Skip to main content
This guide walks you through running your first penetration test with AutoPentestX. You’ll learn the essential commands and what to expect during a basic scan.

Prerequisites

Before running a scan, ensure you have:
Completed the installation process
Activated the virtual environment
Obtained written authorization to test the target system
Legal Requirement: You MUST have explicit written authorization before scanning any target. Unauthorized access to computer systems is a federal crime.

Basic Scan Command

The simplest way to run a scan is with the -t (target) flag: 
python3 main.py -t 192.168.1.100

Authorization Prompt

When you run AutoPentestX, you’ll see a legal warning prompt:
Terminal Output
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
⚠️  [LEGAL WARNING] - AUTHORIZATION REQUIRED ⚠️
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

╔══════════════════════════════════════════════════════════════════╗
║ You are about to deploy an automated penetration testing tool.  ║
║ This weapon should ONLY be used on:                             ║
║   • Systems you own                                             ║
║   • Systems with explicit written authorization                 ║
║                                                                 ║
║ Unauthorized system access = FEDERAL CRIME                      ║
║ Punishment: Fines + Imprisonment                                ║
╚══════════════════════════════════════════════════════════════════╝

> Do you have authorization to test this target? (yes/no):
Type yes to proceed with the scan.

Understanding the Scan Phases

A basic scan runs through 7 phases automatically:
1

Database Initialization

AutoPentestX creates a unique scan ID and initializes the SQLite database to store results.
[PHASE 1] ▶ Initializing attack sequence...
[✓] Mission ID: 1 | Status: ACTIVE
2

Network Reconnaissance

Nmap performs a comprehensive port scan to discover open ports and services.
[PHASE 2] ▶ Network reconnaissance in progress...
[✓] Phase 2 complete - 15 ports discovered
3

Vulnerability Analysis

Nikto and SQLMap scan web services for common vulnerabilities.
[PHASE 3] ▶ Vulnerability analysis initiated...
[✓] Detected web service: http://192.168.1.100:80
[*] Running Nikto scan on http://192.168.1.100:80...
[✓] Nikto scan completed: 7 vulnerabilities found
4

CVE Intelligence Lookup

Matches detected services against the CVE database for known vulnerabilities.
[PHASE 4] ▶ Accessing CVE intelligence database...
[*] Checking CVE database for: Apache 2.4.41
[✓] CVE lookup completed: 3 CVEs identified
5

Risk Assessment

Calculates overall risk scores and prioritizes findings.
[PHASE 5] ▶ Computing threat matrix...
[*] Calculating risk scores for 15 findings...
[✓] Risk assessment complete - Overall risk: MEDIUM
6

Exploitation Simulation

Identifies potential exploits and generates Metasploit resource scripts (safe mode enabled by default).
[PHASE 6] ▶ Exploit simulation [SAFE MODE]...
[*] Running in SAFE MODE - No actual exploitation will occur
[✓] Metasploit RC script saved: exploits/exploit_192.168.1.100_21_20240311_143022.rc
7

Report Generation

Compiles all findings into a professional PDF report.
[PHASE 7] ▶ Compiling classified intelligence report...
[*] Building PDF document...
[✓] Report saved to: reports/AutoPentestX_Report_192_168_1_100_20240311_143045.pdf

Scan Completion Summary

After all phases complete, you’ll see a mission summary:
Terminal Output
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
█████████████████ MISSION COMPLETE █████████████████
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

╔══════════════════════════════════════════════════════════════════╗
║ [OPERATION SUMMARY]                                            ║
╠══════════════════════════════════════════════════════════════════╣
║ ► Target: 192.168.1.100
║ ► Mission ID: 1
║ ► Duration: 1247.23s (20.79 min)
║ ► Timestamp: 2026-03-11 14:30:45
╚══════════════════════════════════════════════════════════════════╝

╔══════════════════════════════════════════════════════════════════╗
║ [INTELLIGENCE GATHERED]                                       ║
╠══════════════════════════════════════════════════════════════════╣
║ ► Open Ports: 15
║ ► Services Detected: 12
║ ► Total Vulnerabilities: 23
║ ► Web Vulnerabilities: 7
║ ► SQL Injection Points: 0
║ ► CVEs Identified: 3
║ ► Overall Risk Level: MEDIUM
║ ► Risk Score: 45.80
╚══════════════════════════════════════════════════════════════════╝

╔══════════════════════════════════════════════════════════════════╗
║ [CLASSIFIED DATA STORAGE]                                     ║
╠══════════════════════════════════════════════════════════════════╣
║ ► PDF Report: reports/AutoPentestX_Report_192_168_1_100_20240311_143045.pdf
║ ► Database: database/autopentestx.db
║ ► Logs: logs/
╚══════════════════════════════════════════════════════════════════╝

Customizing Your Scan

Add Your Name to the Report

Include your name in the generated PDF report: 
python3 main.py -t 192.168.1.100 -n "Jane Smith"

Quick Scan (Skip Web Vulnerabilities)

Speed up scans by skipping Nikto and SQLMap: 
python3 main.py -t 192.168.1.100 --skip-web
Using --skip-web reduces scan time from 20-30 minutes to 10-20 minutes.

Viewing Your Results

PDF Report

Open the generated PDF report: 
xdg-open reports/AutoPentestX_Report_*.pdf
The report contains:
  • Executive summary with overall risk assessment
  • Complete port and service inventory
  • Detailed vulnerability findings
  • CVE mappings with CVSS scores
  • Exploitation feasibility analysis
  • Prioritized remediation recommendations

Database Query

Query the SQLite database for specific information: 
sqlite3 database/autopentestx.db "SELECT * FROM scans;"

Logs

Check detailed execution logs: 
ls -lh logs/
cat logs/nikto_192.168.1.100_*.json

Common Issues

Some scans require root privileges:
sudo python3 main.py -t 192.168.1.100
Always activate the virtual environment first, even with sudo.
If scanning takes too long, interrupt with Ctrl+C:
[!] MISSION ABORT - Operator initiated shutdown
The scan status will be marked as ‘interrupted’ in the database.
Ensure all dependencies are installed:
sudo apt-get install nmap nikto sqlmap
pip install -r requirements.txt

Next Steps

Advanced Scanning

Learn about advanced flags and performance tuning

Understanding Reports

Deep dive into PDF report structure and interpretation

Build docs developers (and LLMs) love

Get started for freeTalk to us