Share
## https://sploitus.com/exploit?id=674BA3B1-F2D6-51AA-8AD0-31F3ED443D70
# PentestAI
Autonomous penetration testing framework for intentionally vulnerable lab environments. Chains nmap โ nikto โ sqlmap โ custom probes (XSS, CSRF, unrestricted upload) into a single pipeline, scores findings with CVSS 3.1, builds an attack graph, and generates an HTML report.
> **For authorised lab use only.** Never point this at systems you do not own.
---
## Features
- **Network enumeration** โ nmap service/version scan, flags known dangerous services (vsftpd backdoor, exposed MySQL)
- **Web surface scan** โ nikto subprocess + direct HTTP header checks
- **SQL injection** โ sqlmap REST API with error-pattern fallback
- **XSS** โ reflected and stored, 7-payload context coverage
- **CSRF** โ token-presence check + live exploit attempt
- **File upload** โ MIME spoofing, double extension, case bypass, null-byte probes
- **CVSS 3.1 scoring** โ per-finding base score + severity label
- **Attack graph** โ D3.js force-directed graph showing exploitation chains
- **HTML report** โ dark-themed, self-contained, auto-saved to `reports/`
- **Flask dashboard** โ web UI with live progress, past reports, D3.js graph
## Supported Targets
| Target | Default URL |
|---|---|
| DVWA | `http://localhost:8888/dvwa/` |
| Juice Shop | `http://localhost:3000/` |
| bWAPP | `http://localhost:8080/bWAPP/` |
| Metasploitable | configured via `config/targets.yaml` |
## Quick Start
```bash
# Clone
git clone https://github.com/Ichchha13/pentestai.git
cd pentestai
# Create venv (Python 3.11+)
python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt
# Start a lab target (Docker)
docker run -d -p 8888:80 --name dvwa vulnerables/web-dvwa
# Visit http://localhost:8888/setup.php โ Create / Reset Database
# Run a scan
python __main__.py --target dvwa --mode full
# Open the report
open reports/*.html
```
## Dashboard
```bash
python dashboard/app.py
# Open http://localhost:5000
```
The dashboard exposes a REST API (`/api/scan`, `/api/status`, `/api/result`, `/api/reports`) and a web UI with live scan progress.
## CLI Usage
```
python __main__.py --target dvwa --mode full
python __main__.py --host 192.168.1.10 --port 80 --path /app/ --mode web_only
python __main__.py --target juice_shop --mode web_only
```
| Flag | Description |
|---|---|
| `--target` | Named target from `config/targets.yaml` |
| `--host` | Manual IP / hostname |
| `--port` | Port (default 80) |
| `--path` | App root path (default `/`) |
| `--mode` | `full` \| `web_only` \| `network_only` |
| `--output` | Report output directory (default `reports/`) |
## Project Structure
```
pentestai/
โโโ __main__.py # CLI entry point
โโโ core/
โ โโโ scanner.py # Scan pipeline orchestrator
โ โโโ findings.py # Finding + ScanResult data models
โ โโโ risk_model.py # CVSS 3.1 scorer
โ โโโ attack_graph.py # D3.js attack graph builder
โโโ modules/
โ โโโ nmap_module.py # Port/service scan
โ โโโ nikto_module.py # Web surface + header checks
โ โโโ sqlmap_module.py # SQL injection
โ โโโ xss_probe.py # Reflected + stored XSS
โ โโโ csrf_probe.py # CSRF token checks
โ โโโ upload_probe.py # File upload bypass probes
โโโ dashboard/
โ โโโ app.py # Flask dashboard + REST API
โ โโโ templates/
โ โโโ dashboard.html
โโโ report/
โ โโโ generator.py # HTML report renderer
โโโ config/
โ โโโ targets.yaml # Lab target definitions
โโโ tests/
โโโ test_risk_model.py
```
## Running Tests
```bash
pytest tests/ -v
```
## System Requirements
- Python 3.11+
- `nmap` (optional โ skipped gracefully if missing)
- `nikto` (optional โ header checks still run via requests)
- `sqlmap` (optional โ falls back to error-pattern detection)
## Disclaimer
This tool is designed for security education and authorised penetration testing of intentionally vulnerable environments (DVWA, Juice Shop, bWAPP, Metasploitable). Using it against systems without explicit written permission is illegal.