From d76449ba463e0d017bfe1d1db39cf553335d4abc Mon Sep 17 00:00:00 2001 From: Gowtham <123238178+Gowtham-Darkseid@users.noreply.github.com> Date: Sun, 1 Feb 2026 19:40:42 +0530 Subject: [PATCH] Clean up README by removing unnecessary sections Removed extensive sections from the README including core objectives, features, installation instructions, usage examples, and other details. --- README.md | 513 ------------------------------------------------------ 1 file changed, 513 deletions(-) diff --git a/README.md b/README.md index d14c8d0..d93a623 100644 --- a/README.md +++ b/README.md @@ -4,517 +4,4 @@ [![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/) [![Platform](https://img.shields.io/badge/platform-Linux-lightgrey.svg)](https://www.linux.org/) -## Terminal Cli -image - -## - -image - - - - -**AutoPentestX** is a comprehensive, production-ready automated penetration testing toolkit designed for Linux systems. It performs fully automated security assessments with a single command, generating professional PDF vulnerability reports. - -## ⚠️ Legal Disclaimer - -**FOR EDUCATIONAL AND AUTHORIZED TESTING ONLY** - -This tool is designed for: -- Educational purposes in controlled lab environments -- Authorized penetration testing with written permission -- Security research on systems you own - -**Unauthorized access to computer systems is ILLEGAL and may result in criminal prosecution.** - -By using this tool, you agree to: -- Only test systems you own or have explicit written authorization to test -- Comply with all applicable local, state, and federal laws -- Accept full responsibility for your actions - -The developers assume NO liability for misuse or damage caused by this tool. - ---- - -## 🎯 Core Objective - -From a single target IP or domain, AutoPentestX will: - -1. ✅ Detect operating system automatically -2. ✅ Scan all ports comprehensively -3. ✅ Identify services and versions -4. ✅ Detect vulnerabilities -5. ✅ Perform web security scanning -6. ✅ Test for SQL injection -7. ✅ Lookup CVE database -8. ✅ Calculate risk scores -9. ✅ Attempt safe exploitation -10. ✅ Generate professional PDF report - ---- - -## 🚀 Features - -### Comprehensive Scanning -- **Network Scanning**: Nmap-powered TCP/UDP port scanning -- **OS Detection**: Automatic operating system fingerprinting -- **Service Enumeration**: Detailed service and version detection -- **Vulnerability Detection**: Common vulnerability identification - -### Web Security Testing -- **Nikto Integration**: Web server vulnerability scanning -- **SQLMap Integration**: Automated SQL injection detection -- **Web Service Discovery**: Automatic HTTP/HTTPS service identification - -### Intelligence & Analysis -- **CVE Lookup**: Automated CVE database queries -- **CVSS Scoring**: Industry-standard vulnerability scoring -- **Risk Assessment**: Intelligent risk level calculation -- **Exploit Matching**: Automatic exploit identification - -### Safe Exploitation -- **Safe Mode**: Non-destructive security testing -- **Metasploit Integration**: Exploit simulation capability -- **RC Script Generation**: Metasploit resource scripts for manual testing -- **Exploit Database**: Pre-configured exploit mappings - -### Professional Reporting -- **PDF Generation**: Comprehensive vulnerability reports -- **Executive Summary**: High-level findings overview -- **Technical Details**: Complete vulnerability analysis -- **Risk Scoring**: CRITICAL/HIGH/MEDIUM/LOW classifications -- **Recommendations**: Actionable security guidance - -### Data Management -- **SQLite Database**: Persistent scan result storage -- **Detailed Logging**: Complete activity tracking -- **JSON Export**: Machine-readable output -- **Historical Data**: Scan history and trends - ---- - -## 📁 Project Structure - -``` -AutoPentestX/ -├── main.py # Main application orchestrator -├── autopentestx.sh # Single-command launcher script -├── install.sh # Automated installation script -├── requirements.txt # Python dependencies -├── config.json # Configuration settings -├── README.md # This file -├── LICENSE # MIT License -├── DISCLAIMER.md # Legal disclaimer -│ -├── modules/ # Core functionality modules -│ ├── __init__.py -│ ├── database.py # SQLite database handler -│ ├── scanner.py # Network scanning (Nmap) -│ ├── vuln_scanner.py # Vulnerability scanning (Nikto/SQLMap) -│ ├── cve_lookup.py # CVE database lookups -│ ├── risk_engine.py # Risk assessment calculations -│ ├── exploit_engine.py # Safe exploitation engine -│ └── pdf_report.py # PDF report generator -│ -├── reports/ # Generated PDF reports -├── logs/ # Scan logs -├── database/ # SQLite database files -└── exploits/ # Generated Metasploit RC scripts -``` - ---- - -## 🔧 Installation - -### Prerequisites - -- **Operating System**: Kali Linux, Ubuntu 20.04+, or Debian-based Linux -- **Python**: 3.8 or higher -- **Root Access**: Required for certain scanning operations -- **Internet Connection**: For CVE lookups and package installation - -### Automated Installation - -```bash -# Clone the repository -git clone https://github.com/yourusername/AutoPentestX.git -cd AutoPentestX - -# Make installation script executable -chmod +x install.sh - -# Run installation -./install.sh -``` - -The installation script will: -- Install system dependencies (Nmap, Nikto, SQLMap) -- Optionally install Metasploit Framework -- Create Python virtual environment -- Install Python packages -- Create necessary directories -- Set proper permissions -- Test the installation - -### Manual Installation - -```bash -# Install system dependencies -sudo apt-get update -sudo apt-get install -y python3 python3-pip python3-venv nmap nikto sqlmap - -# Create virtual environment -python3 -m venv venv -source venv/bin/activate - -# Install Python dependencies -pip install -r requirements.txt - -# Create directories -mkdir -p reports logs database exploits - -# Set permissions -chmod +x main.py autopentestx.sh -``` - ---- - -## 💻 Usage - -### Quick Start - -```bash -# Activate virtual environment (if not already activated) -source venv/bin/activate - -# Basic scan -python3 main.py -t 192.168.1.100 - -# Or use the wrapper script -./autopentestx.sh 192.168.1.100 -``` - -### Command Line Options - -```bash -python3 main.py -t [options] - -Required Arguments: - -t, --target Target IP address or domain name - -Optional Arguments: - -n, --tester-name Name of the penetration tester (default: AutoPentestX Team) - --no-safe-mode Disable safe mode (NOT RECOMMENDED) - --skip-web Skip web vulnerability scanning (Nikto/SQLMap) - --skip-exploit Skip exploitation assessment - --version Show version information - -h, --help Show help message -``` - -### Usage Examples - -#### Basic Scan -```bash -python3 main.py -t 192.168.1.100 -``` - -#### Scan with Custom Tester Name -```bash -python3 main.py -t example.com -n "John Doe" -``` - -#### Quick Scan (Skip Web and Exploit) -```bash -python3 main.py -t 10.0.0.1 --skip-web --skip-exploit -``` - -#### Full Scan with All Features -```bash -./autopentestx.sh 192.168.1.100 -``` - ---- - -## 📊 Output & Reports - -### PDF Report - -After each scan, a comprehensive PDF report is generated in the `reports/` directory: - -**Filename Format**: `AutoPentestX_Report__.pdf` - -**Report Contents**: -- Cover page with scan metadata -- Executive summary -- Overall risk assessment -- Scan details (OS, ports, services) -- Open ports table -- Vulnerabilities identified -- CVE details with CVSS scores -- Exploitation assessment -- Security recommendations -- Professional formatting - -### Database - -All scan data is stored in SQLite database: `database/autopentestx.db` - -**Database Tables**: -- `scans` - Scan metadata and summary -- `ports` - Discovered open ports -- `vulnerabilities` - Identified vulnerabilities -- `web_vulnerabilities` - Web-specific findings -- `exploits` - Exploitation attempts - -### Log Files - -Detailed logs are saved in `logs/` directory: -- Scan activities -- Tool outputs -- Error messages -- Timestamps - ---- - -## 🔬 Technical Details - -### Scanning Workflow - -``` -User Input (Target) - ↓ -OS Detection (Nmap) - ↓ -Port Scanning (TCP/UDP) - ↓ -Service Detection & Version Enumeration - ↓ -Vulnerability Scanning (Nikto/SQLMap) - ↓ -CVE Database Lookup - ↓ -Risk Score Calculation - ↓ -Exploit Matching & Simulation - ↓ -PDF Report Generation - ↓ -Database Storage -``` - -### Risk Scoring System - -**CVSS-based Classification**: -- **CRITICAL**: CVSS 9.0-10.0 -- **HIGH**: CVSS 7.0-8.9 -- **MEDIUM**: CVSS 4.0-6.9 -- **LOW**: CVSS 0.1-3.9 -- **UNKNOWN**: No CVSS score available - -**Risk Factors**: -- Base CVSS score -- Exploitability (2x weight) -- Public exploit availability (1.5x weight) -- Network accessibility (1.3x weight) -- Service sensitivity - ---- - -## 🛠️ Tools Integrated - -| Tool | Purpose | Integration | -|------|---------|-------------| -| **Nmap** | Port