Custom script (python) for easy, basic pattern, low difficult automated penetration test, w2hack, 2020/2025
This project is a Python-based automated penetration testing tool designed to streamline the process of assessing the security of a target system. The script performs various tasks, including (1) information gathering, (2) reconnaissance, (3) discovery and scanning, (4) vulnerability assessment, (5) exploitation if possible, and final (6) analysis (reporting). It integrates multiple tools to automate the scanning and testing process, making it easier for security professionals to identify and exploit vulnerabilities.
Features ✅ Update CVE Database: Fetches the latest Common Vulnerabilities and Exposures (CVE) from an API for use in vulnerability assessment. ✅ Information Gathering: Collects basic information about the target using tools like whois, nslookup, dig, etc. ✅ Reconnaissance: Uses nmap and nikto (optional) to discover services and potential vulnerabilities. ✅ Discovery and Scanning: Performs a full port scan using nmap and a directory brute-force attack using dirb. ✅ Vulnerability Assessment: Evaluates the target against known CVEs using nmap scripts and performs an OWASP ZAP scan (web app only). ✅ Exploitation: Attempts to exploit discovered vulnerabilities using msfconsole and brute-force attacks with hydra. ✅ Final Analysis and Review: Reviews the collected data, analyzes open ports and services, and summarizes the findings. ✅ Report: Compiles the results into a comprehensive report for further analysis (auto coloring, etc).
Requirements Python 3.x + requests library BeautifulSoup4 library subprocess library ❗️Various external tools like whois, nslookup, dig, fierce, nmap, nikto, dirb, msfconsole, hydra, and zap-cli (w3af) should be installed before run the script ❗️
Clone this repository \ unpack the tar
git clone https://github.com/D3One/Automated-Penetration-Testing-Script_v1.git cd automated-penetration-testing_v1
sudo pip install -r requirements.txt
Ensure that all the external tools (whois, nmap, etc.) are installed and accessible in your system's PATH.
sudo apt-get install whois dnsutils fierce nmap nikto dirb hydra zaproxy
Run the script:
python scanner.py
Enter the target IP address or domain when prompted.
enjoy it! :)
#tools #pentest