Skip to main content

Scan Options

AutoPentestX provides several command-line options to customize scan behavior and control which phases execute during a penetration test.

Basic Usage

python main.py -t <target> [OPTIONS]

Required Arguments

-t, --target
string
required
Target IP address or domain name to scanExamples:
  • 192.168.1.100
  • example.com
  • 10.0.0.1

Optional Arguments

Tester Information

-n, --tester-name
string
default:"AutoPentestX Team"
Name of the penetration tester to include in reportsExample:
python main.py -t 192.168.1.100 -n "John Doe"

Safety Controls

--no-safe-mode
flag
Disable safe mode to allow actual exploitation attempts
Safe mode is enabled by default and HIGHLY RECOMMENDED. Disabling safe mode may cause damage to target systems. Only use on authorized test environments.
Default behavior:
  • Safe mode: ENABLED (exploitation is simulated only)
  • With --no-safe-mode: Actual exploitation attempts may be performed
Example:
python main.py -t 192.168.1.100 --no-safe-mode

Scan Phase Controls

--skip-web
flag
Skip web vulnerability scanning (Nikto and SQLMap)Use this flag to save time when:
  • Target has no web services
  • Web scanning is not in scope
  • Quick reconnaissance scan needed
What gets skipped:
  • Nikto web server scanner
  • SQLMap SQL injection testing
  • Web crawling and analysis
Example:
python main.py -t 192.168.1.100 --skip-web
--skip-exploit
flag
Skip exploitation assessment phaseUse this flag when:
  • Only reconnaissance and vulnerability assessment needed
  • Client agreement prohibits exploitation attempts
  • Time-constrained scanning
What gets skipped:
  • Exploit matching
  • Metasploit integration
  • Exploitation simulation
  • RC script generation
Example:
python main.py -t 192.168.1.100 --skip-exploit

Version Information

--version
flag
Display AutoPentestX version and exitExample:
python main.py --version
# Output: AutoPentestX v1.0
-h, --help
flag
Show help message with all available options and examplesExample:
python main.py --help

Scan Phases

AutoPentestX executes the following phases during a full assessment:

Phase 1: Database Initialization

  • Creates scan record in database
  • Assigns unique mission ID
  • Status: ACTIVE

Phase 2: Network Reconnaissance

  • Port scanning (TCP/UDP)
  • Service detection
  • OS fingerprinting
  • Version detection

Phase 3: Vulnerability Analysis

  • Nikto web server scanning (unless --skip-web)
  • SQLMap SQL injection testing (unless --skip-web)
  • Web crawling and analysis

Phase 4: CVE Intelligence

  • CVE lookup for detected services
  • CVSS scoring
  • Exploit availability check

Phase 5: Risk Assessment

  • CVSS threshold analysis
  • Risk score calculation
  • Severity classification
  • Overall risk level determination

Phase 6: Exploitation Assessment

  • Exploit matching (unless --skip-exploit)
  • Safe mode simulation by default
  • Metasploit resource script generation

Phase 7: Report Generation

  • PDF report creation
  • JSON data export
  • Database updates
  • Final summary display

Usage Examples

# Scan target with default settings (safe mode enabled)
python main.py -t 192.168.1.100

Authorization Requirements

AutoPentestX requires explicit authorization before scanning any target.
When you run AutoPentestX, you will see a legal warning and authorization prompt: 
⚠️  [LEGAL WARNING] - AUTHORIZATION REQUIRED ⚠️

You are about to deploy an automated penetration testing tool.
This weapon should ONLY be used on:
  • Systems you own
  • Systems with explicit written authorization

Unauthorized system access = FEDERAL CRIME
Punishment: Fines + Imprisonment

By continuing, you confirm proper authorization to test.

> Do you have authorization to test this target? (yes/no):
You must type yes or y to proceed with the scan.

Default Values Summary

OptionDefault ValueDescription
--targetRequiredTarget IP or domain
--tester-nameAutoPentestX TeamTester name in reports
Safe ModeEnabledPrevents actual exploitation
Web ScanningEnabledCan disable with --skip-web
ExploitationEnabledCan disable with --skip-exploit

Configuration File

CLI flags override configuration file settings. For persistent configuration changes, edit config.json.
See Configuration Settings for details on:
  • Scan timeouts
  • Port ranges
  • CVE API endpoints
  • Risk scoring thresholds
  • Output directories

Output Locations

Scan results are stored in multiple locations:
Output TypeDefault LocationDescription
PDF Reportsreports/Generated penetration test reports
Databasedatabase/autopentestx.dbSQLite database with scan data
Logslogs/Application logs and debug info
Exploitsexploits/Generated Metasploit RC scripts

Performance Considerations

Scan Duration Factors

  1. Number of open ports: More services = longer scan time
  2. Web vulnerability scanning: Nikto and SQLMap can be time-intensive
  3. Network latency: Remote targets take longer than local networks
  4. CVE lookup: Dependent on API response times

Time-Saving Options

# Fastest scan (skip web and exploit phases)
python main.py -t 192.168.1.100 --skip-web --skip-exploit

# Typical scan time:
# - Full scan: 10-30 minutes
# - Skip web: 5-15 minutes
# - Skip both: 2-8 minutes

Error Handling

AutoPentestX gracefully handles:
  • Invalid targets: DNS resolution failures
  • Network errors: Timeouts and connection issues
  • Interrupted scans: Ctrl+C saves partial results
  • Permission errors: Missing root/admin privileges
Interrupted scans are marked with status interrupted in the database and can be reviewed later.

Build docs developers (and LLMs) love

Get started for freeTalk to us