AutoPentest Cheat Sheet
Overview
AutoPentest is an autonomous black-box penetration testing system powered by GPT-4o and LangChain that can execute multi-step attack chains without human intervention. It combines advanced AI reasoning with traditional security testing tools to perform comprehensive security assessments, vulnerability discovery, and exploitation attempts.
⚠️ Warning: Autonomous penetration testing tool. Use only on systems you own or have explicit written authorization to test.
Installation
Prerequisites
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
docker --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y nmap masscan gobuster nikto sqlmap metasploit-framework
# Install Node.js for some modules
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install -y nodejs
Installation Methods
# Method 1: Git clone and setup
git clone https://github.com/autopentest/autopentest.git
cd autopentest
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install additional dependencies
pip install langchain openai anthropic
pip install python-nmap python-masscan
pip install requests beautifulsoup4 selenium
# Method 2: Docker installation
docker pull autopentest/autopentest:latest
docker run -it --rm -v $(pwd)/results:/app/results autopentest/autopentest:latest
# Method 3: PyPI installation (if available)
pip install autopentest
Configuration Setup
# Create configuration directory
mkdir -p ~/.autopentest/config
mkdir -p ~/.autopentest/modules
mkdir -p ~/.autopentest/reports
mkdir -p ~/.autopentest/evidence
# Initialize configuration
autopentest init
# Configure AI models
autopentest config set openai_api_key "your-openai-api-key"
autopentest config set openai_model "gpt-4o"
autopentest config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
autopentest config set max_attack_depth 5
autopentest config set autonomous_mode true
autopentest config set evidence_collection true
Core Commands
Basic Operations
# Display help and version
autopentest --help
autopentest --version
autopentest modules list
# Quick autonomous scan
autopentest scan --target example.com --autonomous
autopentest scan --target 192.168.1.100 --quick
# Full autonomous penetration test
autopentest pentest --target example.com --full
autopentest pentest --network 192.168.1.0/24 --autonomous
# Check system status
autopentest status
autopentest health-check
Target Management
# Add and manage targets
autopentest target add --host example.com
autopentest target add --network 192.168.1.0/24
autopentest target add --url https://app.example.com
# Target information gathering
autopentest target info example.com
autopentest target list --active
autopentest target remove example.com
# Import targets from various sources
autopentest target import --nmap scan.xml
autopentest target import --file targets.txt
autopentest target import --shodan-query "apache"
Campaign Management
# Create and manage campaigns
autopentest campaign create --name "client_assessment"
autopentest campaign list
autopentest campaign switch client_assessment
# Campaign configuration
autopentest campaign config --max-duration 24h
autopentest campaign config --attack-intensity medium
autopentest campaign config --stealth-mode true
# Campaign execution
autopentest campaign start --target example.com
autopentest campaign status
autopentest campaign pause
autopentest campaign resume
autopentest campaign stop
Autonomous Reconnaissance
AI-Driven Information Gathering
# Autonomous OSINT collection
autopentest recon osint --target example.com --autonomous
autopentest recon osint --company "Example Corp" --deep
autopentest recon osint --domain example.com --social-media
# Subdomain discovery with AI
autopentest recon subdomains --domain example.com --ai-enhanced
autopentest recon subdomains --domain example.com --recursive --depth 3
autopentest recon subdomains --domain example.com --wordlist-generation
# Port and service discovery
autopentest recon ports --target example.com --ai-prioritized
autopentest recon services --target 192.168.1.100 --fingerprint
autopentest recon services --network 192.168.1.0/24 --fast
Technology Stack Analysis
# Web technology identification
autopentest recon tech-stack --url https://example.com
autopentest recon tech-stack --target example.com --comprehensive
autopentest recon tech-stack --url https://example.com --ai-analysis
# Framework and CMS detection
autopentest recon cms --url https://example.com
autopentest recon frameworks --target example.com
autopentest recon libraries --url https://example.com --version-check
# Infrastructure analysis
autopentest recon infrastructure --target example.com
autopentest recon cloud-services --domain example.com
autopentest recon cdn-analysis --url https://example.com
Attack Surface Mapping
# Comprehensive attack surface discovery
autopentest recon attack-surface --target example.com --full
autopentest recon attack-surface --domain example.com --external
autopentest recon attack-surface --network 192.168.1.0/24 --internal
# Entry point identification
autopentest recon entry-points --target example.com
autopentest recon entry-points --url https://example.com --web-focus
autopentest recon entry-points --target 192.168.1.100 --network-focus
# Asset correlation and mapping
autopentest recon correlate --target example.com
autopentest recon map-assets --domain example.com --visual
Autonomous Vulnerability Assessment
AI-Powered Vulnerability Discovery
# Autonomous vulnerability scanning
autopentest vuln scan --target example.com --autonomous
autopentest vuln scan --url https://example.com --web-focus
autopentest vuln scan --target 192.168.1.100 --network-focus
# AI-guided vulnerability analysis
autopentest vuln analyze --target example.com --ai-reasoning
autopentest vuln analyze --scan-id 12345 --deep-analysis
autopentest vuln analyze --vulnerability CVE-2023-1234 --context
# Vulnerability prioritization
autopentest vuln prioritize --target example.com --business-impact
autopentest vuln prioritize --scan-id 12345 --exploitability
autopentest vuln prioritize --vulnerabilities vulns.json --risk-based
Specialized Vulnerability Testing
# Web application vulnerabilities
autopentest vuln web --url https://example.com --comprehensive
autopentest vuln web --url https://example.com --owasp-top10
autopentest vuln web --url https://example.com --api-focus
# Network vulnerabilities
autopentest vuln network --target 192.168.1.100 --comprehensive
autopentest vuln network --network 192.168.1.0/24 --lateral-movement
autopentest vuln network --target 192.168.1.100 --privilege-escalation
# Infrastructure vulnerabilities
autopentest vuln infrastructure --target example.com --cloud-focus
autopentest vuln infrastructure --target example.com --container-focus
autopentest vuln infrastructure --target example.com --configuration
Vulnerability Validation
# Automated vulnerability validation
autopentest vuln validate --vulnerability-id 67890
autopentest vuln validate --scan-id 12345 --auto-verify
autopentest vuln validate --target example.com --all-findings
# False positive reduction
autopentest vuln filter --scan-id 12345 --ai-filtering
autopentest vuln deduplicate --target example.com
autopentest vuln confidence-score --vulnerability-id 67890
Autonomous Exploitation
AI-Driven Exploit Selection
# Autonomous exploit attempts
autopentest exploit auto --target example.com --safe-mode
autopentest exploit auto --vulnerability-id 67890 --careful
autopentest exploit auto --scan-id 12345 --non-destructive
# Exploit chain generation
autopentest exploit chain --target example.com --objective shell
autopentest exploit chain --target 192.168.1.100 --objective privilege-escalation
autopentest exploit chain --network 192.168.1.0/24 --objective lateral-movement
# Custom exploit development
autopentest exploit develop --vulnerability CVE-2023-1234
autopentest exploit develop --service "Apache 2.4.41" --ai-assisted
autopentest exploit develop --target example.com --custom-payload
Payload Generation and Delivery
# AI-generated payloads
autopentest payload generate --target example.com --type reverse-shell
autopentest payload generate --os windows --arch x64 --evasion
autopentest payload generate --service ssh --technique key-injection
