APEX/APEX_README.md

# APEX Framework

## Advanced Penetration and Exploitation eXecution Framework

**The Most Powerful Ethical Hacking Tool**

---

## 🚀 Overview

APEX is a comprehensive, modular ethical hacking framework designed for security professionals, penetration testers, and bug bounty hunters. It combines multiple security testing capabilities into a single, unified platform with an intuitive interface and powerful automation features.

## ✨ Key Features

### 🔍 Reconnaissance & Information Gathering
- **Subdomain Enumeration**: Passive and active subdomain discovery
- **Port Scanning**: Fast, multi-threaded port scanning with service detection
- **DNS Enumeration**: Complete DNS record analysis
- **Network Mapping**: Automated host discovery
- **OSINT Collection**: Open-source intelligence gathering
- **Certificate Transparency**: CT log analysis for subdomain discovery

### 🌐 Web Application Security Testing
- **SQL Injection Scanner**: Error-based, Boolean-based, and time-based detection
- **XSS Scanner**: Reflected, Stored, and DOM-based XSS testing
- **LFI/RFI Scanner**: Local and remote file inclusion detection
- **Command Injection**: OS command injection vulnerability testing
- **Directory Bruteforce**: Intelligent directory and file discovery
- **API Fuzzer**: REST API endpoint testing and fuzzing

### 💥 Exploitation Framework
- **Payload Generator**: Generate reverse shells, bind shells, and web shells
- **Multi-Language Support**: Bash, Python, PHP, Perl, Ruby, PowerShell, etc.
- **Encoding Options**: Base64, URL, hex, and custom encoding
- **Exploit Helpers**: Listener management and connection handling
- **SQL/XSS Payloads**: Pre-built exploitation payloads

### 🔓 Post-Exploitation
- **Privilege Escalation**: Automated privilege escalation checks
- **SUID Binary Finder**: Identify exploitable SUID binaries
- **Sudo Enumeration**: Check sudo permissions and capabilities
- **Persistence Mechanisms**: Maintain access through various methods
- **System Enumeration**: Comprehensive system information gathering

### 🏗️ Architecture
- **Modular Plugin System**: Easy to extend with custom modules
- **Asynchronous Operations**: Fast, concurrent execution
- **Interactive Console**: Metasploit-style command interface
- **Configuration Management**: Flexible JSON-based configuration
- **Results Export**: Save results in multiple formats

---

## 📦 Installation

### Prerequisites
```bash
# Python 3.8 or higher required
python3 --version

# Install system dependencies
sudo apt-get update
sudo apt-get install -y python3-pip python3-venv whois nmap
```

### Setup
```bash
# Navigate to tools directory
cd /home/bughunter/tools

# Activate virtual environment
source venv/bin/activate

# Install Python dependencies
pip install aiohttp beautifulsoup4 dnspython

# Make APEX executable
chmod +x apex.py apex_demo.py

# Run APEX
python3 apex.py
```

---

## 🎯 Usage

### Interactive Mode

Launch the interactive console:
```bash
python3 apex.py
```

#### Basic Commands
```
apex> help                           # Show help menu
apex> modules                        # List all modules
apex> info                          # Framework information
apex> use recon/subdomain_enum      # Select a module
apex> set TARGET example.com        # Set target
apex> options                       # Show module options
apex> run                           # Execute module
apex> back                          # Return to main menu
apex> exit                          # Exit framework
```

### Command-Line Mode

Execute modules directly:
```bash
# Run subdomain enumeration
python3 apex.py --module recon/subdomain_enum --target example.com

# Run port scan
python3 apex.py --module scan/port_scan --target 192.168.1.1

# List all available modules
python3 apex.py --list-modules
```

---

## 📚 Module Documentation

### Reconnaissance Modules

#### `recon/subdomain_enum`
Enumerate subdomains using multiple techniques

**Options:**
- `TARGET`: Target domain (required)
- `WORDLIST`: Path to subdomain wordlist (optional)
- `PASSIVE`: Use passive enumeration (default: true)
- `ACTIVE`: Use active DNS bruteforce (default: true)

