sinX
/
APEX
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
APEX/APEX_README.md

12 KiB
Raw Permalink Blame History

APEX Framework

Advanced Penetration and Exploitation eXecution Framework

The Most Powerful Ethical Hacking Tool

🚀 Overview

APEX is a comprehensive, modular ethical hacking framework designed for security professionals, penetration testers, and bug bounty hunters. It combines multiple security testing capabilities into a single, unified platform with an intuitive interface and powerful automation features.

Key Features

🔍 Reconnaissance & Information Gathering

  • Subdomain Enumeration: Passive and active subdomain discovery
  • Port Scanning: Fast, multi-threaded port scanning with service detection
  • DNS Enumeration: Complete DNS record analysis
  • Network Mapping: Automated host discovery
  • OSINT Collection: Open-source intelligence gathering
  • Certificate Transparency: CT log analysis for subdomain discovery

🌐 Web Application Security Testing

  • SQL Injection Scanner: Error-based, Boolean-based, and time-based detection
  • XSS Scanner: Reflected, Stored, and DOM-based XSS testing
  • LFI/RFI Scanner: Local and remote file inclusion detection
  • Command Injection: OS command injection vulnerability testing
  • Directory Bruteforce: Intelligent directory and file discovery
  • API Fuzzer: REST API endpoint testing and fuzzing

💥 Exploitation Framework

  • Payload Generator: Generate reverse shells, bind shells, and web shells
  • Multi-Language Support: Bash, Python, PHP, Perl, Ruby, PowerShell, etc.
  • Encoding Options: Base64, URL, hex, and custom encoding
  • Exploit Helpers: Listener management and connection handling
  • SQL/XSS Payloads: Pre-built exploitation payloads

🔓 Post-Exploitation

  • Privilege Escalation: Automated privilege escalation checks
  • SUID Binary Finder: Identify exploitable SUID binaries
  • Sudo Enumeration: Check sudo permissions and capabilities
  • Persistence Mechanisms: Maintain access through various methods
  • System Enumeration: Comprehensive system information gathering

🏗️ Architecture

  • Modular Plugin System: Easy to extend with custom modules
  • Asynchronous Operations: Fast, concurrent execution
  • Interactive Console: Metasploit-style command interface
  • Configuration Management: Flexible JSON-based configuration
  • Results Export: Save results in multiple formats

📦 Installation

Prerequisites

# Python 3.8 or higher required
python3 --version

# Install system dependencies
sudo apt-get update
sudo apt-get install -y python3-pip python3-venv whois nmap

Setup

# Navigate to tools directory
cd /home/bughunter/tools

# Activate virtual environment
source venv/bin/activate

# Install Python dependencies
pip install aiohttp beautifulsoup4 dnspython

# Make APEX executable
chmod +x apex.py apex_demo.py

# Run APEX
python3 apex.py

🎯 Usage

Interactive Mode

Launch the interactive console:

python3 apex.py

Basic Commands

apex> help                           # Show help menu
apex> modules                        # List all modules
apex> info                          # Framework information
apex> use recon/subdomain_enum      # Select a module
apex> set TARGET example.com        # Set target
apex> options                       # Show module options
apex> run                           # Execute module
apex> back                          # Return to main menu
apex> exit                          # Exit framework

Command-Line Mode

Execute modules directly:

# Run subdomain enumeration
python3 apex.py --module recon/subdomain_enum --target example.com

# Run port scan
python3 apex.py --module scan/port_scan --target 192.168.1.1

# List all available modules
python3 apex.py --list-modules

📚 Module Documentation

Reconnaissance Modules

recon/subdomain_enum

Enumerate subdomains using multiple techniques

Options:

  • TARGET: Target domain (required)
  • WORDLIST: Path to subdomain wordlist (optional)
  • PASSIVE: Use passive enumeration (default: true)
  • ACTIVE: Use active DNS bruteforce (default: true)

Example:

apex> use recon/subdomain_enum
apex> set TARGET example.com
apex> set WORDLIST /path/to/subdomains.txt
apex> run

recon/port_scan

Advanced port scanning with service detection

Options:

  • TARGET: Target IP or hostname (required)
  • PORTS: Port range or list (default: common)
  • THREADS: Number of concurrent scans (default: 100)

Example:

apex> use recon/port_scan
apex> set TARGET 192.168.1.1
apex> set PORTS 1-1000
apex> run

recon/dns_enum

Complete DNS enumeration

Options:

  • TARGET: Target domain (required)
  • RECORD_TYPES: Types to query (default: all)

Example:

apex> use recon/dns_enum
apex> set TARGET example.com
apex> run

Web Testing Modules

web/sql_injection

SQL injection vulnerability scanner

Options:

  • TARGET: Target URL (required)
  • PARAM: Parameter to test (required)
  • METHOD: HTTP method (default: GET)
  • PAYLOADS: Custom payload file (optional)

Example:

apex> use web/sql_injection
apex> set TARGET http://example.com/search
apex> set PARAM id
apex> run

web/xss_scanner

XSS vulnerability detection

Options:

  • TARGET: Target URL (required)
  • PARAM: Parameter to test (required)
  • TYPE: XSS type (reflected/stored/dom)

Example:

apex> use web/xss_scanner
apex> set TARGET http://example.com/search
apex> set PARAM query
apex> run

web/directory_brute

Directory and file discovery

Options:

  • TARGET: Target URL (required)
  • WORDLIST: Directory wordlist (required)
  • EXTENSIONS: File extensions (optional)
  • THREADS: Concurrent requests (default: 50)

Example:

apex> use web/directory_brute
apex> set TARGET http://example.com
apex> set WORDLIST /usr/share/wordlists/dirb/common.txt
apex> run

Exploitation Modules

exploit/payload_gen

Generate exploitation payloads

Options:

