Skip to main content

Prerequisites

Before starting, ensure you have:
  • Completed the installation process
  • All dependencies installed (Nmap, SQLMap, WPScan, Gobuster)
  • A test target system (DVWA recommended for learning)
  • Proper authorization to test the target system
Authorization Required - Only test systems you own or have explicit written permission to test. Unauthorized testing is illegal.

Running Your First Audit

Step 1: Launch the Framework

Navigate to the framework directory and run the main script: 
cd Ethical_Audit_Framework
sudo python3 main.py
Root privileges are required for Nmap OS detection and some port scanning features.

Step 2: Select an Attack Mode

The interactive menu presents six attack options:
1

Full Audit (DVWA + WordPress)

Option 1: Complete security assessment against the default target (192.168.56.102)Tools: Nmap + Gobuster + SQLMap + WPScan + Hash Cracker
2

Auto-Discover Network + Audit

Option 2: Scan a subnet to discover live hosts, then audit each oneDefault network: 192.168.56.0/24
3

Reconnaissance Only

Option 3: Network scanning and directory enumeration without exploitationTools: Nmap + Gobuster
4

SQL Injection Only

Option 4: Targeted SQLMap attack against DVWA with hash crackingTools: SQLMap + Hash Cracker
5

WordPress Brute-Force Only

Option 5: WordPress vulnerability scan and credential brute-forceTools: WPScan with rockyou.txt
6

Custom Target Full Audit

Option 6: Run complete audit against a manually specified IP addressYou’ll be prompted to enter the target IP

Example: Running a Full Audit

Let’s walk through a complete audit against the default DVWA target:

1. Select Option 1

┌─────────────────────────────────────────┐
│  Selecciona opción: 1                   │
└─────────────────────────────────────────┘

2. Audit Phases

The framework executes six phases automatically: 
🔍 FASE 1: RECONOCIMIENTO (Nmap)
📡 Nmap Top 1000 + Servicios + OS Detection...
🖥️  OS Detectado: Linux 3.2 - 4.9 (96%)
✅ 5 servicios detectados

PORT       STATE      SERVICE         VERSION
22/tcp     open       ssh             OpenSSH 7.4
80/tcp     open       http            Apache httpd 2.4.41
3306/tcp   open       mysql           MySQL 5.7.33

📂 FASE 2: DIRECTORIOS (Gobuster)
🔎 Gobuster: http://192.168.56.102:80/

[+] /dvwa (Status: 200)
[+] /wordpress (Status: 301)
[+] /config (Status: 403)
✅ 15 directorios encontrados

💉 FASE 3: SQL INJECTION (DVWA)
🔑 Login DVWA OK (PHPSESSID=abc12345...)
🎯 SQLMap DVWA: http://192.168.56.102:80/dvwa/vulnerabilities/sqli/?id=1

💥 SQLi CRÍTICO + DUMP EXITOSO!

🔑 5 CREDENCIALES EXTRAÍDAS:
   👤 admin : 5f4dcc3b5aa765d61d8327deb882cf99
   👤 gordonb : e99a18c428cb38d5f260853678922e03
   👤 pablo : 0d107d09f5bbe40cade3de5c71e9e9b7

🔓 FASE 4: WORDPRESS (WPScan)
🔍 WPScan enumerar: http://192.168.56.102:80/wordpress/
👥 Usuarios encontrados: admin, editor

🔐 Brute-force con rockyou.txt...
🔑 CREDENCIAL: admin : password123

🔓 FASE 5: CRACKEO HASHES (MD5)
✅ CRACKED: admin → 5f4dcc3b5aa765... = 'password'
✅ CRACKED: pablo → 0d107d09f5bbe40... = 'letmein'
❌ No crackeado: gordonb → e99a18c428cb38d...
✅ 2 hash(es) crackeados

🎯 ANÁLISIS DE RIESGO
🎯 RIESGO: 🔴 CRÍTICO (Score: 78/100)

Factores:
- 2 vulnerabilidades críticas (60 pts)
- 3 puertos peligrosos expuestos (24 pts)
- 2 servicios HTTP (20 pts)