**Example:**
```
apex> use recon/subdomain_enum
apex> set TARGET example.com
apex> set WORDLIST /path/to/subdomains.txt
apex> run
```

#### `recon/port_scan`
Advanced port scanning with service detection

**Options:**
- `TARGET`: Target IP or hostname (required)
- `PORTS`: Port range or list (default: common)
- `THREADS`: Number of concurrent scans (default: 100)

**Example:**
```
apex> use recon/port_scan
apex> set TARGET 192.168.1.1
apex> set PORTS 1-1000
apex> run
```

#### `recon/dns_enum`
Complete DNS enumeration

**Options:**
- `TARGET`: Target domain (required)
- `RECORD_TYPES`: Types to query (default: all)

**Example:**
```
apex> use recon/dns_enum
apex> set TARGET example.com
apex> run
```

### Web Testing Modules

#### `web/sql_injection`
SQL injection vulnerability scanner

**Options:**
- `TARGET`: Target URL (required)
- `PARAM`: Parameter to test (required)
- `METHOD`: HTTP method (default: GET)
- `PAYLOADS`: Custom payload file (optional)

**Example:**
```
apex> use web/sql_injection
apex> set TARGET http://example.com/search
apex> set PARAM id
apex> run
```

#### `web/xss_scanner`
XSS vulnerability detection

**Options:**
- `TARGET`: Target URL (required)
- `PARAM`: Parameter to test (required)
- `TYPE`: XSS type (reflected/stored/dom)

**Example:**
```
apex> use web/xss_scanner
apex> set TARGET http://example.com/search
apex> set PARAM query
apex> run
```

#### `web/directory_brute`
Directory and file discovery

**Options:**
- `TARGET`: Target URL (required)
- `WORDLIST`: Directory wordlist (required)
- `EXTENSIONS`: File extensions (optional)
- `THREADS`: Concurrent requests (default: 50)

**Example:**
```
apex> use web/directory_brute
apex> set TARGET http://example.com
apex> set WORDLIST /usr/share/wordlists/dirb/common.txt
apex> run
```

### Exploitation Modules

#### `exploit/payload_gen`
Generate exploitation payloads

**Options:**
- `TYPE`: Payload type (reverse_shell/bind_shell/web_shell)
- `LHOST`: Local host for callback (required for reverse shells)
- `LPORT`: Local port for callback (required)
- `SHELL`: Shell type (bash/python/php/nc/powershell)

**Example:**
```
apex> use exploit/payload_gen
apex> set TYPE reverse_shell
apex> set LHOST 10.10.10.5
apex> set LPORT 4444
apex> set SHELL python
apex> run
```

#### `exploit/reverse_shell`
Generate and manage reverse shells

**Options:**
- `LHOST`: Listener host (required)
- `LPORT`: Listener port (required)
- `START_LISTENER`: Auto-start listener (default: true)

**Example:**
```
apex> use exploit/reverse_shell
apex> set LHOST 0.0.0.0
apex> set LPORT 4444
apex> run
```

### Post-Exploitation Modules

#### `post/privilege_esc`
Privilege escalation enumeration

**Example:**
```
apex> use post/privilege_esc
apex> run
```

#### `post/persistence`
Establish persistence mechanisms

**Options:**
- `METHOD`: Persistence method (ssh_key/cron_job/backdoor)
- `PAYLOAD`: Payload to execute (required for some methods)

**Example:**
```
apex> use post/persistence
apex> set METHOD ssh_key
apex> run
```

---

## 🛠️ Configuration

APEX uses a JSON configuration file located at `~/.apex/apex.json`

### Default Configuration
```json
{
    "version": "1.0.0",
    "global": {
        "threads": 50,
        "timeout": 10,
        "user_agent": "APEX/1.0",
        "verify_ssl": false,
        "proxy": null
    },
    "reconnaissance": {
        "passive_enum": true,
        "active_enum": true,
        "deep_scan": false
    },
    "scanning": {
        "service_detection": true,
        "os_detection": false,
        "vulnerability_scan": true
    },
    "exploitation": {
        "auto_exploit": false,
        "safe_mode": true,
        "payload_encoding": true
    },
    "web_testing": {
        "sql_injection": true,
        "xss_testing": true,
        "csrf_testing": true,
        "file_inclusion": true,
        "command_injection": true
    }
}
```

### Custom Configuration
```bash
# Use custom config file
python3 apex.py --config /path/to/custom.json
```

---

## 🎪 Demo

Run the comprehensive demo to see all capabilities:
```bash
python3 apex_demo.py
```

The demo showcases:
- Subdomain enumeration
- Port scanning
- DNS enumeration
- Payload generation
- SQL injection testing
- XSS scanning
- Directory bruteforcing
- And more!

