AutoPWN Suite

April 5, 2026 ยท View on GitHub

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

GitHub Top Language Repo Size Tests GitHub Contributors GitHub Closed Pull Requests GitHub Closed Issues GitHub Repo Stars Banner

Features

CLI

  • Fully automatic scanning and exploitation
  • Detect network IP range without any user input
  • Vulnerability detection based on service versions
  • Web app vulnerability testing (LFI, XSS, SQLI)
  • Web app directory busting
  • Get information about vulnerabilities right from your terminal
  • Automatically download exploits related to discovered vulnerabilities
  • Noise mode for creating traffic on the network
  • Evasion mode for stealthy scanning
  • Automatically select scan types based on privilege level
  • Easy to read output with rich formatting
  • Specify arguments using a config file
  • Send scan results via webhook or email
  • Works on Windows, macOS and Linux
  • Use as a module
  • Use as a daemon to periodically scan the network

Web UI

AutoPWN Suite includes a built-in web dashboard for managing scans from your browser.

Web UI Dashboard

  • Multiple concurrent scans - Launch and monitor several scans at the same time
  • Live terminal output - Watch nmap commands and results in real time via SSE
  • Scan profiles - Save and reuse scan configurations (technique, speed, timeout, ports, evasion, custom flags)
  • Scheduled scans - Set up recurring scans on a cron schedule with automatic profile loading
  • Scan techniques - Choose between TCP SYN, TCP Connect, UDP, Window, ACK, FIN, Xmas, Null, Maimon and SCTP scans
  • Evasion mode - Fragmented packets, spoofed source port and padded data length
  • Email notifications - Get notified on scan completion with inline result summaries
  • Webhook notifications - Post scan results to any webhook endpoint
  • Persistent settings - All settings, profiles and schedules are saved to disk
  • Configurable via environment variables - Set host, port and data directory without touching code

Scan Profiles

Scheduled Scans

How Does It Work?

AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of software running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of keywords to search the NIST vulnerability database.

Demo

AutoPWN Suite has a very user friendly easy to read output.

asciicast

Installation

Windows

git clone https://github.com/GamehunterKaan/AutoPWN-Suite.git
cd AutoPWN-Suite
pip install -r requirements.txt

Linux

For a system-wide installation on Linux (which requires root privileges), use the provided installation script. (Recommended)

# Install as root
sudo bash install.sh
# Uninstall
sudo bash uninstall.sh

You can clone the repo and create a virtual environment. This installation method can be used for non-root installation in Linux.

git clone https://github.com/GamehunterKaan/AutoPWN-Suite.git
cd AutoPWN-Suite
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Docker

The fastest way to get the web UI running. Download the docker-compose.yml file and run:

docker compose up -d

The web UI will be available at http://localhost:8080.

Configuration

Edit docker-compose.yml to change host, port or data directory:

environment:
  - AUTOPWN_DATA_DIR=/data        # Where settings/profiles/schedules are stored
  - AUTOPWN_WEB_HOST=0.0.0.0     # Listen address
  - AUTOPWN_WEB_PORT=8080        # Listen port

Note: Host networking (network_mode: host) is required for nmap to discover and scan devices on your local network.

You can also run the CLI via Docker:

docker run -it --net=host gamehunterkaan/autopwn-suite -t 192.168.1.0/24 -y

Cloud

You can use Google Cloud Shell.

Open in Cloud Shell

Usage

Running with root privileges (sudo) is always recommended.

CLI

Automatic Mode

autopwn-suite -y

Scan a Specific Target

autopwn-suite -t <target ip address>

Change Scanning Speed

autopwn-suite -s <1, 2, 3, 4, 5>

Change Scanning Mode

autopwn-suite -m <evade, noise, normal>

For more details about usage and flags use -h flag.

Install Daemon

autopwn-suite --daemon-install

Web UI

Launch the web dashboard:

autopwn-suite --web

With custom host and port:

autopwn-suite --web --web-host 0.0.0.0 --web-port 3000

Scan Running

REST API

The web UI exposes a full REST API:

MethodEndpointDescription
GET/api/scansList all scan jobs
POST/api/scan/startStart a new scan
POST/api/scan/stopStop a running scan
GET/api/hostsAll discovered hosts (merged)
GET/api/logLog history
GET/api/eventsSSE event stream
GET/api/settingsGet all settings
PUT/api/settingsUpdate settings
GET/api/profilesList scan profiles
POST/api/profilesCreate a profile
PUT/api/profiles/<id>Update a profile
DELETE/api/profiles/<id>Delete a profile
GET/api/schedulesList scheduled scans
POST/api/schedulesCreate a schedule
PUT/api/schedules/<id>Update a schedule
DELETE/api/schedules/<id>Delete a schedule

Module Usage

from autopwn_suite.api import AutoScanner

scanner = AutoScanner()
json_results = scanner.scan("192.168.0.1")
scanner.save_to_file("autopwn.json")

Development and Testing

You can use poetry to install dependencies and run tests.

Installing Dependencies

poetry install

Running Tests

# Run all tests with coverage
poetry run test

# Run tests without coverage
poetry run test --no-cov

# Run only unit tests
poetry run test -m unit

# Run only integration tests
poetry run test -m integration

# Run tests excluding slow tests
poetry run test -m "not slow"

Running with Docker (Development)

docker compose up --build

Contributing to AutoPWN Suite

I would be glad if you are willing to contribute this project. I am looking forward to merge your pull request unless its something that is not needed or just a personal preference. Also minor changes and bug fixes will not be merged. Please create an issue for those and I will do it myself. Click here for more info!

You may not rent or lease, distribute, modify, sell or transfer the software to a third party. AutoPWN Suite is free for distribution, and modification with the condition that credit is provided to the creator and not used for commercial use. You may not use software for illegal or nefarious purposes. No liability for consequential damages to the maximum extent permitted by all applicable laws.

Support or Contact

Having trouble using this tool? You can create an issue or create a discussion!