# Payload delivery mechanisms
autopentest payload deliver --target example.com --method web
autopentest payload deliver --target 192.168.1.100 --method network
autopentest payload deliver --target example.com --method social-engineering
# Evasion techniques
autopentest payload obfuscate --payload payload.bin --technique polymorphic
autopentest payload encode --payload payload.bin --encoder base64
autopentest payload encrypt --payload payload.bin --key random
Post-Exploitation Activities
# Autonomous post-exploitation
autopentest post-exploit --session session-123 --autonomous
autopentest post-exploit --target example.com --objective data-discovery
autopentest post-exploit --session session-123 --persistence
# Privilege escalation
autopentest post-exploit privesc --session session-123 --auto
autopentest post-exploit privesc --target 192.168.1.100 --technique kernel
autopentest post-exploit privesc --session session-123 --service-abuse
# Lateral movement
autopentest post-exploit lateral --session session-123 --network 192.168.1.0/24
autopentest post-exploit lateral --session session-123 --credential-reuse
autopentest post-exploit lateral --session session-123 --trust-relationships
AI Reasoning Engine
Decision Making Framework
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4o",
"temperature": 0.3,
"max_tokens": 4000,
"reasoning_depth": 5,
"confidence_threshold": 0.8,
"risk_tolerance": "medium"
}
# Custom reasoning prompts
attack_planning_prompt = """
Analyze the target system and plan a multi-step attack:
Target: {target}
Discovered services: {services}
Identified vulnerabilities: {vulnerabilities}
Objective: {objective}
Provide a step-by-step attack plan with:
1. Risk assessment for each step
2. Probability of success
3. Potential impact
4. Stealth considerations
5. Fallback options
"""
Attack Chain Planning
# AI-powered attack planning
autopentest ai plan-attack --target example.com --objective compromise
autopentest ai plan-attack --target example.com --stealth-priority
autopentest ai plan-attack --network 192.168.1.0/24 --lateral-focus
# Attack path optimization
autopentest ai optimize-path --target example.com --minimize-risk
autopentest ai optimize-path --target example.com --maximize-stealth
autopentest ai optimize-path --target example.com --fastest-path
# Dynamic replanning
autopentest ai replan --session session-123 --new-objective
autopentest ai replan --campaign campaign-456 --adapt-defenses
autopentest ai replan --target example.com --failure-recovery
Adaptive Behavior
# AI adaptation to defenses
autopentest ai adapt --target example.com --defense-detection
autopentest ai adapt --session session-123 --evasion-mode
autopentest ai adapt --campaign campaign-456 --stealth-increase
# Learning from failures
autopentest ai learn --failed-attempt attempt-789
autopentest ai learn --target example.com --defense-analysis
autopentest ai learn --campaign campaign-456 --pattern-recognition
# Behavioral modification
autopentest ai modify-behavior --target example.com --more-aggressive
autopentest ai modify-behavior --session session-123 --more-cautious
autopentest ai modify-behavior --campaign campaign-456 --change-tactics
Multi-Step Attack Chains
Chain Definition and Execution
# attack_chains/web_to_internal.yaml
name: "Web Application to Internal Network"
description: "Multi-step attack from web app compromise to internal network access"
steps:
- name: "web_reconnaissance"
type: "reconnaissance"
ai_guided: true
modules:
- subdomain_enumeration
- technology_detection
- vulnerability_scanning
- name: "web_exploitation"
type: "exploitation"
depends_on: ["web_reconnaissance"]
condition: "web_vulnerabilities_found"
ai_guided: true
modules:
- sql_injection
- xss_exploitation
- file_upload_abuse
- name: "lateral_movement"
type: "post_exploitation"
depends_on: ["web_exploitation"]
condition: "shell_obtained"
ai_guided: true
modules:
- network_discovery
- credential_harvesting
- privilege_escalation
Chain Execution Commands
# Execute predefined attack chains
autopentest chain execute web_to_internal --target example.com
autopentest chain execute network_compromise --target 192.168.1.0/24
