AcuAutomate is an unofficial Acunetix CLI tool that simplifies automated pentesting and bug hunting across extensive targets. It’s a valuable aid during large-scale pentests, enabling the easy launch or stoppage of multiple Acunetix scans simultaneously. Additionally, its versatile functionality seamlessly integrates into enumeration wrappers or one-liners, offering efficient control through its pipeline capabilities.


git clone
cd AcuAutomate
chmod +x
pip3 install -r requirements.txt

Configuration (config.json)

Before using AcuAutomate, you need to set up the configuration file config.json inside the AcuAutomate folder:

    "url": "https://localhost",
    "port": 3443,
    "api_key": "API_KEY"
  • The URL and PORT parameter is set to default acunetix settings, However this can be changed depending on acunetix configurations.
  • Replace the API_KEY with your acunetix api key. The key can be obtained from user profiles at https://localhost:3443/#/profile


The help parameter (-h) can be used for accessing more detailed help for specific actions

    		                               __  _                 ___
    		  ____ ________  ______  ___  / /_(_)  __      _____/ (_)
    		 / __ `/ ___/ / / / __ \/ _ \/ __/ / |/_/_____/ ___/ / /
    		/ /_/ / /__/ /_/ / / / /  __/ /_/ />  </_____/ /__/ / /
    		\__,_/\___/\__,_/_/ /_/\___/\__/_/_/|_|      \___/_/_/
    		                   -: By Danial Halo :-

usage: [-h] {scan,stop} ...

Launch or stop a scan using Acunetix API

positional arguments:
  {scan,stop}  Action to perform
    scan       Launch a scan use scan -h
    stop       Stop a scan

  -h, --help   show this help message and exit

Scan Actions

For launching the scan you need to use the scan actions:

xubuntu:~/AcuAutomate$ ./ scan -h
usage: scan [-h] [-p] [-d DOMAIN] [-f FILE]
                           [-t {full,high,weak,crawl,xss,sql}]

  -h, --help            show this help message and exit
  -p, --pipe            Read from pipe
  -d DOMAIN, --domain DOMAIN
                        Domain to scan
  -f FILE, --file FILE  File containing list of URLs to scan
  -t {full,high,weak,crawl,xss,sql}, --type {full,high,weak,crawl,xss,sql}
                        High Risk Vulnerabilities Scan, Weak Password Scan, Crawl Only,
                        XSS Scan, SQL Injection Scan, Full Scan (by default)

Scanning Single Target

The domain can be provided with -d flag for single site scan:

./ scan -d

Scanning Multiple Targets

For scanning multiple domains the domains need to be added into the file and then specify the file name with -f flag:

./ scan -f domains.txt


The AcuAutomate can also worked with the pipeline input with -p flag:

cat domain.txt | ./ scan -p

This is Great ???? as it can enable the AcuAutomate to work with other tools. For example we can use the subfinder , httpx and then pipe the output to AcuAutomate for mass scanning with acunetix:

subfinder -silent -d | httpx -silent | ./ scan -p

scan type

The -t flag can be used to define the scan type. For example the following scan will only detect the SQL vulnerabilities:

./ scan -d -t sql


AcuAutomate only accept the domains with http:// or https://

Stop Action

The stop action can be used for stoping the scan either with -d flag for stoping scan by specifing the domain or with -a flage for stopping all running scans.

xubuntu:~/AcuAutomate$ ./ stop -h

    		                               __  _                 ___
    		  ____ ________  ______  ___  / /_(_)  __      _____/ (_)
    		 / __ `/ ___/ / / / __ \/ _ \/ __/ / |/_/_____/ ___/ / /
    		/ /_/ / /__/ /_/ / / / /  __/ /_/ />  </_____/ /__/ / /
    		\__,_/\___/\__,_/_/ /_/\___/\__/_/_/|_|      \___/_/_/
    		                   -: By Danial Halo :-

usage: stop [-h] [-d DOMAIN] [-a]

  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Domain of the scan to stop
  -a, --all             Stop all Running Scans

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *