{"id":29276541,"url":"https://github.com/jxroot/configripper","last_synced_at":"2026-02-19T14:31:47.164Z","repository":{"id":302298472,"uuid":"1011937210","full_name":"jxroot/ConfigRipper","owner":"jxroot","description":"a collection of profiles for IOS designed for penetration testing or red teaming","archived":false,"fork":false,"pushed_at":"2025-07-01T15:30:36.000Z","size":417,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-20T20:14:36.527Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jxroot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-01T14:57:18.000Z","updated_at":"2025-07-01T15:30:40.000Z","dependencies_parsed_at":"2025-07-01T16:28:16.531Z","dependency_job_id":"41a81576-245c-4fc6-bbcb-10a4bde97584","html_url":"https://github.com/jxroot/ConfigRipper","commit_stats":null,"previous_names":["jxroot/configripper"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jxroot/ConfigRipper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jxroot%2FConfigRipper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jxroot%2FConfigRipper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jxroot%2FConfigRipper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jxroot%2FConfigRipper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jxroot","download_url":"https://codeload.github.com/jxroot/ConfigRipper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jxroot%2FConfigRipper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29618266,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T13:04:20.082Z","status":"ssl_error","status_checked_at":"2026-02-19T13:03:33.775Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-05T08:38:00.073Z","updated_at":"2026-02-19T14:31:47.121Z","avatar_url":"https://github.com/jxroot.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n# 📱 MobileConfig for Red Teaming \u0026 Pentesting\n\n![mobileconfig-banner](https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQr5QOZQmlRUkVVJ13M2aeBRR5TNu5z9AgJLQ\u0026s)  \n*Apple configuration profiles can be weaponized for advanced red teaming and security testing on iOS and macOS devices.*\n\n---\n\n## 🚀 Overview\n\n**MobileConfig** files are Apple’s configuration profile format used to manage device settings. These files can automate VPN setup, enforce restrictions, modify Wi-Fi connections, install root certificates, and more.  \nWhen used creatively in a red team operation, they enable phishing, traffic manipulation, device policy tampering, and persistence.\n\n\n## 🔥 Red Team Capabilities\n\n| Category         | Capability                    | Description / Example                          |\n|------------------|-------------------------------|------------------------------------------------|\n| **Network**      | Auto Wi-Fi Connection         | Set SSID, password, security type              |\n|                  | VPN Configuration             | IKEv2/L2TP, split tunneling, custom auth       |\n|                  | Proxy \u0026 DNS Settings          | MITM setup with malicious proxy or DNS         |\n| **Security**     | Password Policies             | Force password complexity, retry limits        |\n|                  | Auto-Lock Settings            | Auto-lock timeout                              |\n| **Restrictions** | Disable Features              | Camera, Safari, AirDrop, App Install/Removal   |\n| **Certificates** | Install CA / Client Certs     | Trust fake CAs, enable TLS interception        |\n| **MDM**          | Enroll Device                 | Remote control via MDM protocol                |\n| **System**       | SSO, Notifications            | Kerberos / SAML setup, notification control    |\n| **UI Attack**       | WebClip Payload            | Fake app icon on home screen linking to phishing page good for use with Evilginx Can Install Bad Fonts or make crash on parse config   \n\n\n\n## 🧪 Examples\n\n| File                              | Purpose                               |\n|-----------------------------------|---------------------------------------|\n| `vpn_mobileconfig.mobileconfig`   | Auto-connect to controlled VPN        |\n| `proxy_mobileconfig.mobileconfig` | Intercept traffic via custom proxy    |\n| `cert_install.mobileconfig`       | Install fake root certificate         |\n| `disable_camera.mobileconfig`     | Disable camera on the device   \n| `fake_app.mobileconfig`     | phishing page With WebClip           |\n\nAll examples are located in the `/examples/` folder.\n\n\n\n## 🕸️ Web-Based Delivery Samples\n\nDelivering `.mobileconfig` files via phishing-style webpages is highly effective.  \nYou can host a fake page and convince the user to install the profile.\n| File                              | Purpose                               |\n|-----------------------------------|---------------------------------------|\n| `wifi_signup.html`   | Fake Wi-Fi login portal        |\n| `vpn_org_setup.html` | Corporate VPN configuration page    |\n| `cert_install.html`       | Certificate update for compliance         |\n| `app_install.html`     | Fake Application For WebClip  \n\nAll examples are located in the `/web_samples/` folder.\n\n## Note: `Content-Type: application/x-apple-aspen-config`\n\n- This header tells iOS/macOS that the file is an Apple configuration profile (`.mobileconfig`).\n- It ensures the device recognizes the file and prompts the user to install it.\n- Without it, the profile might just download without triggering installation.\n- Use it on your server when serving `.mobileconfig` files for smooth installation.\n\n\n### 🌐 Hosting Example\n  ----------\n`python3 -m http.server 8080` \n\nOpen the hosted page on Safari (iOS/macOS) and the system will prompt the user to install the profile.\n\n\u003e ⚠️ **Reminder:** The user must manually confirm installation via system settings.\n\n\n\u003ch2 id=\"contact\"\u003e📧 Contact\u003c/h2\u003e\n\u003cp \u003e\n\u003ca href=\"https://t.me/amajax\"\u003e\u003cimg title=\"Telegram\" src=\"https://img.shields.io/badge/Telegram-black?style=for-the-badge\u0026logo=Telegram\"\u003e\u003c/a\u003e\n\u003ca href=\"https://www.youtube.com/channel/UC0-QcOXgzRgSfcE3zerwu9w/?sub_confirmation=1\"\u003e\u003cimg title=\"Youtube\" src=\"https://img.shields.io/badge/Youtube-red?style=for-the-badge\u0026logo=Youtube\"\u003e\u003c/a\u003e\n\u003ca href=\"https://www.instagram.com/sectoolfa\"\u003e\u003cimg title=\"Instagram\" src=\"https://img.shields.io/badge/Instagram-white?style=for-the-badge\u0026logo=Instagram\"\u003e\u003c/a\u003e\n\n## ⚠️ Legal \u0026 Ethical Disclaimer\n\n🚨 This tool is developed strictly for educational and authorized security testing purposes only.\n\n🔬 It is intended to help cybersecurity professionals, researchers, and enthusiasts understand post-exploitation, red teaming, and detection techniques in lab or controlled environments.\n\n❌ Do NOT use this tool on any system or network without explicit permission. Unauthorized use may be illegal and unethical.\n\n🛡 The author takes no responsibility for any misuse or damage caused by this project.\n\n---\n\n\u003e Always hack responsibly. 💻🔐\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjxroot%2Fconfigripper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjxroot%2Fconfigripper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjxroot%2Fconfigripper/lists"}