Skip to content
/ Appollo Public

Appollo is an open-source tool for continuous attack surface monitoring, helping organizations identify, analyze, and mitigate security risks in real time.

License

MIT license
33 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Groww-OSS/Appollo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CONTRIBUTE.md
CONTRIBUTE.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation


Logo

Appollo - C.A.S.T. solution

Think you're secure? Appollo will make sure.
View Demo Report Bug Request Feature

About The Project

Modules

Appollo is a security tool designed to continuously assess and monitor the attack surface of an organization's digital infrastructure. It systematically identifies, analyzes, and reports on potential vulnerabilities and weaknesses in networks, applications, and systems. By providing ongoing visibility into security risks, Appollo enables organizations to proactively address issues, strengthen their defenses, and reduce the likelihood of successful cyber attacks.

Here's why:

  • Internal Asset Access: Utilizes internal assets effectively to accelerate scans, allowing rapid detection of vulnerabilities.
  • Scalability: Adapts to organizational growth and infrastructure changes.
  • DNS and Subdomain Monitoring: Tracks DNS records and subdomains, alerting on changes.
  • SSL Validation Monitoring: Monitors SSL certificate expiry for domains.
  • IP Discovery: Maintains a comprehensive list of all IP addresses.
  • Port Scanning: Identify critical open ports.
  • Endpoint Checking: Monitors common exposed directory endpoints for security risks.
  • Historical Data Analysis: Leverages wayback and common crawl for insights into past data.
  • Technology Stack Scanning: Detects and assesses technology stacks for vulnerabilities.
  • CVE-Based Vulnerability Scanning: Identifies and reports known vulnerabilities using CVE databases.
  • Slack & Jira – Streamline alerts and ticketing for faster action.
  • Intuitive Dashboard – A user-friendly UI for better asset tracking and security gap analysis.

Architecture

Architecture

Getting Started

To get a local copy up and running follow these simple example steps.

Prerequisites

  • nuclei

    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

  • gau

    go install github.com/lc/gau/v2/cmd/gau@latest

  • tlsx

    go install github.com/projectdiscovery/tlsx/cmd/tlsx@latest

  • naabu

    go install -v github.com/projectdiscovery/naabu/v2/cmd/[email protected]

  • ffuf

    go install github.com/ffuf/ffuf/v2@latest

  • BuiltWithAPI

  • gcloud

    • Refer this link for installation.

Installation

  1. Clone the repo 
    git clone https://github.com/Groww-oss/Appollo.git
  2. Install requirements 
    pip install -r requirements.txt
  3. Enter your API Keys as well as required URLs in .env 
     CLOUDFLARE_API_KEY=<API_KEY>
 MONGO_URI=<MONGO_URI>
 MONGI_DB=<MONGO_DB>
 WEBHOOK_SERVER_PORT= 5002
 WEBHOOK_URL=<SLACK_WEBHOOK_URL>
 BUILTWITH_API_KEY= <BUILTWITH_API_KEY>
 SLACK_API_KEY=<SLACK_BOT_TOKEN>
 CHANNEL_ID=<SLACK_CHANNEL_ID>
 JIRA_SERVER=<JIRA_SERVER_URL>
 JIRA_USER=<JIRA_USER>
 JIRA_API_TOKEN=<JIRA_API_TOKEN>
 SVC_ACCOUNT=<SERVICE_ACCOUNT_FILE_PATH>
 DIRECTORY_WORDLIST=<DIRECTORY_FUZZING_WORDLIST>
 NUCLEI_TEMPLATE=<NUCLEI_TEMPLATE_PATH>

Usage

To use Appollo, you can run the following commands based on your requirements:

usage: appollo.py [-h] -e ENV [-t TARGET] [-U] [-sc] [-ps] [-ws]
                  [-ts] [-ds] [-ns] [-A]

Appollo - Reconnaissance Tool

options:
  -h, --help            show this help message and exit
  -e ENV, --env ENV     Path to the .env file
  -t TARGET, --target TARGET
                        Target domain, IP, CIDR, or any asset which
                        is supported by Appollo
  -U, --update-inventory
                        Update Inventory Records
  -sc, --ssl-checker    Run ssl Checker
  -ps, --port-scan      Run port scan logic
  -ws, --wayback-scan   Run wayback scan logic
  -ts, --tech-scan      Run technology scan
  -ds, --dir-scan       Run directory scan logic
  -ns, --nuclei-scan    Run nuclei scans for CVE's
  -A, --complete-scan   Run complete scan for all known assets in
                        inventory

Video POC

Appollo-Poc.4.1.1.1.mp4

Appsmith Dashboard

Follow these steps to set up your Appsmith dashboard using the provided .json file.

Prerequisites

  1. An Appsmith account.
  1. The .json file for the dashboard.

Steps to Set Up

  1. Log in to Appsmith
  • Go to Appsmith and log in or sign up.
  1. Go to Your Workspace
  • Select an existing workspace or create a new one.
  1. Import the Dashboard
  • Click New → Import Application.
  • Upload the provided Appollo.json file under the dashboard directory in the repository.
  1. Configure Datasources
  • Go to the Datasources tab.
  • Update MongoDB database credentials.

How to contribute ?

We welcome contributions! Please check out our CONTRIBUTE.md for detailed guidelines on how to get started.

License

Distributed under the MIT License. See MIT License for more information.

Contact

Bhavye Malhotra - @wh1t3r0se_ - [email protected]
Srilakshmi Prathapan - @L0xm1 - [email protected]

Acknowledgments

About

Appollo is an open-source tool for continuous attack surface monitoring, helping organizations identify, analyze, and mitigate security risks in real time.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

33 stars

Watchers

3 watching

Forks

5 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages