AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command.
Developed by Gowtham Darkseid and released in November 2025, it generates professional PDF reports while emphasizing safe, non-destructive testing.
AutoPentestX targets Kali Linux, Ubuntu, and Debian-based distributions, automating OS detection, port scanning, service enumeration, and vulnerability checks.
It integrates Nmap for network scans, Nikto and SQLMap for web testing, and CVE lookups for risk scoring based on CVSS metrics. The toolkit stores results in an SQLite database and supports Metasploit RC scripts for manual exploitation review without actual harm.
| Tool | Purpose | Integration Method |
|---|---|---|
| Nmap | Port/OS scanning, service enum | python-nmap library |
| Nikto | Web server vulnerabilities | Subprocess execution |
| SQLMap | SQL injection detection | Subprocess execution |
| Metasploit | Exploit simulation | RC script generation |
| CVE CIRCL | Vulnerability database queries | REST API calls |
| ReportLab | PDF report generation | Python library |
This table highlights the modular design, allowing skips for web scans or exploits via command flags.
Installation requires Python 3.8+, root access, and tools like Nmap. Users clone the repo, run ./install.sh for dependencies, or opt for manual venv setup with pip install -r requirements.txt.
Usage is simple: ./autopentestx.sh launches full scans, outputting to reports/, logs/, and database/ directories.
Options include --no-safe-mode (not recommended), --skip-web, and custom tester names. Scans take 5-30 minutes, producing PDFs with executive summaries, risk classifications (CRITICAL: CVSS 9.0+), and remediation advice.
Reports feature open ports tables, CVE details, and weighted scores factoring exploitability. Data persists for historical analysis, with JSON exports for integration. Safe mode ensures no disruption, logging all actions for audits.
Strictly for authorized testing, it includes disclaimers against unauthorized use and compliance with laws. Future plans include multi-target support and ML predictions.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
