Automated Vulnerability Scanner — Multi-tool CLI/GUI Pen-Test Suite

Overview#

Automated Vulnerability Scanner is a multifunctional penetration-testing and scanning toolkit with both CLI and GUI (Tkinter) interfaces. Built for red teams, security researchers, trainers, and students, it can run from USB (portable mode) or be deployed on Kali/Parrot. Designed as a training and field-ops tool with automation and reporting features.

Key Features#

1. Network Scanning
   • Nmap-based full port & service scans (-sV) with advanced options.
   • Auto-save and post-scan analysis of results.
2. Vulnerability Assessment
   • Local CVE matching and lookup (CVE ID, severity, description).
   • References to Exploit-DB / NVD.
   • Extendable DB for custom mappings.
3. Web Application Testing
   • SQL Injection, XSS, directory listing checks.
   • Uses tools like sqlmap, whatweb, nikto.
   • Saves test reports to a dedicated folder.
4. Exploitation Module
   • Direct Metasploit integration.
   • Select exploit, auto-deploy, and link to Meterpreter sessions.
5. Session Manager
   • List active Meterpreter sessions, run commands, upload/download files, pull credentials.
6. Password Attacks
   • Target SSH, FTP, HTTP Basic Auth using hydra + wordlists.
   • Support for custom input interfaces (wordlists, rules).
7. Wireless Audit
   • airodump-ng discovery and handshake capture.
   • WPA/WPA2 cracking with aircrack-ng.
8. Automated PDF Reporting
   • Compiles findings into a formatted PDF (target, vuln details, screenshots).
   • Saved under results/reports.
9. Utility Tools
   • Ping sweep, Whois, DNS lookup, traceroute.
10. Webhook Notifications
    • Auto-send reports to Discord/Slack via webhook.
11. Shodan Integration
    • Pull public footprint data (OS, open ports, geo) for target enrichment.
12. MITM Proxy Integration
    • mitmproxy support to intercept traffic; save logs/HAR for later analysis.

Target Audience#

• Red teams & penetration testers
• Pen-test firms
• Cybersecurity trainers & labs
• Security awareness teams
• Students and training courses

Ethical & Legal Notice (Important)#

Use only on authorized networks or in controlled lab environments. Unauthorized scanning, exploitation, or disruption of third-party systems is illegal and unethical. Follow Shariah and local laws — obtain explicit written permission before testing.