Skip to main content

Your First Scan

This guide will walk you through running your first security assessment with AutoPentestX.
CRITICAL: Only scan systems you own or have explicit written authorization to test. Unauthorized scanning is illegal.

Quick Start Sequence

1

Enter the Project Directory

Navigate to the AutoPentestX installation:
cd AutoPentestX
2

Activate Virtual Environment

Activate the Python virtual environment:
source venv/bin/activate
You should see (venv) in your terminal prompt.
3

Launch Your First Scan

Run a basic scan on localhost (safe for testing):
python3 main.py -t 127.0.0.1 --skip-web --skip-exploit
This performs a quick reconnaissance scan without web testing or exploitation.
4

Review the Results

When the scan completes, check the generated report:
# List reports
ls -lh reports/

# Open the PDF report
xdg-open reports/AutoPentestX_Report_*.pdf

Command Reference

Basic Usage

python3 main.py -t <target> [options]

Essential Options

OptionDescriptionExample
-t, --targetTarget IP or domain (required)-t 192.168.1.100
-n, --tester-nameYour name for the report-n "John Doe"
--skip-webSkip Nikto and SQLMap scans--skip-web
--skip-exploitSkip exploitation phase--skip-exploit
--no-safe-modeDisable safety protections--no-safe-mode
--helpShow help message--help
--versionShow version info--version

Common Scanning Scenarios

# Complete penetration test with all modules
python3 main.py -t 192.168.1.100

Scan Modes Explained

Mode 1: Lightning Strike (5-10 min)

Use case: Quick reconnaissance for initial assessment 
python3 main.py -t TARGET --skip-web --skip-exploit
Performs: Port scanning, service detection, OS fingerprinting
Skips: Web testing, SQL injection, exploitation
Best for: Rapid network mapping, time-sensitive assessments

Mode 2: Tactical Assault (10-20 min)

Use case: Standard vulnerability assessment without exploitation 
python3 main.py -t TARGET --skip-exploit
Performs: Full network scan, Nikto web testing, SQLMap injection testing, CVE lookup
Skips: Exploit simulation
Best for: Vulnerability discovery, compliance scanning

Mode 3: Total Assessment (20-30+ min)

Use case: Complete penetration test with exploit matching 
python3 main.py -t TARGET
Performs: All scanning + Metasploit exploit matching and RC script generation
Skips: Nothing (full assessment)
Best for: Comprehensive security audits, red team exercises

Understanding the Output

AutoPentestX creates multiple outputs during each scan:

Console Output

The tool displays real-time progress through 7 phases: 
╔══════════════════════════════════════════════════════════════════╗
 [PHASE 1] Initializing attack sequence...
╚══════════════════════════════════════════════════════════════════╝
[✓] Mission ID: 1 | Status: ACTIVE

╔══════════════════════════════════════════════════════════════════╗
 [PHASE 2] Network reconnaissance in progress...
╚══════════════════════════════════════════════════════════════════╝

Final Summary

When complete, you’ll see a mission summary: 
╔══════════════════════════════════════════════════════════════════╗
 [OPERATION SUMMARY]
╠══════════════════════════════════════════════════════════════════╣
 Target: 192.168.1.100
 Mission ID: 1
 Duration: 847.23s (14.12 min)
 Open Ports: 5
 Total Vulnerabilities: 12
 Overall Risk Level: HIGH
╚══════════════════════════════════════════════════════════════════╝

Generated Files

PDF Report

Location: reports/AutoPentestX_Report_<timestamp>.pdfProfessional report with:
  • Executive summary
  • Vulnerability details
  • Risk assessment
  • Remediation steps

SQLite Database

Location: database/autopentestx.dbComplete scan data:
  • Scan history
  • Port information
  • Vulnerability records
  • Exploit attempts

Execution Logs

Location: logs/Detailed logs:
  • Scan timestamps
  • Tool output
  • Error messages
  • Debug traces

Exploit Scripts

Location: exploits/Metasploit RC files:
  • Matched exploits
  • Attack vectors
  • Manual testing scripts

