AutoPent is a one of its kind, AI-powered penetration testing framework designed to automate the complete security testing lifecycle. It combines reconnaissance, vulnerability scanning, exploitation, privilege escalation, AI-driven analysis, and automated reporting into a single integrated platform.
Unlike traditional tools, AutoPent leverages LLM (LLaMA 3.1) to provide intelligent recommendations, generate remediation steps, and analyze vulnerabilities dynamically.
- Automated Reconnaissance – Domain, subdomain, and service discovery.
- Vulnerability Scanning – Automated scans using Nmap, OpenVAS, and custom scripts.
- Exploitation Engine – Metasploit-based automated exploitation with controlled payloads.
- Privilege Escalation – Post-exploitation privilege escalation & persistence detection.
- AI Security Analysis – LLaMA 3.1 for intelligent vulnerability assessment & mitigation strategies.
- Automated Reports – Professional, compliance-ready PDF/HTML reports.
- Interactive GUI – PyQt5-based dashboard for intuitive control and monitoring.
AutoPent is a first-of-its-kind framework that redefines automated offensive security.
-
First-of-its-Kind Framework: It introduces a new category of security tooling by bridging the gap between static scanning and dynamic, intelligent analysis.
-
True End-to-End Integration: AutoPent is a single, seamless framework that manages the entire offensive security workflow, including:
- Reconnaissance
- Multi-layered scanning
- Automated exploitation
- Privilege escalation
- AI-driven reporting
-
AI-Powered Decision Making: It is the first open-source framework to use a Large Language Model (LLaMA 3.1) at its core. This allows it to:
- Understand vulnerabilities in context.
- Prioritize risks intelligently.
- Generate actionable remediation strategies.
-
From Data to Intelligence: The AI engine processes raw scan data and correlates findings to transform security "noise" into a clear, prioritized list of exploitable threats.
-
Unified Command Center: It features an intuitive PyQt5 GUI that acts as a single dashboard for managing complex penetration tests, making advanced security accessible without juggling multiple command-line tools.
-
Languages: Python 3.11
-
Frameworks: PyQt5, Flask (for backend APIs)
-
Libraries:
- Recon:
scapy,sublist3r,shodan - Scanning:
nmap,openvas_lib - Exploitation:
msfrpc,pwntools - AI/ML:
transformers,llama-index,langchain - Reporting:
reportlab,jinja2,pdfkit
- Recon:
-
Databases: SQLite for session & scan data
-
AI Model: LLaMA 3.1 for contextual security insights
This document outlines the seven key stages of the AutoPent project, from initial reconnaissance to the final user interface. Each step leverages specific tools and methodologies to create a comprehensive, automated offensive security framework.
This initial phase involves collecting as much information as possible about the target system to identify potential attack vectors before launching any exploits. The primary goal is to map the attack surface by extracting DNS records, IP addresses, and exposed services.
For this, we will use the following OSINT (Open-Source Intelligence) API keys:
- Shodan: Scans the internet for open ports and exposed devices. It is best suited for IoT, open ports, and banner grabbing.
- BinaryEdge: Provides IP scanning data and device fingerprinting. It excels at mass scanning, which helps in detecting data vulnerabilities, and is also useful for botnet and malware hunting.
- Onyphe: Specializes in threat intelligence and darknet analysis, providing capabilities like dark web tracking.
This process automates the detection of misconfigurations, outdated software, and exploitable vulnerabilities in web applications, networks, and databases.
-
NIKTO:
- Key Features: Checks for outdated software versions and security misconfigurations, identifies exposed sensitive files (e.g., admin panels, backup files), and provides fast scanning with minimal false positives.
- Purpose: Helps in the early detection of security loopholes before manual testing.
-
SQLMap:
- Key Features: Automatic SQL Injection testing, database enumeration, supports multiple database types, and can bypass security measures.
- Purpose: Helps to uncover sensitive data leaks, unauthorized access, and database misconfigurations.
-
Nmap:
- Key Features: Port scanning, vulnerability detection (via NSE scripts), service fingerprinting, and Firewall/IDS detection.
- Purpose: Crucial for identifying weak services, misconfigurations, and open ports on a network.
This step aims to determine the actual risk posed by identified vulnerabilities by simulating real-world cyberattacks in a controlled manner.
-
Socket:
- Python's socket programming allows for creating custom exploits to attack vulnerable systems.
- Attackers can send malicious payloads to web servers, databases, or SSH services.
- Project Feature: It converts a target URL into its IP address, which is then fed to the Metasploit framework for exploitation attacks. This simplifies the process for the user, who only needs to provide a URL.
-
Metasploit:
- One of the most widely used penetration testing frameworks that helps security professionals discover, exploit, and validate vulnerabilities.
- It automates vulnerability exploitation, payload delivery, and post-exploitation actions.
