Question 1

How do I install PoisonApple on macOS?

Accepted Answer

Install it via pip3 with 'pip3 install poisonapple --user', ensuring Python 3.6 or higher is installed. The README specifies it was tested with Python 3.9 but should work on older versions.

Question 2

How to remove a persistence mechanism after testing with PoisonApple?

Accepted Answer

Use the -r flag with the same technique and name, for example 'poisonapple -t LaunchAgentUser -n testing -r'. This cleans up the specific persistence entry as shown in the usage examples.

Question 3

What does PoisonApple do if no custom command is specified?

Accepted Answer

It defaults to writing timestamped entries to a file on the Desktop every time the persistence triggers, allowing easy verification without additional setup, as illustrated in the README output.

Question 4

PoisonApple vs manual scripting for macOS persistence testing?

Accepted Answer

PoisonApple automates 17+ techniques with a simple CLI, saving time compared to manual scripts, but lacks the fine-grained control of custom code. It's best for quick emulation rather than deep customization.

Question 5

Is it safe to run PoisonApple on my main Mac?

Accepted Answer

No, the README strongly advises using it only on virtual machines because it modifies system files and triggers security alerts, which could compromise stability or security on production systems.

Question 6

How to customize the command executed by a persistence technique?

Accepted Answer

Use the -c option followed by your command, such as 'poisonapple -t Cron -n test -c "echo foo"'. This allows tailored execution for specific testing scenarios.

PoisonApple

What is PoisonApple?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions