AutoPentestX: An Automated Linux Penetration Testing Toolkit for Faster Red‑Team Assessments

Tool Overview

AutoPentestX, created by Gowtham Darkseid and released in November 2025, is an open‑source automated penetration testing framework targeting Kali Linux, Ubuntu and other Debian‑based distributions. A single command initiates a full security assessment.

Key Features

High automation : complete workflow with one command.

Integrated tools : Nmap, Nikto, SQLMap, Metasploit, CVE‑CIRCL, ReportLab.

Professional report output : automatic PDF generation.

Database persistence : results stored in SQLite for historical analysis.

Non‑destructive testing : all actions logged for compliance.

Technical Architecture

The framework uses a modular design that wraps mature security tools. Integration details include:

Nmap – port scanning, OS detection, service enumeration (via python‑nmap library).

Nikto – web server vulnerability detection (executed as a subprocess).

SQLMap – SQL injection testing (executed as a subprocess).

Metasploit – vulnerability exploitation simulation (RC script generation).

CVE CIRCL – vulnerability database lookup (REST API calls).

ReportLab – PDF report generation (Python library).

Workflow

TargetIP → OS detection → Port scan → Service enumeration → Vulnerability detection → CVE lookup → Risk scoring → PDF report

The tool calls Nmap via python‑nmap, runs Nikto and SQLMap for web testing, queries CVE data using CVSS for risk scoring, stores results in SQLite, and can launch Metasploit RC scripts for manual exploitation without causing actual damage.

Installation & Usage

System Requirements

Python 3.8+

root/sudo privileges

Pre‑installed Nmap and other base tools

Installation Steps

# Clone repository
git clone https://github.com/Gowtham-Darkseid/AutoPentestX.git
cd AutoPentestX
# Run install script (auto‑installs dependencies)
sudo ./install.sh
# Or create virtual environment manually
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Basic Usage

# Full scan with PDF report
sudo ./autopentestx.sh <targetIP>
# Skip web scanning
sudo ./autopentestx.sh <targetIP> --skip-web
# Specify author name
sudo ./autopentestx.sh <targetIP> --author "SecurityTeam"

Results are saved under reports/, logs/ and database/. Scan duration ranges from 5 to 30 minutes depending on target size.

Report Output

The generated PDF contains an executive summary, risk classification by CVSS score, remediation suggestions, open‑port tables, detailed CVE information, and weighted risk scores. All data are persisted for historical analysis and can be exported as JSON.

Legal Disclaimer & Compliance

AutoPentestX is intended only for authorized testing. Users must ensure their activities comply with local laws and regulations.

Applicable Scenarios

Authorized penetration testing projects

Enterprise internal security assessments

CTF training environments

Security research

Prohibited Scenarios

Unauthorized network scanning

Unpermitted vulnerability exploitation

Any illegal intrusion

Future Development Plans

Support for simultaneous multi‑target scanning

Machine‑learning based vulnerability prioritization

Web‑based management interface

Cloud‑native deployment support

Additional CVE data source integrations

Conclusion

AutoPentestX consolidates multiple mature security tools into a modular, Linux‑focused platform, greatly simplifying the penetration testing workflow and boosting red‑team efficiency. Nevertheless, proper authorization and expert interpretation of results remain essential.