Get the code

Pull the code from the official GitHub repository:

$ git clone https://github.com/its-a-feature/Apfell

Configure your installation

/Apfell/apfell-docker/app/__init__.py contains all of the pieces for you to configure:

# -------------------------------------------
# --------------------------------------------
# -------- CONFIGURE SETTINGS HERE -----------
db_pass = 'super_secret_apfell_user_password' # doesn't need to be changed, but if you do, make sure you run ./setup_apfell.sh again before starting apfell
server_ip = '192.168.205.151'  # this will be used by the browser for API requests.
listen_port = '80'
listen_ip = '0.0.0.0'  # IP to bind to for the server, 0.0.0.0 means all local IPv4 addresses
ssl_cert_path = './app/ssl/apfell-cert.pem'
ssl_key_path = './app/ssl/apfell-ssl.key'
whitelisted_ip_blocks = ['0.0.0.0/0']  # only allow connections from these IPs to the /login and /register pages, no bits in the host piece of the CIDR notation can be set
use_ssl = False
server_header = "nginx 1.3"
log_size = 0  # grows indefinitely, or specify a max size in Bytes
keep_logs = False  # set to false for speed improvement, but no web access logs will be kept
# --------------------------------------------
# --------------------------------------------
# --------------------------------------------

A few important notes here. server_ip is used to tell your browser where to send RESTful requests to and where to connect for websockets. listen_port and listen_ip are what will actually be used on the server where you're running Apfell. The whitelisted_ip_blocks allow you to restrict access to the login and register pages of Apfell.

Once you’re ready to finally install, simply run the setup script sudo ./setup_apfell.sh and you should be good to go! Apfell will use the information you provided to set up the postgresql instance, create and start all of the necessary docker containers. and start the web server.

• The setup script will also create a default user apfell_admin with a default password apfell_password that can be used. It’s recommended to change this user’s password after installing though.

Start Apfell

If you came here right from the previous section, your Apfell instance should already be up and running. Check out the next section to confirm that's the case. If at any time you wish to stop Apfell, simply run sudo ./stop_apfell.sh and if you want to start it again run sudo ./start_apfell.sh. If Apfell is currently running and you need to make a change, you can run sudo ./start_apfell.sh again without any issue, that script will automatically stop things and then restart them.

Troubleshooting installation and connection

If something seems off, here's a few places to check:

• Run sudo ./status_check.sh to give a status update on all of the docker containers. They should all be up and running. If one is exited or has only been up for less than 30 seconds, that container might be your issue.

  • Your output will be similar to the following. Notice out the apfell_apfell docker container shows a status of Exited? That looks like an issue

Core apfell services:  apfell_apfell, apfell_postgres, apfell_rabbitmq
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
6b7e7ce338e9        apfell_postgres     "docker-entrypoint.s…"   29 hours ago        Up 29 hours                                    apfell_postgres
3f91f8668b5e        apfell_rabbitmq     "/init.sh"               12 days ago         Up 29 hours                                    apfell_rabbitmq
a79cec76ee88        apfell_apfell       "./wait-for-postgres…"   4 weeks ago         Exited (137) 4 weeks ago                       apfell_apfell

C2_Profile endpoints
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS               NAMES
0f30dc316b94        restfulpatchthrough   "/Apfell_service/c2_…"   29 hours ago        Up 29 hours                             restfulpatchthrough

Payload Type Endpoints
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
24a841a1321d        viper               "/Apfell_service/pay…"   29 hours ago        Up 29 hours                             viper
4d939b9e6817        linfell             "/Apfell_service/pay…"   29 hours ago        Up 29 hours                             linfell
a9c04c7723d3        apfell-jxa          "/Apfell_service/pay…"   29 hours ago        Up 29 hours                             apfell-jxa

• To check the logs of any container, run sudo ./display_output.sh [container_name]. For example, to see the output of our stopped container, run sudo ./display_output.sh apfell_apfell. This will help track down if the last thing that happened was an error of some kind.

  • If you don't supply any container names, the script will iterate through all of the containers and dump their output to a file called display_output.txt that you can then grep or browse through.

• If all of that looks ok, but something still seems off, it's time to check the browser.

  • If you're seeing "Session Expired, Please Refresh", "Socked errored, please refresh", or "Socked closed, please refresh", then there's an issue with your websocket connections.

  • First open up the developer tools for your browser and see if there are any errors that might indicate what's wrong. If there's no error though, check the network tab to see if there are any 404 errors. The most likely cause is that there is an issue with the listen_ip in your configuration file such that your browser cannot reach it.

  • If that's not the case, make sure you've selected a current operation (more on this in the Quick Usage section). Apfell uses websockets that pull information about your current operation to provide data. If you're not currently in an active operation (indicated at the top of your screen in big letters), then Apfell cannot provide you any data.