Public | Automated Build

Last pushed: a year ago
Short Description
AutoPoke is a tool to conduct basic penetration tests automatically
Full Description


AutoPoke is for education/research purposes only. The author takes NO responsibility and/or liability for how you choose to use any of the tools/source code/any files provided. The author and anyone affiliated with will not be liable for any losses and/or damages in connection with use of ANY files provided with AutoPoke. By using AutoPoke or any files included, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again AutoPoke and ALL files included are for EDUCATION and/or
RESEARCH purposes ONLY. AutoPoke is ONLY intended to be used on your own pentesting labs, or with explicit consent from the owner of the property being tested.


AutoPoke is a tool to conduct basic penetration tests automatically.
AutoPoke derives its firepower from well-known security tools.
The tool was developed to practice the author's bash and python scripting skills and to automate grunt work.
Provides good starting point for penetration test.

How it works?

1. Subdomain enumeration

Subdomains of the target are enumerated using a couple of tools.


fierce -threads 8 -dns $TARGET [-wide]

Sublist3r [-b] -t 8 -d $TARGET

SubBrute $TARGET

* this is run only if brute force is enabled

2. Harvest email addresses


theharvester -d $TARGET -v -l 1000 -b all

3. Port scanning

The subdomains are resolved to ip addresses and the addresses are used to generate ip ranges.
The ip ranges are scanned for open ports.


nmap [-Pn] -sV -sC -p1-65335 -oA nmap \
    --script "[vuln,http-default-accounts],default,ftp-anon,ms-sql-empty-password,mysql-empty-password"\
    -iL $IPLIST

4. Web server scanning

Where open http* services are detected, are requested using all subdomains that point to that host.
All unique web applications are grouped and only one of each different application is scanned using nikto.


nikto -host $var1 -port $var2 [-ssl]

5. SQL injection scanning

The same unique web applications that got scanned with nikto, are scanned using sqlmap.


sqlmap --threads=8 --crawl=5 --batch --smart --random-agent --forms --is-dba --dbs -u http[s]://$var1:$var2/

6. Check emails for breaches


Checks the emails found with theHarvester against haveibeenpwned database


Docker Installation:

docker pull valtteri/autopoke


docker run --rm --volume /path/to/loot:/loot valtteri/autopoke <> [mode]

* the output files will be in the /path/to/loot directory


-nb    # No bruteforcing, much faster


As automated tools usually, AutoPoke has limitations.
Limitations include:

  • might not find all subdomains -> might not scan whole range if the subdomain is highest/lowest
  • might scan hosts that don't belong to target (if non-continuous ip-range in /24)
  • might not identify every different web app as only /'s are compared


Maybe add <- to make nmap detect vulnerabilities

Docker Pull Command
Source Repository