autopentest chain execute cloud_breakout --target aws-instance
# Custom chain execution
autopentest chain execute --file custom_chain.yaml --target example.com
autopentest chain execute --template advanced --target example.com
# Chain monitoring and control
autopentest chain status web_to_internal_001
autopentest chain pause web_to_internal_001
autopentest chain resume web_to_internal_001
autopentest chain abort web_to_internal_001
Dynamic Chain Modification
# Modify chains during execution
autopentest chain modify --chain-id 12345 --add-step persistence
autopentest chain modify --chain-id 12345 --skip-step noisy_scan
autopentest chain modify --chain-id 12345 --change-objective
# Conditional branching
autopentest chain branch --chain-id 12345 --condition "admin_access_gained"
autopentest chain branch --chain-id 12345 --fallback-path stealth_mode
autopentest chain branch --chain-id 12345 --success-path data_exfiltration
Evidence Collection and Documentation
Automated Evidence Gathering
# Enable comprehensive evidence collection
autopentest evidence enable --all-activities
autopentest evidence enable --screenshots --network-captures
autopentest evidence enable --command-logs --file-changes
# Evidence collection during attacks
autopentest evidence collect --session session-123 --continuous
autopentest evidence collect --vulnerability-id 67890 --proof-of-concept
autopentest evidence collect --target example.com --timeline
# Evidence validation and integrity
autopentest evidence validate --evidence-id 98765
autopentest evidence hash --evidence-id 98765 --algorithm sha256
autopentest evidence sign --evidence-id 98765 --digital-signature
Forensic Documentation
# Generate forensic reports
autopentest forensics report --session session-123 --detailed
autopentest forensics report --target example.com --timeline
autopentest forensics report --campaign campaign-456 --comprehensive
# Chain of custody
autopentest forensics custody --evidence-id 98765 --initialize
autopentest forensics custody --evidence-id 98765 --transfer
autopentest forensics custody --evidence-id 98765 --verify
# Evidence export for legal purposes
autopentest forensics export --evidence-id 98765 --format legal
autopentest forensics export --session session-123 --court-ready
autopentest forensics export --campaign campaign-456 --compliance
Reporting and Analysis
AI-Generated Reports
# Autonomous report generation
autopentest report generate --target example.com --ai-authored
autopentest report generate --campaign campaign-456 --executive-summary
autopentest report generate --session session-123 --technical-details
# Custom report templates
autopentest report generate --template compliance --target example.com
autopentest report generate --template red-team --campaign campaign-456
autopentest report generate --template vulnerability-assessment --scan-id 12345
# Multi-format output
autopentest report generate --target example.com --format pdf,html,json
autopentest report generate --campaign campaign-456 --format docx
autopentest report generate --session session-123 --format markdown
Risk Assessment and Scoring
# AI-powered risk analysis
autopentest risk assess --target example.com --business-context
autopentest risk assess --vulnerabilities vulns.json --impact-analysis
autopentest risk assess --campaign campaign-456 --comprehensive
# Risk scoring and prioritization
autopentest risk score --vulnerability-id 67890 --cvss-plus-ai
autopentest risk score --target example.com --business-risk
autopentest risk score --campaign campaign-456 --overall-posture
# Risk mitigation recommendations
autopentest risk mitigate --target example.com --recommendations
autopentest risk mitigate --vulnerability-id 67890 --step-by-step
autopentest risk mitigate --campaign campaign-456 --prioritized
Advanced Configuration
AI Model Configuration
# config/ai_models.yaml
ai_models:
primary:
provider: "openai"
model: "gpt-4o"
api_key: "${OPENAI_API_KEY}"
max_tokens: 8000
temperature: 0.3
reasoning:
provider: "openai"
model: "gpt-4o"
api_key: "${OPENAI_API_KEY}"
max_tokens: 4000
temperature: 0.1
creative:
provider: "anthropic"
model: "claude-3-opus"
