Skip to main content
AutoPentestX provides several command-line options to customize the penetration testing process. This page documents every available flag with defaults and usage examples.

Required Arguments

Target Specification

-t, --target
string
required
Target IP address or domain name to perform penetration testing againstFormat: IPv4 address or fully qualified domain name (FQDN)Examples:
python3 main.py -t 192.168.1.100
python3 main.py --target example.com

Optional Arguments

Tester Name

-n, --tester-name
string
default:"AutoPentestX Team"
Name of the penetration tester to include in generated reportsThis value appears in:
  • PDF report headers
  • Database scan records
  • Executive summaries
Examples:
python3 main.py -t 192.168.1.100 -n "John Doe"
python3 main.py -t 192.168.1.100 --tester-name "Security Team"
With custom tester name:
python3 main.py -t 192.168.1.100 -n "Red Team - Q1 2026"
PDF Report Output:
╔══════════════════════════════════════════════════╗
║     SECURITY PENETRATION TEST REPORT             ║
║                                                  ║
║  Performed by: Red Team - Q1 2026               ║
║  Target: 192.168.1.100                          ║
║  Date: March 11, 2026                           ║
╚══════════════════════════════════════════════════╝

Safe Mode Control

--no-safe-mode
boolean
default:"false"
Disable safe mode protections (NOT RECOMMENDED)Default Behavior: Safe mode is ENABLED by defaultSafe Mode Protections:
  • Confirmation prompt before scanning
  • Rate limiting on aggressive scans
  • Prevents accidental destructive operations
  • Legal warning displays
Usage:
# Disable safe mode (dangerous)
python3 main.py -t 192.168.1.100 --no-safe-mode
Use --no-safe-mode with extreme caution!Disabling safe mode:
  • Removes confirmation prompts
  • Increases risk of unauthorized scanning
  • May violate compliance requirements
  • Could lead to legal issues
Only disable safe mode when:
  • Running in fully automated CI/CD pipelines
  • Testing in isolated lab environments
  • You have comprehensive authorization

Web Scanning Control

--skip-web
boolean
default:"false"
Skip web vulnerability scanning modules (Nikto and SQLMap)Skipped Modules:
  • Nikto web server scanner
  • SQLMap SQL injection testing
  • Web application fingerprinting
  • CMS vulnerability detection
Use Cases:
  • Target has no web services
  • Time-constrained assessments
  • Network infrastructure focus
  • Web testing handled separately
Usage:
python3 main.py -t 192.168.1.100 --skip-web
Time Savings: 5-10 minutes per scan
When to use --skip-web:Good scenarios:
  • Network devices (routers, switches, firewalls)
  • Database servers without web interfaces
  • Quick reconnaissance sweeps
  • IoT devices without HTTP services
Avoid when:
  • Target runs web applications
  • Testing web servers or APIs
  • Comprehensive assessments required
  • Unknown service landscape

Exploitation Control

--skip-exploit
boolean
default:"false"
Skip exploitation assessment and Metasploit RC script generationSkipped Functionality:
  • CVE exploitability analysis
  • Metasploit module matching
  • RC script generation for manual exploitation
  • Risk-based exploit prioritization
Use Cases:
  • Read-only security assessments
  • Compliance scans
  • Initial reconnaissance
  • Vulnerability enumeration only
Usage:
python3 main.py -t 192.168.1.100 --skip-exploit
Time Savings: 2-5 minutes per scan
Important: Even with --skip-exploit, AutoPentestX still:
  • Performs CVE lookups
  • Calculates risk scores
  • Identifies vulnerabilities
  • Generates comprehensive reports
Only the exploitation assessment phase is skipped.