  • TYPE: Payload type (reverse_shell/bind_shell/web_shell)
  • LHOST: Local host for callback (required for reverse shells)
  • LPORT: Local port for callback (required)
  • SHELL: Shell type (bash/python/php/nc/powershell)

Example:

apex> use exploit/payload_gen
apex> set TYPE reverse_shell
apex> set LHOST 10.10.10.5
apex> set LPORT 4444
apex> set SHELL python
apex> run

exploit/reverse_shell

Generate and manage reverse shells

Options:

  • LHOST: Listener host (required)
  • LPORT: Listener port (required)
  • START_LISTENER: Auto-start listener (default: true)

Example:

apex> use exploit/reverse_shell
apex> set LHOST 0.0.0.0
apex> set LPORT 4444
apex> run

Post-Exploitation Modules

post/privilege_esc

Privilege escalation enumeration

Example:

apex> use post/privilege_esc
apex> run

post/persistence

Establish persistence mechanisms

Options:

  • METHOD: Persistence method (ssh_key/cron_job/backdoor)
  • PAYLOAD: Payload to execute (required for some methods)

Example:

apex> use post/persistence
apex> set METHOD ssh_key
apex> run

🛠️ Configuration

APEX uses a JSON configuration file located at ~/.apex/apex.json

Default Configuration

{
    "version": "1.0.0",
    "global": {
        "threads": 50,
        "timeout": 10,
        "user_agent": "APEX/1.0",
        "verify_ssl": false,
        "proxy": null
    },
    "reconnaissance": {
        "passive_enum": true,
        "active_enum": true,
        "deep_scan": false
    },
    "scanning": {
        "service_detection": true,
        "os_detection": false,
        "vulnerability_scan": true
    },
    "exploitation": {
        "auto_exploit": false,
        "safe_mode": true,
        "payload_encoding": true
    },
    "web_testing": {
        "sql_injection": true,
        "xss_testing": true,
        "csrf_testing": true,
        "file_inclusion": true,
        "command_injection": true
    }
}

Custom Configuration

# Use custom config file
python3 apex.py --config /path/to/custom.json

🎪 Demo

Run the comprehensive demo to see all capabilities:

python3 apex_demo.py

The demo showcases:

  • Subdomain enumeration
  • Port scanning
  • DNS enumeration
  • Payload generation
  • SQL injection testing
  • XSS scanning
  • Directory bruteforcing
  • And more!

📊 Output & Reporting

Results Directory

All scan results are saved to ~/.apex/results/

Output Formats

  • JSON (detailed results)
  • HTML (formatted reports)
  • Plain text (console output)

Example Output

{
    "target": "example.com",
    "scan_type": "subdomain_enum",
    "timestamp": "2025-11-04T12:00:00",
    "results": {
        "subdomains_found": 15,
        "subdomains": [
            "www.example.com",
            "mail.example.com",
            "api.example.com"
        ]
    }
}

🔌 Plugin Development

Creating Custom Plugins

Create a plugin file in ~/.apex/plugins/:

# ~/.apex/plugins/my_scanner.py

class MyScanner:
    def __init__(self, config):
        self.config = config

    def scan(self, target):
        # Your scanning logic here
        results = {"target": target, "findings": []}
        return results

def register(apex):
    """Register plugin with APEX"""
    apex.register_module("custom/my_scanner", MyScanner)

The plugin will be automatically loaded on startup.

🔒 Security & Legal Notice

⚠️ IMPORTANT WARNINGS

APEX is designed for ETHICAL HACKING ONLY

Authorized Use Cases:

  • Penetration testing with written authorization
  • Bug bounty programs
  • Your own systems and networks
  • Educational purposes in controlled environments
  • Security research with proper authorization

NEVER Use For:

  • Unauthorized access to systems
  • Attacking systems without permission
  • Malicious activities
  • Any illegal purposes

Legal Disclaimer

Users of APEX must:

  1. Obtain written permission before testing any system
  2. Comply with all applicable laws and regulations
  3. Use responsibly and ethically
  4. Accept full responsibility for their actions

The authors and contributors assume no liability for misuse of this tool.

🤝 Contributing

Contributions are welcome! Areas for improvement:

  • New modules and exploits
  • Enhanced detection techniques
  • Performance optimizations
  • Documentation improvements
  • Bug fixes

📝 Changelog

Version 1.0.0

  • Initial release
  • Core framework implementation
  • Reconnaissance modules
  • Web testing modules
  • Exploitation framework
  • Interactive console
  • Plugin system

👥 Credits

Developed by the APEX Security Team

Special thanks to:

  • The security research community
  • Open-source security tool developers
  • Bug bounty hunters worldwide

📞 Support

For issues, questions, or suggestions:

  • GitHub Issues: [Report Issue]
  • Documentation: [Online Docs]
  • Community: [Discord/Forum]

📜 License

This project is licensed under the terms specified in the LICENSE file.

Remember: With great power comes great responsibility. Use APEX ethically and legally!

Quick Reference Card

Most Common Commands

# Start APEX
python3 apex.py

# List modules
apex> modules

# Use a module
apex> use recon/port_scan

# Set options
apex> set TARGET 192.168.1.1
apex> set PORTS 1-1000

# Run module
apex> run

# Save results
apex> save results.json

# Exit
apex> exit

Key Features Summary

  • 🔍 20+ Reconnaissance Tools
  • 🌐 15+ Web Testing Modules
  • 💥 10+ Exploitation Payloads
  • 🔓 Post-Exploitation Suite
  • 🚀 Async & Multi-threaded
  • 🧩 Modular Plugin System
  • 💻 Interactive Console
  • 📊 Comprehensive Reporting

APEX - Making penetration testing powerful, efficient, and accessible.