---

## 📊 Output & Reporting

### Results Directory
All scan results are saved to `~/.apex/results/`

### Output Formats
- JSON (detailed results)
- HTML (formatted reports)
- Plain text (console output)

### Example Output
```json
{
    "target": "example.com",
    "scan_type": "subdomain_enum",
    "timestamp": "2025-11-04T12:00:00",
    "results": {
        "subdomains_found": 15,
        "subdomains": [
            "www.example.com",
            "mail.example.com",
            "api.example.com"
        ]
    }
}
```

---

## 🔌 Plugin Development

### Creating Custom Plugins

Create a plugin file in `~/.apex/plugins/`:

```python
# ~/.apex/plugins/my_scanner.py

class MyScanner:
    def __init__(self, config):
        self.config = config

    def scan(self, target):
        # Your scanning logic here
        results = {"target": target, "findings": []}
        return results

def register(apex):
    """Register plugin with APEX"""
    apex.register_module("custom/my_scanner", MyScanner)
```

The plugin will be automatically loaded on startup.

---

## 🔒 Security & Legal Notice

### ⚠️ IMPORTANT WARNINGS

**APEX is designed for ETHICAL HACKING ONLY**

✅ **Authorized Use Cases:**
- Penetration testing with written authorization
- Bug bounty programs
- Your own systems and networks
- Educational purposes in controlled environments
- Security research with proper authorization

❌ **NEVER Use For:**
- Unauthorized access to systems
- Attacking systems without permission
- Malicious activities
- Any illegal purposes

### Legal Disclaimer

Users of APEX must:
1. Obtain written permission before testing any system
2. Comply with all applicable laws and regulations
3. Use responsibly and ethically
4. Accept full responsibility for their actions

The authors and contributors assume no liability for misuse of this tool.

---

## 🤝 Contributing

Contributions are welcome! Areas for improvement:
- New modules and exploits
- Enhanced detection techniques
- Performance optimizations
- Documentation improvements
- Bug fixes

---

## 📝 Changelog

### Version 1.0.0
- Initial release
- Core framework implementation
- Reconnaissance modules
- Web testing modules
- Exploitation framework
- Interactive console
- Plugin system

---

## 👥 Credits

Developed by the APEX Security Team

Special thanks to:
- The security research community
- Open-source security tool developers
- Bug bounty hunters worldwide

---

## 📞 Support

For issues, questions, or suggestions:
- GitHub Issues: [Report Issue]
- Documentation: [Online Docs]
- Community: [Discord/Forum]

---

## 📜 License

This project is licensed under the terms specified in the LICENSE file.

---

**Remember: With great power comes great responsibility. Use APEX ethically and legally!**

---

## Quick Reference Card

### Most Common Commands
```bash
# Start APEX
python3 apex.py

# List modules
apex> modules

# Use a module
apex> use recon/port_scan

# Set options
apex> set TARGET 192.168.1.1
apex> set PORTS 1-1000

# Run module
apex> run

# Save results
apex> save results.json

# Exit
apex> exit
```

### Key Features Summary
- 🔍 **20+ Reconnaissance Tools**
- 🌐 **15+ Web Testing Modules**
- 💥 **10+ Exploitation Payloads**
- 🔓 **Post-Exploitation Suite**
- 🚀 **Async & Multi-threaded**
- 🧩 **Modular Plugin System**
- 💻 **Interactive Console**
- 📊 **Comprehensive Reporting**

---

*APEX - Making penetration testing powerful, efficient, and accessible.*