scanning, OS detection, service enumeration | `python-nmap` library | -| **Nikto** | Web vulnerability scanning | Subprocess execution | -| **SQLMap** | SQL injection detection | Subprocess execution | -| **Metasploit** | Exploitation framework | RC script generation | -| **CVE CIRCL** | CVE database API | RESTful API calls | -| **SQLite** | Data persistence | Built-in Python `sqlite3` | -| **ReportLab** | PDF generation | `reportlab` library | - ---- - -## 🔐 Security Features - -### Safe Mode (Default) - -- **Non-Destructive**: No actual exploitation occurs -- **Simulation Only**: Tests feasibility without execution -- **RC Script Generation**: Creates Metasploit scripts for manual review -- **Audit Trail**: All actions logged - -### Configurable Options - -- Skip specific scan types -- Timeout configurations -- Rate limiting -- Safe mode toggle - -### Data Protection - -- Confidential report watermarks -- Local-only data storage -- No external data transmission (except CVE API) -- Secure database storage - ---- - -## 📝 Configuration - -Edit `config.json` to customize: - -```json -{ - "scan_settings": { - "default_safe_mode": true, - "timeout": 300 - }, - "vulnerability_scanning": { - "nikto_enabled": true, - "sqlmap_enabled": true - }, - "risk_scoring": { - "cvss_thresholds": { - "critical": 9.0, - "high": 7.0, - "medium": 4.0, - "low": 0.1 - } - } -} -``` - ---- - -## 🐛 Troubleshooting - -### Common Issues - -**Issue**: "Permission denied" errors during scanning -```bash -# Solution: Run Nmap portions with sudo or adjust permissions -sudo python3 main.py -t -``` - -**Issue**: Nikto or SQLMap not found -```bash -# Solution: Install missing tools -sudo apt-get install nikto sqlmap -``` - -**Issue**: Import errors -```bash -# Solution: Ensure virtual environment is activated -source venv/bin/activate -pip install -r requirements.txt -``` - -**Issue**: PDF generation fails -```bash -# Solution: Install reportlab dependencies -pip install --upgrade reportlab -``` - ---- - -## 🤝 Contributing - -Contributions are welcome! Please follow these guidelines: - -1. Fork the repository -2. Create a feature branch -3. Make your changes -4. Test thoroughly -5. Submit a pull request - -**Code Standards**: -- PEP 8 compliance -- Comprehensive comments -- Error handling -- Security best practices - ---- - -## 📜 License - -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. - ---- - -## 👥 Authors - -- **AutoPentestX Team** - Initial development -- Cybersecurity researchers and ethical hackers - ---- - -## 🙏 Acknowledgments - -- **Offensive Security** - Kali Linux and penetration testing methodologies -- **Rapid7** - Metasploit Framework -- **Nmap Project** - Network scanning capabilities -- **CIRCL** - CVE database API -- **MITRE** - CVE database and classification -- **Security Community** - Continuous research and tool development - ---- - -## 📞 Support - -For issues, questions, or contributions: -- Open an issue on GitHub -- Check existing documentation -- Review closed issues for solutions - ---- - -## 🔄 Version History - -### v1.0.0 (2025-11-30) -- Initial release -- Complete automated penetration testing workflow -- PDF report generation -- CVE database integration -- Safe exploitation mode -- SQLite database storage -- Comprehensive documentation - ---- - -## 🎓 Educational Resources - -This tool is designed for educational purposes. Recommended learning resources: - -- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) -- [Penetration Testing Execution Standard](http://www.pentest-standard.org/) -- [CEH Certification](https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/) -- [OSCP Certification](https://www.offensive-security.com/pwk-oscp/) - ---- - -## ⚡ Performance Notes - -- **Scan Duration**: 5-30 minutes depending on target size -- **Resource Usage**: Moderate CPU/Memory consumption -- **Network Impact**: Generates significant network traffic -- **Recommendations**: Run during authorized testing windows - ---- - -## 🔮 Future Enhancements - -Planned features for future releases: -- Multi-target scanning -- Scheduled scans -- Web dashboard -- Email notifications -- Integration with vulnerability management platforms -- Enhanced exploit database -- Machine learning-based vulnerability prediction - ---- - -**Remember: With great power comes great responsibility. Use this tool ethically and legally.** - -Happy Hacking (Ethically)! 🎩🔒