Automated penetration testing toolkit for security assessment, vulnerability scanning, and automated security reporting
---
name: autopentestx-automated-pentesting
description: Automated penetration testing toolkit for security assessment, vulnerability scanning, and automated security reporting
triggers:
- run automated penetration test
- scan for vulnerabilities with autopentestx
- perform automated security assessment
- generate penetration test report
- use autopentestx for security testing
- automate vulnerability scanning
- conduct automated pentest
- run security scan with autopentestx
---
# AutoPentestX Automated Pentesting Skill
> Skill by [ara.so](https://ara.so) — Security Skills collection.
AutoPentestX is an automated penetration testing and vulnerability reporting tool built in Python. It streamlines security assessments by automating common pentesting tasks including reconnaissance, scanning, vulnerability detection, and report generation.
## Installation
### Prerequisites
- Python 3.8 or higher
- Linux operating system (recommended)
- Root/sudo privileges for certain scanning features
### Basic Installation
```bash
# Clone the repository
git clone https://github.com/Gowtham-Darkseid/AutoPentestX.git
cd AutoPentestX
# Install dependencies
pip install -r requirements.txt
# Make the main script executable
chmod +x autopentestx.py
```
### Alternative Installation with Virtual Environment
```bash
# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
```
## Core Functionality
AutoPentestX provides automated security testing capabilities including:
- **Network Reconnaissance**: Port scanning, service detection, OS fingerprinting
- **Vulnerability Scanning**: Automated detection of common vulnerabilities
- **Web Application Testing**: SQL injection, XSS, directory traversal checks
- **Report Generation**: Automated PDF/HTML reports with findings
- **Multi-target Support**: Scan multiple hosts from target lists
## Basic Usage
### Running a Basic Scan
```python
#!/usr/bin/env python3
from autopentestx import AutoPentestX
# Initialize the scanner
scanner = AutoPentestX()
# Scan a single target
target = "192.168.1.100"
results = scanner.scan(target)
# Generate report
scanner.generate_report(results, output_format="html")
```
### Command Line Interface
```bash
# Basic scan of a single target
python3 autopentestx.py -t 192.168.1.100
# Scan with verbose output
python3 autopentestx.py -t 192.168.1.100 -v
# Scan multiple targets from file
python3 autopentestx.py -f targets.txt
# Specify output format
python3 autopentestx.py -t 192.168.1.100 -o pdf
# Run specific modules only
python3 autopentestx.py -t 192.168.1.100 -m portscan,vulnscan
```
## Configuration
### Configuration File Structure
Create a `config.json` file for persistent settings:
```json
{
"scan_settings": {
"timeout": 300,
"threads": 10,
"rate_limit": 100
},
"modules": {
"port_scan": true,
"vuln_scan": true,
"web_scan": true,
"brute_force": false
},
"reporting": {
"format": "html",
"output_dir": "./reports",
"include_screenshots": false
},
"network": {
"user_agent": "AutoPentestX/1.0",
"proxy": null,
"verify_ssl": true
}
}
```
### Loading Configuration
```python
import json
from autopentestx import AutoPentestX
# Load configuration
with open('config.json', 'r') as f:
config = json.load(f)
# Initialize with config
scanner = AutoPentestX(config=config)
```
## Advanced Usage Patterns
### Custom Scanning Workflow
```python
from autopentestx import AutoPentestX, ScanModule
# Initialize scanner
scanner = AutoPentestX()
# Configure specific scan parameters
scan_config = {
'target': '192.168.1.0/24',
'scan_type': 'comprehensive',
'port_range': '1-65535',
'timeout': 600
}
# Run reconnaissance
recon_results = scanner.run_module('reconnaissance', scan_config)
# Perform port scanning
port_results = scanner.run_module('port_scan', {
'target': scan_config['target'],
'ports': [21, 22, 80, 443, 3306, 8080]
})
# Vulnerability assessment
vuln_results = scanner.run_module('vulnerability_scan', {
'target': scan_config['target'],
'services': port_results['open_ports']
})
# Compile results
final_report = scanner.compile_results([