Accessing Report Data

View PDF Report

# List all reports
ls reports/

# Open latest report (Linux)
xdg-open reports/AutoPentestX_Report_*.pdf

Query Database

# Open database
sqlite3 database/autopentestx.db

# View all scans
SELECT * FROM scans;

# View vulnerabilities from latest scan
SELECT * FROM vulnerabilities WHERE scan_id = 1;

# Exit
.quit

Check Logs

# List log files
ls logs/

# View latest log
tail -f logs/*.log

Example Workflow

Here’s a complete operation from start to finish:
1

Prepare

cd AutoPentestX
source venv/bin/activate
2

Execute Scan

python3 main.py -t 192.168.1.100 -n "Security Team"
You’ll be prompted to confirm authorization:
> Do you have authorization to test this target? (yes/no): yes
3

Monitor Progress

Watch the 7 phases execute:
  • Phase 1: Initialization
  • Phase 2: Network Reconnaissance
  • Phase 3: Vulnerability Analysis
  • Phase 4: CVE Intelligence
  • Phase 5: Risk Assessment
  • Phase 6: Exploit Simulation
  • Phase 7: Report Generation
4

Review Results

# Open the PDF report
xdg-open reports/AutoPentestX_Report_*.pdf

# Query specific data
sqlite3 database/autopentestx.db "SELECT * FROM scans;"
5

Clean Up

# Deactivate virtual environment
deactivate

Troubleshooting

Permission Errors

Many scanning operations require root privileges: 
# Run with sudo
sudo python3 main.py -t TARGET
When using sudo, make sure to activate the virtual environment first, or use the full path to the Python interpreter in the venv.

Virtual Environment Not Activated

If you see module import errors: 
# Activate the environment
source venv/bin/activate

# Verify activation (should show venv path)
which python3

# Reinstall if needed
pip install -r requirements.txt

Missing Tools

If Nmap, Nikto, or SQLMap are not found: 
# Verify tools are installed
which nmap nikto sqlmap

# Reinstall missing tools
sudo apt-get install nmap nikto sqlmap

Report Generation Failed

If PDF generation fails: 
# Upgrade reportlab
pip install --upgrade reportlab pillow

# Verify installation
python3 -c "from reportlab.lib.pagesizes import letter; print('OK')"

Metasploit Errors

If you see Metasploit-related errors: 
# Skip exploitation if Metasploit not installed
python3 main.py -t TARGET --skip-exploit

Best Practices

Before Scanning

✅ Obtain written authorization
✅ Document the scope
✅ Verify target IP/domain
✅ Read legal disclaimers

During Scanning

✅ Monitor progress
✅ Be aware of network impact
✅ Respect time windows
✅ Keep logs for documentation

After Scanning

✅ Review PDF report thoroughly
✅ Validate findings
✅ Share with authorized parties only
✅ Follow up on remediation

Security

✅ Store reports securely
✅ Don’t share credentials
✅ Use safe mode by default
✅ Report responsibly

Quick Reference Cheatsheet

# ┌──────────────────────────────────────────────────────┐
# │ AutoPentestX Quick Commands                          │
# └──────────────────────────────────────────────────────┘

# Full scan
python3 main.py -t <target>

# Quick recon
python3 main.py -t <target> --skip-web --skip-exploit

# Custom tester name
python3 main.py -t <target> -n "Your Name"

# View reports
ls reports/

# Query database
sqlite3 database/autopentestx.db "SELECT * FROM scans;"

# Help
python3 main.py --help

Next Steps

Advanced Configuration

Learn about custom scan profiles and advanced options

Interpreting Results

Understand risk scores, CVSS ratings, and remediation priorities

Metasploit Integration

Use generated RC scripts for manual exploitation testing

CI/CD Integration

Automate security testing in your development pipeline
Remember: AutoPentestX is a powerful tool. Always:
  • Get authorization before testing
  • Use safe mode by default
  • Handle data responsibly
  • Follow responsible disclosure practices

Build docs developers (and LLMs) love

Get started for freeTalk to us