Version Information

--version
boolean
Display AutoPentestX version number and exitUsage:
python3 main.py --version
Output:
AutoPentestX v1.0

Help Display

-h, --help
boolean
Show help message with all available options and exitUsage:
python3 main.py --help
python3 main.py -h

Option Combinations

Speed-Optimized Scanning

python3 main.py -t 192.168.1.100 --skip-web --skip-exploit

Customized Testing Scenarios

# Router/Switch/Firewall Assessment
python3 main.py -t 192.168.1.1 \
  --skip-web \
  --skip-exploit \
  -n "Network Security Audit"
Rationale:
  • Network devices rarely run web applications
  • Exploitation may disrupt network operations
  • Focus on configuration and service hardening

Advanced Usage Patterns

Automated Scanning

#!/bin/bash
# Automated scanning script for multiple targets

TARGETS=("192.168.1.100" "192.168.1.101" "192.168.1.102")
TESTER="Automated Security Scanner"

for target in "${TARGETS[@]}"; do
  echo "[*] Scanning $target..."
  python3 main.py -t "$target" \
    -n "$TESTER" \
    --no-safe-mode \
    --skip-exploit
  
  echo "[✓] Completed: $target"
  echo "-----------------------------------"
done

echo "[✓] All scans complete. Check reports/ directory."
Automation Considerations:
  • Use --no-safe-mode to bypass interactive prompts
  • Implement proper authorization checks
  • Add logging and error handling
  • Consider rate limiting between scans
  • Ensure sufficient disk space for reports

CI/CD Integration

# GitLab CI Example
security_scan:
  stage: test
  image: python:3.10
  script:
    - cd AutoPentestX
    - ./install.sh
    - source venv/bin/activate
    - python3 main.py -t staging.example.com \
        --no-safe-mode \
        --skip-exploit \
        -n "CI/CD Security Pipeline"
  artifacts:
    paths:
      - reports/*.pdf
      - database/autopentestx.db
    expire_in: 30 days
  only:
    - develop
    - main

Wrapper Script with Options

The autopentestx.sh wrapper script accepts the same options: 
# Using wrapper script
./autopentestx.sh 192.168.1.100 --skip-web -n "Security Team"

# Equivalent Python command
python3 main.py -t 192.168.1.100 --skip-web -n "Security Team"
Wrapper Script Benefits:
  • Automatic virtual environment handling
  • Enhanced logging to logs/ directory
  • Legal warning display
  • Exit code handling
  • Timestamped log files

Option Summary Table

FlagShortTypeDefaultRequiredDescription
--target-tstring-✅ YesTarget IP or domain
--tester-name-nstringAutoPentestX Team❌ NoTester name for reports
--no-safe-mode-booleanfalse❌ NoDisable safety checks
--skip-web-booleanfalse❌ NoSkip Nikto/SQLMap
--skip-exploit-booleanfalse❌ NoSkip exploitation
--version-boolean-❌ NoShow version
--help-hboolean-❌ NoShow help message

Environment Variables

AutoPentestX does not currently support environment variable configuration. All options must be specified via command-line flags.
Feature Request: If you need environment variable support for CI/CD integration, please open an issue on the GitHub repository.

Error Handling

Missing Required Argument

python3 main.py
Error: 
usage: main.py [-h] -t TARGET [-n TESTER_NAME] [--no-safe-mode]
               [--skip-web] [--skip-exploit] [--version]
main.py: error: the following arguments are required: -t/--target

Invalid Option

python3 main.py -t 192.168.1.100 --invalid-flag
Error: 
main.py: error: unrecognized arguments: --invalid-flag

Conflicting Options

There are no conflicting options in AutoPentestX. All flags can be combined freely.

Best Practices

  • Always use -n flag for audit trail documentation
  • Start with --skip-exploit in production environments
  • Use --skip-web for non-HTTP services
  • Keep safe mode enabled unless automating
  • Review --help output before complex scans
  • Document authorization for each target

Examples

Real-world command examples

Target Specification

How to specify scan targets

Safe Mode

Understand safety mechanisms

Automation

CI/CD and scripting integration

Build docs developers (and LLMs) love

Get started for freeTalk to us