recon_results,
port_results,
vuln_results
])
# Generate report
scanner.generate_report(final_report, format='pdf', output='security_assessment.pdf')
```
### Web Application Testing
```python
from autopentestx import WebScanner
# Initialize web scanner
web_scanner = WebScanner()
# Configure target
target_url = "http://example.com"
# SQL Injection testing
sqli_results = web_scanner.test_sql_injection(
url=target_url,
forms=True,
params=True
)
# XSS testing
xss_results = web_scanner.test_xss(
url=target_url,
payloads='default'
)
# Directory traversal
dir_trav_results = web_scanner.test_directory_traversal(
url=target_url
)
# Generate web-specific report
web_scanner.generate_report({
'sqli': sqli_results,
'xss': xss_results,
'directory_traversal': dir_trav_results
})
```
### Batch Scanning from Target List
```python
from autopentestx import AutoPentestX
import concurrent.futures
# Initialize scanner
scanner = AutoPentestX()
# Load targets
with open('targets.txt', 'r') as f:
targets = [line.strip() for line in f if line.strip()]
# Parallel scanning function
def scan_target(target):
try:
results = scanner.scan(target)
return {
'target': target,
'status': 'success',
'results': results
}
except Exception as e:
return {
'target': target,
'status': 'failed',
'error': str(e)
}
# Execute parallel scans
with concurrent.futures.ThreadPoolExecutor(max_workers=5) as executor:
scan_results = list(executor.map(scan_target, targets))
# Aggregate results
successful_scans = [r for r in scan_results if r['status'] == 'success']
failed_scans = [r for r in scan_results if r['status'] == 'failed']
print(f"Successful: {len(successful_scans)}, Failed: {len(failed_scans)}")
# Generate comprehensive report
scanner.generate_batch_report(successful_scans, output='batch_pentest_report.pdf')
```
## Report Generation
### Custom Report Templates
```python
from autopentestx import ReportGenerator
# Initialize report generator
report_gen = ReportGenerator()
# Define custom template
template_config = {
'title': 'Security Assessment Report',
'sections': [
'executive_summary',
'methodology',
'findings',
'recommendations',
'appendix'
],
'severity_colors': {
'critical': '#FF0000',
'high': '#FF6600',
'medium': '#FFCC00',
'low': '#00FF00'
}
}
# Generate report with custom template
report_gen.create_report(
results=scan_results,
template=template_config,
output_file='custom_report.pdf'
)
```
### Exporting Results to JSON
```python
import json
from autopentestx import AutoPentestX
scanner = AutoPentestX()
results = scanner.scan('192.168.1.100')
# Export to JSON
with open('scan_results.json', 'w') as f:
json.dump(results, f, indent=2)
# Export specific findings
vulnerabilities = results.get('vulnerabilities', [])
with open('vulnerabilities.json', 'w') as f:
json.dump(vulnerabilities, f, indent=2)
```
## Environment Variables
Configure AutoPentestX using environment variables:
```bash
# Set API keys for integrations (if applicable)
export AUTOPENTESTX_API_KEY="your_api_key_here"
# Configure proxy settings
export AUTOPENTESTX_PROXY="http://proxy.example.com:8080"
# Set report output directory
export AUTOPENTESTX_OUTPUT_DIR="/var/reports"
# Configure logging level
export AUTOPENTESTX_LOG_LEVEL="DEBUG"
# Set scan timeout
export AUTOPENTESTX_TIMEOUT="600"
```
### Using Environment Variables in Code
```python
import os
from autopentestx import AutoPentestX
# Initialize with environment variables
scanner = AutoPentestX(
api_key=os.getenv('AUTOPENTESTX_API_KEY'),
proxy=os.getenv('AUTOPENTESTX_PROXY'),
output_dir=os.getenv('AUTOPENTESTX_OUTPUT_DIR', './reports'),
timeout=int(os.getenv('AUTOPENTESTX_TIMEOUT', '300'))
)
```
## Common Patterns
### Safe Scanning with Rate Limiting
```python
from autopentestx import AutoPentestX
import time
scanner = AutoPentestX()
# Configure rate limiting
scanner.set_rate_limit(requests_per_second=10)
# Scan with delays
targets = ['192.168.1.1', '192.168.1.2', '192.168.1.3']
for target in targets:
results = scanner.scan(target)
print(f"Scanned {target}")
time.sleep(2) # Additional delay between targets
```
### Error Handling and Logging
```python
import logging
from autopentestx import AutoPentestX, ScanException
