Skip to main content

Prerequisites

Before installing the Ethical Audit Framework, ensure you have the following:
  • Python 3.8 or higher
  • Linux operating system (tested on Ubuntu/Debian and Kali Linux)
  • Root or sudo privileges (required for security tools)
  • Internet connection for downloading dependencies

System Dependencies

The framework relies on several security tools that must be installed separately:
1

Install Nmap

Network scanner for reconnaissance and port scanning:
sudo apt update
sudo apt install nmap -y
Verify installation:
nmap --version
2

Install SQLMap

Automated SQL injection tool:
sudo apt install sqlmap -y
Verify installation:
sqlmap --version
3

Install WPScan

WordPress vulnerability scanner:
sudo apt install wpscan -y
Verify installation:
wpscan --version
WPScan requires an API token for vulnerability database access. Register at wpscan.com to get your free API token.
4

Install Gobuster

Directory and file enumeration tool:
sudo apt install gobuster -y
Verify installation:
gobuster version
5

Install Wordlists

Required for brute-force attacks:
sudo apt install wordlists -y
The framework uses:
  • /usr/share/wordlists/rockyou.txt - Password brute-forcing
  • /usr/share/wordlists/dirb/common.txt - Directory enumeration
On some systems, you may need to extract rockyou.txt:
sudo gunzip /usr/share/wordlists/rockyou.txt.gz

Python Dependencies

1

Clone the Repository

git clone <repository-url>
cd ethical-audit-framework
2

Create Virtual Environment (Recommended)

python3 -m venv venv
source venv/bin/activate
3

Install Python Packages

The framework requires the following Python packages:
pip install -r requirements.txt
This installs:
  • rich>=13.0.0 - Terminal UI and formatting
  • python-nmap>=0.7.1 - Nmap Python interface
  • reportlab>=4.0.4 - PDF report generation
  • requests>=2.31.0 - HTTP requests
  • beautifulsoup4>=4.12.2 - HTML parsing
  • colorama>=0.4.6 - Cross-platform colored output

Verify Installation

Run the framework to verify all components are properly installed: 
python3 main.py
You should see the Ethical Audit Framework banner and main menu: 
╭─────────────────────────────────────────────────────────────╮
│ 🛡️  ETHICAL AUDIT FRAMEWORK v2.0                           │
│ 🔍 Reconnaissance │ 💉 SQLi │ 🔓 WordPress │ 📂 Gobuster │ 🔑 Hash Crack │
│ Target: 192.168.56.102 │ Network: 192.168.56.0/24          │
╰─────────────────────────────────────────────────────────────╯

Directory Structure

After installation, your directory should look like: 
ethical-audit-framework/
├── main.py              # Main entry point
├── audit_engine.py      # Core audit orchestration
├── config.py            # Configuration settings
├── requirements.txt     # Python dependencies
├── models/              # Data models
├── services/            # Security tool integrations
│   ├── nmap_scanner.py
│   ├── sqlmap_inject.py
│   ├── wpforce_brute.py
│   ├── gobuster_enum.py
│   ├── hash_cracker.py
│   └── risk_analyzer.py
├── reporter/            # Report generation
│   └── pdf_generator.py
└── outputs/            # Audit results (auto-created)

Troubleshooting

Most security tools require root privileges. Run the framework with sudo:
sudo python3 main.py
Or configure sudo to allow specific commands without password prompts (advanced).
If you see errors about missing wordlists:
# Install wordlists package
sudo apt install wordlists seclists -y

# Extract rockyou.txt if compressed
sudo gunzip /usr/share/wordlists/rockyou.txt.gz

# Verify files exist
ls -lh /usr/share/wordlists/rockyou.txt
ls -lh /usr/share/wordlists/dirb/common.txt
Ensure you’re using the correct Python version and virtual environment:
# Check Python version
python3 --version

# Activate virtual environment
source venv/bin/activate

# Reinstall dependencies
pip install -r requirements.txt --upgrade
If python-nmap cannot find the nmap binary:
# Install nmap
sudo apt install nmap -y

# Verify it's in PATH
which nmap

# Test manually
nmap -V
WPScan may show warnings without an API token. To configure:
  1. Register at wpscan.com
  2. Get your API token
  3. Configure WPScan:
wpscan --api-token YOUR_TOKEN_HERE --url http://example.com
The framework will still work without a token, but vulnerability data may be limited.
The framework creates an outputs/ directory automatically. If you encounter permission errors:
# Ensure write permissions
chmod 755 .
mkdir -p outputs
chmod 755 outputs
Legal Notice: This framework is designed for authorized security testing only. Ensure you have explicit permission before auditing any system. Unauthorized use may violate local, state, and federal laws.

Next Steps

Now that installation is complete:
  1. Review the Quick Start Guide to run your first audit
  2. Configure default targets in config.py
  3. Set up your test environment (DVWA, WordPress)

Build docs developers (and LLMs) love

Get started for freeTalk to us