Share
## https://sploitus.com/exploit?id=29FDB8F1-C4A9-50FC-8CC7-D022D15622DD
```
ββββββ βββ ββββββββββββ βββββββ βββ βββ ββββββ βββββββ βββββββββ
βββββββββββ ββββββββββββββββββββββββ ββββββββββββββββββββββββββββ
βββββββββββ βββ βββ βββ ββββββ βββββββββββββββββββ βββ
βββββββββββ βββ βββ βββ βββββββ βββββββββββββββββββ βββ
βββ ββββββββββββ βββ βββββββββ βββββββ βββ ββββββ βββ
βββ βββ βββββββ βββ βββββββ βββββ βββ ββββββ βββ
```
**Automated Vulnerability Assessment & Penetration Testing Framework**
> **AutoVAPT** is an end-to-end VAPT automation framework that takes a target scope from input to a client-grade PDF report β performing recon, vulnerability scanning, exploit validation, CVSS-based risk scoring, and report generation with zero manual steps.
---
## Table of Contents
- [Overview](#overview)
- [Architecture](#architecture)
- [Features](#features)
- [Prerequisites](#prerequisites)
- [Installation](#installation)
- [Usage](#usage)
- [Output](#output)
- [Lab Setup (DVWA + Metasploitable)](#lab-setup)
- [Configuration](#configuration)
- [Project Structure](#project-structure)
- [Running Tests](#running-tests)
- [Contributing](#contributing)
- [Disclaimer](#disclaimer)
---
## Overview
AutoVAPT automates the complete VAPT engagement lifecycle:
```
Target Input β Recon β Vulnerability Scan β Exploit Validation β Risk Scoring β PDF Report
```
Each phase feeds directly into the next. The final output is a **client-grade PDF** with an executive summary, colour-coded findings, CVSS v3 scores, composite risk scores, and actionable remediation steps β plus a **machine-readable JSON** artefact for SOC platform ingestion.
---
## Architecture
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β main.py (CLI) β
ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β Phase 1 β Recon β
β Nmap Β· DNS enum Β· Shodan API β
βββββββββββββββββ¬ββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β Phase 2 β Vuln Scanner βββββ NVD API (live CVE feed)
β HTTP Β· SSH Β· FTP Β· SMB ... β
βββββββββββββββββ¬ββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β Phase 3 β Exploit Validator βββββ Metasploit RPC / manual PoC
β check() β confirm exploitableβ
βββββββββββββββββ¬ββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β Phase 4 β Risk Scorer β
β CVSS Γ exploitability Γ assetβ
βββββββββββββββββ¬ββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β Phase 5 β Report Generator β
β Executive PDF + JSON β
βββββββββββββββββββββββββββββββββ
```
---
## Features
| Feature | Description |
|---|---|
| **Full pipeline automation** | Recon to report in one command |
| **Live CVE enrichment** | NVD API v2.0 β real-time CVE mapping per finding |
| **Exploit validation** | Metasploit RPC β confirms exploitability, not just detection |
| **Composite risk scoring** | CVSS Γ exploitability weight Γ asset criticality |
| **Multi-service support** | HTTP/S, SSH, FTP, SMB, MySQL, RDP |
| **Professional PDF report** | Executive summary + technical findings + remediation table |
| **JSON output** | Machine-readable for SOC/SIEM ingestion |
| **Configurable intensity** | `low` / `medium` / `high` scan profiles |
| **Shodan integration** | Optional external intelligence enrichment |
| **DNS enumeration** | Subdomain discovery + DNS record mapping |
| **OS fingerprinting** | Via nmap `-O` flag |
| **CI/CD ready** | GitHub Actions: test β lint β pip-audit |
---
## Prerequisites
- **Kali Linux** (recommended) or Debian/Ubuntu
- **Python 3.9+**
- **Nmap** installed and in PATH: `sudo apt install nmap -y`
- **Metasploit Framework** (for exploit validation): `sudo apt install metasploit-framework -y`
- Free **NVD API key** (optional but recommended): https://nvd.nist.gov/developers/request-an-api-key
---
## Installation
```bash
# 1. Clone the repository
git clone https://github.com/yourusername/AutoVAPT.git
cd AutoVAPT
# 2. Install Python dependencies
pip install -r requirements.txt --break-system-packages
# 3. (Optional) Set environment variables
export NVD_API_KEY="your_nvd_api_key_here"
export SHODAN_API_KEY="your_shodan_key_here"
# 4. Verify installation
python main.py --version
```
---
## Usage
### Basic full scan
```bash
python main.py --target 192.168.1.10
```
### Recon only
```bash
python main.py --target 192.168.1.0/24 --mode recon
```
### Full scan, high intensity, skip exploit validation
```bash
python main.py --target 10.0.0.5 --mode full --intensity high --skip-exploit
```
### Custom output directory and JSON only
```bash
python main.py --target example.local --output /tmp/reports --format json
```
### Verbose with custom config
```bash
python main.py --target 192.168.1.10 --config my_config.yaml --verbose
```
### All options
```
usage: AutoVAPT [-h] --target TARGET [--mode {recon,scan,full}]