# Configure logging
logging.basicConfig(
level=logging.INFO,
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
handlers=[
logging.FileHandler('autopentestx.log'),
logging.StreamHandler()
]
)
logger = logging.getLogger('AutoPentestX')
# Initialize scanner
scanner = AutoPentestX()
# Scan with error handling
try:
results = scanner.scan('192.168.1.100')
logger.info("Scan completed successfully")
except ScanException as e:
logger.error(f"Scan failed: {e}")
except Exception as e:
logger.critical(f"Unexpected error: {e}")
finally:
scanner.cleanup()
```
### Integrating with CI/CD Pipelines
```python
#!/usr/bin/env python3
import sys
from autopentestx import AutoPentestX
def ci_security_scan(target, fail_on_high=True):
"""
Run security scan suitable for CI/CD integration
"""
scanner = AutoPentestX()
# Run scan
results = scanner.scan(target)
# Generate report
scanner.generate_report(results, format='json', output='ci_scan_results.json')
# Check severity levels
vulnerabilities = results.get('vulnerabilities', [])
high_severity = [v for v in vulnerabilities if v['severity'] in ['critical', 'high']]
if high_severity and fail_on_high:
print(f"FAILURE: Found {len(high_severity)} high/critical vulnerabilities")
sys.exit(1)
else:
print(f"SUCCESS: Scan completed. Found {len(vulnerabilities)} total findings")
sys.exit(0)
if __name__ == '__main__':
target = sys.argv[1] if len(sys.argv) > 1 else 'localhost'
ci_security_scan(target)
```
## Troubleshooting
### Common Issues and Solutions
**Permission Denied Errors**
```bash
# Run with sudo for privileged operations
sudo python3 autopentestx.py -t 192.168.1.100
# Or adjust capabilities for specific binaries
sudo setcap cap_net_raw+ep /usr/bin/python3
```
**Timeout Issues**
```python
# Increase timeout for slow networks
scanner = AutoPentestX(timeout=900)
# Or configure per-module timeouts
scanner.set_module_timeout('port_scan', 600)
```
**Missing Dependencies**
```bash
# Install system dependencies
sudo apt-get update
sudo apt-get install nmap masscan nikto
# Reinstall Python dependencies
pip install -r requirements.txt --force-reinstall
```
**Network Connectivity Problems**
```python
# Test connectivity before scanning
from autopentestx.utils import check_connectivity
if check_connectivity('192.168.1.100'):
results = scanner.scan('192.168.1.100')
else:
print("Target unreachable")
```
**Memory Issues with Large Scans**
```python
# Enable memory-efficient mode
scanner = AutoPentestX(memory_efficient=True)
# Or process results in chunks
scanner.set_chunk_size(100)
```
## Best Practices
1. **Always obtain proper authorization** before scanning any systems
2. **Use rate limiting** to avoid overwhelming target systems
3. **Store reports securely** with appropriate access controls
4. **Validate targets** before initiating scans
5. **Review results manually** - automated tools may have false positives
6. **Keep the tool updated** for latest vulnerability checks
7. **Use configuration files** for consistent scanning parameters
8. **Log all activities** for audit trails and debugging
## Integration Examples
### Integration with Metasploit
```python
from autopentestx import AutoPentestX
from pymetasploit3.msfrpc import MsfRpcClient
# Run initial scan
scanner = AutoPentestX()
results = scanner.scan('192.168.1.100')
# Extract exploitable vulnerabilities
exploitable = [v for v in results['vulnerabilities'] if v.get('exploitable')]
# Connect to Metasploit
client = MsfRpcClient(os.getenv('MSF_RPC_PASSWORD'), server='127.0.0.1')
# Exploit findings
for vuln in exploitable:
exploit = client.modules.use('exploit', vuln['exploit_path'])
exploit['RHOSTS'] = vuln['target']
exploit.execute()
```
### Webhook Notifications
```python
import requests
from autopentestx import AutoPentestX
scanner = AutoPentestX()
results = scanner.scan('192.168.1.100')
# Send results to webhook
webhook_url = os.getenv('WEBHOOK_URL')
payload = {
'target': '192.168.1.100',
'vulnerabilities_found': len(results['vulnerabilities']),
'severity_summary': results['severity_summary']
}
requests.post(webhook_url, json=payload)
```
Creator's repository · aradotso/security-skills