip Web and Exploit)
```bash
python3 main.py -t 10.0.0.1 --skip-web --skip-exploit
```
#### Full Scan with All Features
```bash
./autopentestx.sh 192.168.1.100
```
---
## 📊 Output & Reports
### PDF Report
After each scan, a comprehensive PDF report is generated in the `reports/` directory:
**Filename Format**: `AutoPentestX_Report_<target>_<timestamp>.pdf`
**Report Contents**:
- Cover page with scan metadata
- Executive summary
- Overall risk assessment
- Scan details (OS, ports, services)
- Open ports table
- Vulnerabilities identified
- CVE details with CVSS scores
- Exploitation assessment
- Security recommendations
- Professional formatting
### Database
All scan data is stored in SQLite database: `database/autopentestx.db`
**Database Tables**:
- `scans` - Scan metadata and summary
- `ports` - Discovered open ports
- `vulnerabilities` - Identified vulnerabilities
- `web_vulnerabilities` - Web-specific findings
- `exploits` - Exploitation attempts
### Log Files
Detailed logs are saved in `logs/` directory:
- Scan activities
- Tool outputs
- Error messages
- Timestamps
---
## 🔬 Technical Details
### Scanning Workflow
```
User Input (Target)
OS Detection (Nmap)
Port Scanning (TCP/UDP)
Service Detection & Version Enumeration
Vulnerability Scanning (Nikto/SQLMap)
CVE Database Lookup
Risk Score Calculation
Exploit Matching & Simulation
PDF Report Generation
Database Storage
```
### Risk Scoring System
**CVSS-based Classification**:
- **CRITICAL**: CVSS 9.0-10.0
- **HIGH**: CVSS 7.0-8.9
- **MEDIUM**: CVSS 4.0-6.9
- **LOW**: CVSS 0.1-3.9
- **UNKNOWN**: No CVSS score available
**Risk Factors**:
- Base CVSS score
- Exploitability (2x weight)
- Public exploit availability (1.5x weight)
- Network accessibility (1.3x weight)
- Service sensitivity
---
## 🛠️ Tools Integrated
| Tool | Purpose | Integration |
|------|---------|-------------|
| **Nmap** | Port scanning, OS detection, service enumeration | `python-nmap` library |
| **Nikto** | Web vulnerability scanning | Subprocess execution |
| **SQLMap** | SQL injection detection | Subprocess execution |
| **Metasploit** | Exploitation framework | RC script generation |
| **CVE CIRCL** | CVE database API | RESTful API calls |
| **SQLite** | Data persistence | Built-in Python `sqlite3` |
| **ReportLab** | PDF generation | `reportlab` library |
---
## 🔐 Security Features
### Safe Mode (Default)
- **Non-Destructive**: No actual exploitation occurs
- **Simulation Only**: Tests feasibility without execution
- **RC Script Generation**: Creates Metasploit scripts for manual review
- **Audit Trail**: All actions logged
### Configurable Options
- Skip specific scan types
- Timeout configurations
- Rate limiting
- Safe mode toggle
### Data Protection
- Confidential report watermarks
- Local-only data storage
- No external data transmission (except CVE API)
- Secure database storage
---
## 📝 Configuration
Edit `config.json` to customize:
```json
{
"scan_settings": {
"default_safe_mode": true,
"timeout": 300
},
"vulnerability_scanning": {
"nikto_enabled": true,
"sqlmap_enabled": true
},
"risk_scoring": {
"cvss_thresholds": {
"critical": 9.0,
"high": 7.0,
"medium": 4.0,
"low": 0.1
}
}
}
```
---
## 🐛 Troubleshooting
### Common Issues
**Issue**: "Permission denied" errors during scanning
```bash
# Solution: Run Nmap portions with sudo or adjust permissions
sudo python3 main.py -t <target>
```
**Issue**: Nikto or SQLMap not found
```bash
# Solution: Install missing tools
sudo apt-get install nikto sqlmap
```
**Issue**: Import errors
```bash
# Solution: Ensure virtual environment is activated
source venv/bin/activate
pip install -r requirements.txt
```
**Issue**: PDF generation fails
```bash
# Solution: Install reportlab dependencies
pip install --upgrade reportlab
```
---
## 🤝 Contributing
Contributions are welcome! Please follow these guidelines:
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly
5. Submit a pull request
**Code Standards**:
- PEP 8 compliance
- Comprehensive comments
- Error handling
- Security best practices
---
## 📜 License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
---
## 👥 Authors
- **AutoPentestX Team** - Initial development
- Cybersecurity researchers and ethical hackers
---
## 🙏 Acknowledgments
- **Offensive Security** - Kali Linux and penetration testing methodologies
- **Rapid7** - Metasploit Framework
- **Nmap Project** - Network scanning capabilities
- **CIRCL** - CVE database API
- **MITRE** - CVE database and classification
- **Security Community** - Continuous research and tool development
---
## 📞 Support
For issues, questions, or contributions:
- Open an issue on GitHub
- Check existing documentation
- Review closed issues for solutions
---
## 🔄 Version History
### v1.0.0 (2025-11-30)
- Initial release
- Complete automated penetration testing workflow
- PDF report generation
- CVE database integration
- Safe exploitation mode
- SQLite database storage
- Comprehensive documentation
---
## 🎓 Educational Resources
This tool is designed for educational purposes. Recommended learning resources:
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [Penetration Testing Execution Standard](http://www.pentest-standard.org/)
- [CEH Certification](https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/)
- [OSCP Certification](https://www.offensive-security.com/pwk-oscp/)
---
## ⚡ Performance Notes
- **Scan Duration**: 5-30 minutes depending on target size
- **Resource Usage**: Moderate CPU/Memory consumption
- **Network Impact**: Generates significant network traffic
- **Recommendations**: Run during authorized testing windows
---
## 🔮 Future Enhancements
Planned features for future releases:
- Multi-target scanning
- Scheduled scans
- Web dashboard
- Email notifications
- Integration with vulnerability management platforms
- Enhanced exploit database
- Machine learning-based vulnerability prediction
---
**Remember: With great power comes great responsibility. Use this tool ethically and legally.**
Happy Hacking (Ethically)! 🎩🔒