- Integration: It uses an RPC server to connect to a Python script, which automates the exploitation process and can cycle through multiple payloads.
Privilege escalation is the process of gaining higher-level access to a system or network, typically moving from a low-privileged user to an administrator or root user. This is achieved by exploiting security misconfigurations, vulnerabilities, or weak permissions.
-
WinPEAS (Windows Privilege Escalation Awesome Scripts):
- Detects weak file permissions, unquoted service paths, and passwords stored in plaintext.
- Identifies Windows vulnerabilities that allow privilege escalation.
- Finds misconfigured services, registry settings, and scheduled tasks.
-
LinPEAS (Linux Privilege Escalation Awesome Scripts):
- Detects sudo misconfigurations, SUID binaries, and writable files.
- Finds known kernel exploits that allow for privilege escalation.
- Identifies hardcoded credentials and environment variables containing sensitive data.
This is the process of examining application code to identify security vulnerabilities, logic flaws, and coding errors that could be exploited by attackers.
- Haiku (Claude 3.5):
- An AI-powered static code analysis tool that helps developers identify security vulnerabilities and coding errors.
- Supports multiple programming languages (e.g., Java, Python, JavaScript).
- Claude 3.5 Haiku is the next-generation model, offering greater speed and improved skill across the board. It provides more efficient source code analysis and gives more detailed insights into found vulnerabilities.
- Benefit: Provides fix recommendations for vulnerabilities and helps automate secure code reviews in DevSecOps pipelines.
A graphical user interface (GUI) is used to make the framework accessible and easy for users to navigate. It provides a visual representation of the modules running in the backend.
-
Key Features:
- Integrated Security Testing: A single dashboard to launch and monitor all tests.
- Report Generation & Export: Saves results as PDF or text files, allowing users to easily find and review the reports and see which modules were successful.
-
Flask:
- A lightweight web framework used for the backend.
- Handles HTTP Requests: Connects the front-end UI to the backend modules.
- Supports API Calls: Enables the remote execution of penetration testing tasks.
- Integrates with Databases & Logging Systems: Stores pentesting reports, providing access to historical data.
-
PyQt5:
- A set of Python bindings for the Qt application framework, used to build the GUI.
- Cross-Platform & Feature-Rich: Build GUI applications for Windows, macOS, and Linux with over 600 built-in widgets.
- Event-Driven Programming: Uses a signals and slots mechanism for seamless event handling.
- Drag & Drop UI with Qt Designer: Allows for visual creation of UIs, which can then be converted into Python code.
Follow these steps to get a local copy up and running.
- Python 3.x
- External tools like
nmap,nikto, andsqlmapshould be installed and available in your system's PATH.
-
Clone the repository:
git clone https://github.com/Abhinavmehra2004/CyberShield-Hakathon-Autopenters-.git
-
Navigate to the source code directory:
cd CyberShield-Hakathon-Autopenters-/SourceCode -
Create and activate a virtual environment (recommended):
python -m venv venv # On Windows venv\Scripts\activate # On macOS/Linux source venv/bin/activate
-
Install the required Python packages:
pip install -r requirements.txt
-
Run the application from the
SourceCodedirectory:python autopent.py
-
Enter the target URL in the input field (e.g.,
http://example.com). -
Click the "Start Security Test" button to begin the automated penetration test.
-
The progress will be displayed in the text area. Once the test is complete, you can download the final report using the "Download Report" button.
- Cyber Forensics & Incident Response
- Enterprise Security Audits
- Government & Law Enforcement Cyber Operations
- Education & Training in Ethical Hacking
- CI/CD Pipeline Integration: Integrate automated security testing into CI/CD pipelines to identify vulnerabilities before deployment.
- Compliance and Auditing: Assist organizations in meeting regulatory compliance requirements (e.g., PCI DSS, HIPAA) by performing regular security scans and generating audit-ready reports.
- Third-Party Risk Assessment: Evaluate the security posture of third-party vendors and partners to manage supply chain risks.
- Cloud Security Posture Management (CSPM): Scan cloud environments (AWS, Azure, GCP) for misconfigurations and security vulnerabilities.
- Red Team Automation: Automate routine tasks for red teams, allowing them to focus on more advanced and strategic attack simulations.
AutoPent is developed strictly for ethical and authorized penetration testing. Unauthorized usage against systems without explicit permission is illegal and punishable under Indian IT Act (2000/2008 amendments) and global cybercrime laws.
- Cloud Infrastructure Security Module
- Real-time Threat Intelligence Integration
- Mobile App Pentesting Support
- Multi-user Collaboration Dashboard
Name : Abhinav Mehra
Email : abhinavmehrasept2004@gmail.com
LinkedIn: http://www.linkedin.com/in/abhinav-mehra-356a7a333
GitHub : Abhinavmehra2004