3. Credentials Summary

After all phases complete, the framework displays extracted credentials: 
🔑 CREDENCIALES EXTRAÍDAS: 7

FUENTE                  USUARIO          CONTRASEÑA
─────────────────────────────────────────────────────────
SQLMap (DVWA)          admin            password ✅
SQLMap (DVWA)          pablo            letmein ✅
SQLMap (DVWA)          gordonb          e99a18c428... 🔒
WPScan Brute-Force     admin            password123 ✅

4. PDF Report Generation

📄 GENERANDO REPORTE PDF
📁 Guardado: outputs/REPORT_192_168_56_102_20260310_143052.pdf

5. Audit Complete

✅ AUDITORÍA TERMINADA!

📊 Puertos abiertos:     5
📂 Directorios:          15
🐛 Vulnerabilidades:     4
🔑 Credenciales:         7
🎯 Riesgo:               🔴 CRÍTICO
📁 Resultados:           outputs/
📄 Reporte PDF:          outputs/REPORT_192_168_56_102_*.pdf

Understanding the Output

Output Directory Structure

All results are saved to the outputs/ directory: 
outputs/
├── REPORT_192_168_56_102_20260310_143052.pdf  # Final audit report
├── nmap/
│   └── 192.168.56.102_scan.txt                 # Nmap scan results
├── sqlmap/
│   └── sql_192.168.56.102_80/
│       ├── dvwa/dump/dvwa/users.csv            # Dumped credentials
│       └── sqlmap_full_output.txt              # Complete SQLMap output
├── wpscan/
│   ├── wpscan_192.168.56.102_80.txt            # WPScan enumeration
│   └── brute_192.168.56.102_80.txt             # Brute-force results
└── gobuster/
    └── dirs_192.168.56.102_80.txt              # Directory enumeration

Risk Levels

The framework calculates risk based on:
Risk LevelScore RangeIndicators
🟢 LOW0-9Few open ports, no critical vulns
🟡 MEDIUM10-29Some dangerous ports, minor vulns
🟠 HIGH30-59Multiple dangerous ports, HTTP exposed
🔴 CRITICAL60+Critical vulns, SQL injection, weak credentials

Common Configuration

Changing the Default Target

Edit config.py to set your default target:
config.py
DEFAULT_TARGET = '192.168.1.100'  # Your target IP
DEFAULT_NETWORK = '192.168.1.0/24'  # Your network range

DVWA Credentials

If your DVWA uses different credentials:
config.py
DVWA_DEFAULT_USER = 'myuser'
DVWA_DEFAULT_PASS = 'mypassword'
See the Configuration Guide for all options.

Troubleshooting

Issue: No services detected or connection timeoutSolutions:
  1. Verify target IP is correct and reachable: ping 192.168.56.102
  2. Check firewall rules on target system
  3. Ensure target is powered on (for VMs)
  4. Verify network configuration matches your environment
Issue: SQLMap doesn’t detect vulnerabilityPossible reasons:
  1. DVWA security level is too high (should be “low”)
  2. Cookie authentication failed - check DVWA_DEFAULT_USER/PASS
  3. Target URL is incorrect - verify /dvwa/vulnerabilities/sqli/ exists
  4. WAF or IPS is blocking SQLMap signatures
Issue: WPScan can’t locate WordPress installationSolutions:
  1. Verify WordPress is installed at /wordpress/ or /wp-login.php
  2. Update WORDPRESS_PATHS in config.py if using custom path
  3. Check that port 80/443 is open and responding
  4. Ensure WordPress is fully configured (not showing setup page)
Issue: Tools fail with permission errorsSolution: Run with sudo for Nmap OS detection and low-port scanning:
sudo python3 main.py

Next Steps

Core Concepts

Understand the framework architecture and workflow

Attack Modules

Learn about individual attack modules in detail

Configuration

Customize settings for your environment

PDF Reports

Understand the generated security reports

Build docs developers (and LLMs) love

Get started for freeTalk to us