[--output OUTPUT] [--format {pdf,json,both}]
[--skip-exploit] [--intensity {low,medium,high}]
[--config CONFIG] [--verbose]
Options:
--target, -t Target IP, domain, or CIDR range
--mode, -m recon | scan | full (default: full)
--output, -o Report output directory (default: ./reports)
--format, -f pdf | json | both (default: both)
--skip-exploit Skip Metasploit exploit validation phase
--intensity low | medium | high (default: medium)
--config Path to config.yaml (default: config.yaml)
--verbose, -v Enable verbose/debug output
```
---
## Output
After a successful scan, two files are created in `./reports/`:
```
reports/
βββ autovapt_20240101_120000.pdf β Client-grade PDF report
βββ autovapt_20240101_120000.json β Raw findings (SOC/SIEM format)
```
### PDF Report sections:
1. **Cover page** β Target, date, overall risk rating badge
2. **Executive Summary** β Finding counts by severity, top 3 risks, recon stats
3. **Vulnerability Findings** β Full details per finding: CVSS, composite score, evidence, remediation
4. **Remediation Summary** β Prioritised table for remediation tracking
5. **Appendix A** β Raw recon data: ports, services, DNS records
### Sample JSON structure:
```json
{
"scan_id": "20240101_120000",
"target": "192.168.1.10",
"summary": {
"overall_risk": "HIGH",
"total": 12,
"critical": 1,
"high": 3,
"medium": 6,
"low": 2
},
"risk_scores": [
{
"title": "EternalBlue (MS17-010)",
"cvss_score": 9.8,
"composite_score": 10.0,
"risk_level": "CRITICAL",
"exploit_status": "CONFIRMED",
"cve_ids": ["CVE-2017-0144"],
"remediation": "Apply MS17-010 patch immediately..."
}
]
}
```
---
## Lab Setup
AutoVAPT is designed for use against intentionally vulnerable targets. **Never test against systems you don't own.**
### Recommended test environment (VirtualBox)
```
βββββββββββββββββββββββ Host-Only Network ββββββββββββββββββββββββ
β Kali Linux βββββββββββββββββββββββββββΊβ Metasploitable 2 β
β (attacker) β 192.168.56.0/24 β 192.168.56.101 β
β AutoVAPT runs hereβ β (target) β
βββββββββββββββββββββββ ββββββββββββββββββββββββ
ββββββββββββββββββββββββ
β DVWA β
β 192.168.56.102 β
β (web target) β
ββββββββββββββββββββββββ
```
### Quick setup:
```bash
# Download Metasploitable 2
# https://sourceforge.net/projects/metasploitable/
# Download DVWA via Docker
docker run -d -p 80:80 vulnerables/web-dvwa
# Start Metasploit RPC daemon (required for exploit validation)
msfrpcd -P msf -S -f -a 127.0.0.1
```
---
## Configuration
Edit `config.yaml` to customise scan behaviour:
```yaml
nmap:
timing: T3 # T2 = polite, T3 = normal, T4 = aggressive
top_ports: 1000
nvd_api:
api_key: "" # Set NVD_API_KEY env var instead
metasploit:
host: "127.0.0.1"
port: 55553
password: "msf" # Change this
risk:
asset_criticality: "high" # low | medium | high | critical
```
---
## Project Structure
```
AutoVAPT/
βββ main.py # CLI entry point
βββ config.yaml # Default configuration
βββ requirements.txt
βββ setup.py
βββ LICENSE
βββ README.md
β
βββ autovapt/
β βββ __init__.py
β βββ modules/
β β βββ recon.py # Phase 1: Nmap, DNS, Shodan
β β βββ scanner.py # Phase 2: Vuln checks + NVD CVE mapping
β β βββ exploit_validator.py # Phase 3: Metasploit RPC validation
β β βββ risk_scorer.py # Phase 4: CVSS composite scoring
β β βββ report_generator.py # Phase 5: PDF + JSON output
β βββ utils/
β βββ config.py # YAML config manager
β βββ logger.py # Coloured console + file logger
β βββ nvd_client.py # NVD API v2.0 client
β βββ banner.py # ASCII banner
β
βββ tests/
β βββ test_autovapt.py # pytest unit + integration tests
β
βββ reports/ # Generated reports (gitignored)
βββ logs/ # Scan logs (gitignored)
β
βββ .github/
βββ workflows/
βββ ci.yml # GitHub Actions: test + lint + audit
```
---
## Running Tests
```bash
# Install test dependencies
pip install pytest pytest-cov --break-system-packages
# Run full test suite
pytest tests/ -v
# Run with coverage report
pytest tests/ -v --cov=autovapt --cov-report=term-missing
# Run a specific test class
pytest tests/test_autovapt.py::TestRiskScorer -v
```
---
## Contributing
1. Fork the repository
2. Create a feature branch: `git checkout -b feature/your-feature`
3. Write tests for any new functionality
4. Ensure all tests pass: `pytest tests/ -v`
5. Submit a pull request against `develop`
---
## Disclaimer
> **AutoVAPT is strictly for authorized security testing and educational purposes.**
> Using this tool against any system without explicit written permission from the system owner is illegal under the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalent laws worldwide.
> The author assumes **no liability** for any misuse of this software.
> Always obtain written authorization before conducting any security assessment.
---
Built with β€οΈ for the security community Β· Report a Bug Β· Request a Feature