EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.
- Emulate a simple terminal instance.
- Sockets are encrypted with CSR via OpenSSL.
- No dependencies (pure python).
- Persistence.
- Retrieve Chrome passwords.
- Retrieve iCloud contacts.
- Attempt to get iCloud password via phishing.
- Show local iOS backups.
- Retrieve find my iphone devices.
- Attempt to get root via local privilege escalation (<= 10.10.5).
- Auto installer, simply run EvilOSX on the target and the rest is handled automatically.
- Download or clone this repository.
- Run ./BUILDER and enter the appropriate information:
- Done! Upload and execute the built EvilOSX on your target (with ./EvilOSX.py).
- Finally, start the Server (with ./Server.py) and start managing connections:
- OSXChromeDecrypt created by manwhoami
- MMeTokenDecrypt created by manwhoami
- iCloudContacts created by manwhoami