Rafael COELHO
← Work

JULY 2024

Pentesting Automation

Web vulnerability scanner pipeline covering 20+ classes of vulnerability — chains opinionated combinations of Metasploit, Burp Suite, NMAP, Nikto, ProjectDiscovery, Shodan, and Censys on Kali Linux to compress hours of manual setup into a single automated pass.

Outcome
20+ vulnerability classes scanned automatically · Go + Bash + Python orchestration on Kali Linux · normalized findings surface highest-signal issues first, freeing human attention for cases that need it.
Go Bash Python Kali Linux Metasploit Burp Suite NMAP Nikto ProjectDiscovery Shodan Censys QEMU
Source ↗ Presentation ↗

Executive summary

Pentesting Automation is an opinionated orchestration of well-known open-source security tools — Metasploit, Burp Suite, NMAP, Nikto, ProjectDiscovery, Shodan, Censys — chained on Kali Linux to scan more than 20 classes of web vulnerability in a single automated pass.

The pipeline is built in Go, Bash, and Python. It normalizes output from every scanner into a unified format, deduplicates findings across overlapping tools, and surfaces the highest-signal issues first — so the security engineer’s manual analysis time goes only to the cases that actually need it.

See it deployed

The pipeline requires a Kali Linux VM with the full security tooling chain installed plus credentialed access to target environments — not something you’d casually spin up on a laptop. This 6-slide deck is the verifiable record of the automation operating on real targets: scan orchestration, finding normalization, and the prioritized output that reaches the human analyst.

Loading viewer…
Open PDF in new tab ↗

Why this is a non-trivial orchestration

Each underlying scanner is good at one class of finding — and lousy at others. Running them sequentially by hand means:

  1. Re-configuring credentials and target scope for each tool
  2. Mentally normalizing different output formats (XML, JSON, plaintext, custom)
  3. Spotting that two tools flagged the same issue differently → wasted triage time
  4. Remembering which scanner you haven’t run yet

The automation absorbs that operational tax. A single command runs the full chain, the orchestrator handles target propagation, output normalization happens once, and deduplication is automatic. The human’s time goes to verifying findings, not running scanners.

Stack

  • Kali Linux — base image with the full security tooling chain pre-installed
  • Go — performance-critical orchestrator components
  • Bash — tool-chain glue and CI-style flow control
  • Python — finding parsing, normalization, and deduplication
  • Metasploit — exploit module library + post-exploitation framework
  • Burp Suite — web application security scanning
  • NMAP — network reconnaissance and port scanning
  • Nikto — web server vulnerability scanning
  • ProjectDiscovery — modern toolkit (subfinder, httpx, nuclei, etc.) for surface discovery
  • Shodan + Censys — internet-wide host and service intelligence
  • QEMU — emulation for isolated scanning targets

What this project proves

  • Domain-crossing range — security/DevSecOps work alongside the ML/MLOps suite, demonstrating the same engineering discipline applied to a different problem domain
  • Multi-tool orchestration is a real engineering problem — not “just glue code”; getting normalization and dedup right is what makes the pipeline useful
  • Go + Bash + Python polyglot ownership — picking the right language for each layer (orchestrator / glue / data processing)

Source on GitHub →