api_key: "${ANTHROPIC_API_KEY}"
max_tokens: 4000
temperature: 0.7
reasoning_prompts:
vulnerability_analysis: "prompts/vuln_analysis.txt"
exploit_selection: "prompts/exploit_selection.txt"
attack_planning: "prompts/attack_planning.txt"
risk_assessment: "prompts/risk_assessment.txt"
Autonomous Behavior Settings
# config/autonomous.yaml
autonomous_settings:
max_attack_depth: 5
max_session_duration: 3600 # 1 hour
risk_tolerance: "medium"
stealth_priority: "high"
decision_making:
confidence_threshold: 0.8
require_human_approval: false
auto_escalate_privileges: true
auto_lateral_movement: true
safety_limits:
no_destructive_actions: true
no_data_exfiltration: true
respect_scope_limits: true
max_concurrent_sessions: 5
learning:
adapt_to_defenses: true
learn_from_failures: true
update_tactics: true
share_intelligence: false
Integration Configuration
# config/integrations.yaml
integrations:
metasploit:
enabled: true
rpc_host: "localhost"
rpc_port: 55553
rpc_user: "msf"
rpc_pass: "${MSF_PASSWORD}"
burp_suite:
enabled: true
api_url: "http://localhost:1337"
api_key: "${BURP_API_KEY}"
nessus:
enabled: true
server_url: "https://nessus.local:8834"
access_key: "${NESSUS_ACCESS_KEY}"
secret_key: "${NESSUS_SECRET_KEY}"
siem:
enabled: true
type: "splunk"
endpoint: "https://splunk.local:8089"
token: "${SPLUNK_TOKEN}"
Security and Ethical Considerations
Authorization and Scope Management
# Define authorized targets and scope
autopentest scope define --target example.com --authorized
autopentest scope define --network 192.168.1.0/24 --internal-only
autopentest scope define --url https://app.example.com --web-only
# Scope validation and enforcement
autopentest scope validate --target test.example.com
autopentest scope enforce --strict-mode
autopentest scope check --all-targets
# Authorization documentation
autopentest auth document --target example.com --signed-agreement
autopentest auth verify --target example.com --legal-approval
autopentest auth export --format legal-document
Safety Mechanisms
# Enable safety controls
autopentest safety enable --all-controls
autopentest safety enable --no-destructive --no-dos
autopentest safety enable --data-protection --scope-enforcement
# Safety monitoring
autopentest safety monitor --real-time
autopentest safety check --pre-execution
autopentest safety validate --post-execution
# Emergency controls
autopentest safety emergency-stop --all-campaigns
autopentest safety quarantine --session session-123
autopentest safety rollback --changes-since timestamp
Compliance and Auditing
# Enable comprehensive auditing
autopentest audit enable --all-activities
autopentest audit enable --decision-logging --ai-reasoning
autopentest audit enable --evidence-chain --legal-compliance
# Audit reporting
autopentest audit report --campaign campaign-456 --compliance
autopentest audit report --timeframe "2024-01-01,2024-01-31" --detailed
autopentest audit export --format soc2 --period quarterly
# Compliance validation
autopentest compliance check --standard iso27001
autopentest compliance check --standard nist --framework cybersecurity
autopentest compliance validate --all-activities --legal-review
Troubleshooting and Optimization
Performance Monitoring
# Monitor system performance
autopentest monitor performance --real-time
autopentest monitor resources --campaign campaign-456
autopentest monitor ai-usage --costs --tokens
# Performance optimization
autopentest optimize performance --target example.com
autopentest optimize ai-calls --reduce-redundancy
autopentest optimize memory --cleanup-sessions
# Scaling and load balancing
autopentest scale up --workers 10
autopentest scale distribute --targets multiple
autopentest scale optimize --resource-allocation
Debugging and Diagnostics
# Debug mode and verbose logging
autopentest --debug campaign start --target example.com
autopentest --verbose ai plan-attack --target example.com
autopentest logs view --level debug --component ai-reasoning
# System diagnostics
autopentest diagnose system --comprehensive
autopentest diagnose ai-models --connectivity
autopentest diagnose integrations --all-tools
# Error analysis and resolution
autopentest errors analyze --session session-123
autopentest errors resolve --error-id 54321 --auto-fix
autopentest errors report --campaign campaign-456 --detailed
Recovery and Backup
# Session recovery
autopentest recover session --session-id session-123
autopentest recover campaign --campaign-id campaign-456
autopentest recover state --from-backup backup-789
# Backup and restore
autopentest backup create --campaign campaign-456 --full
autopentest backup restore --backup-id backup-789
autopentest backup schedule --daily --retention 30d
# Data integrity verification
autopentest verify integrity --all-data
autopentest verify checksums --evidence-only
autopentest verify consistency --cross-reference
Integration Examples
CI/CD Pipeline Integration
# .github/workflows/autonomous-security-test.yml
name: Autonomous Security Testing
on:
schedule:
- cron: '0 2 * * 0' # Weekly on Sunday at 2 AM
workflow_dispatch:
jobs:
autonomous-pentest:
runs-on: ubuntu-latest
steps:
- name: Setup AutoPentest
run: |
pip install autopentest
autopentest config set openai_api_key ${{ secrets.OPENAI_API_KEY }}
autopentest config set autonomous_mode true
autopentest config set safety_controls true
- name: Run Autonomous Penetration Test
run: |
autopentest campaign create --name "ci_security_test"
autopentest campaign start --target ${{ env.TARGET_DOMAIN }} --autonomous
autopentest campaign wait --timeout 3600
- name: Generate Security Report
run: |
autopentest report generate --campaign ci_security_test --format json > security_report.json
autopentest report generate --campaign ci_security_test --format pdf > security_report.pdf
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-assessment-results
path: |
security_report.json
security_report.pdf
SOAR Platform Integration
# integrations/soar_integration.py
import requests
import json
from autopentest.core.integration import BaseIntegration
class SOARIntegration(BaseIntegration):
def __init__(self, soar_url, api_key):
self.soar_url = soar_url
self.api_key = api_key
def create_incident(self, vulnerability):
incident_data = {
"title": f"Critical Vulnerability: {vulnerability.name}",
"description": vulnerability.description,
"severity": self.map_severity(vulnerability.severity),
"source": "autopentest",
"artifacts": [
{
"type": "ip",
"value": vulnerability.target_ip
},
{
"type": "cve",
"value": vulnerability.cve
}
]
}
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.soar_url}/api/incidents",
headers=headers,
json=incident_data
)
return response.json()
def trigger_playbook(self, playbook_name, context):
playbook_data = {
"playbook": playbook_name,
"context": context,
"auto_execute": True
}
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.soar_url}/api/playbooks/execute",
headers=headers,
json=playbook_data
)
return response.json()
Best Practices
Autonomous Testing Strategy
# Gradual autonomy increase
autopentest config set autonomy_level 1 # Supervised
autopentest config set autonomy_level 3 # Semi-autonomous
autopentest config set autonomy_level 5 # Fully autonomous
# Risk-based approach
autopentest config set risk_tolerance low # Conservative
autopentest config set risk_tolerance medium # Balanced
autopentest config set risk_tolerance high # Aggressive
# Continuous learning
autopentest ai train --from-campaigns --improve-accuracy
autopentest ai update-models --latest-threats
autopentest ai calibrate --false-positive-reduction
Quality Assurance
# Validation and verification
autopentest validate findings --all-vulnerabilities
autopentest verify exploits --proof-of-concept
autopentest cross-reference --multiple-sources
# Accuracy improvement
autopentest accuracy measure --campaign campaign-456
autopentest accuracy improve --false-positive-analysis
autopentest accuracy benchmark --industry-standards
Operational Security
# Stealth and evasion
autopentest stealth enable --advanced-evasion
autopentest stealth randomize --timing --user-agents
autopentest stealth encrypt --communications --payloads
# Operational security
autopentest opsec enable --anti-forensics
autopentest opsec clean --artifacts --logs
autopentest opsec verify --no-traces-left