{"id":21845266,"url":"https://github.com/entysec/seashell","last_synced_at":"2025-04-09T05:09:53.930Z","repository":{"id":214256147,"uuid":"732556353","full_name":"EntySec/SeaShell","owner":"EntySec","description":"SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.","archived":false,"fork":false,"pushed_at":"2024-09-20T14:12:55.000Z","size":19515,"stargazers_count":528,"open_issues_count":10,"forks_count":69,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-02T04:03:01.222Z","etag":null,"topics":["exploit","exploitation","ios","ios-exploit","ios-exploitation","ios-hacking","ios-malware","ipados","jailbreak","post-exploitation","post-exploitation-toolkit","remote-access-tool","remote-admin-tool","reverse-shell","trollstore"],"latest_commit_sha":null,"homepage":"https://theapplewiki.com/wiki/SeaShell","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EntySec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"entysec"}},"created_at":"2023-12-17T04:14:16.000Z","updated_at":"2025-03-29T15:23:22.000Z","dependencies_parsed_at":"2024-08-02T03:28:13.404Z","dependency_job_id":"69f83428-eb67-4f64-8ee3-624860557a62","html_url":"https://github.com/EntySec/SeaShell","commit_stats":null,"previous_names":["entysec/seashell"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EntySec%2FSeaShell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EntySec%2FSeaShell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EntySec%2FSeaShell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EntySec%2FSeaShell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EntySec","download_url":"https://codeload.github.com/EntySec/SeaShell/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247980837,"owners_count":21027808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","exploitation","ios","ios-exploit","ios-exploitation","ios-hacking","ios-malware","ipados","jailbreak","post-exploitation","post-exploitation-toolkit","remote-access-tool","remote-admin-tool","reverse-shell","trollstore"],"created_at":"2024-11-27T23:08:53.854Z","updated_at":"2025-04-09T05:09:53.914Z","avatar_url":"https://github.com/EntySec.png","language":"Python","funding_links":["https://github.com/sponsors/entysec"],"categories":[],"sub_categories":[],"readme":"\u003ch3 align=\"left\"\u003e\n    \u003cimg src=\"seashell/data/logo.png\" alt=\"logo\" height=\"250px\"\u003e\n\u003c/h3\u003e\n\n[![Developer](https://img.shields.io/badge/developer-EntySec-blue.svg)](https://entysec.com)\n[![Language](https://img.shields.io/badge/language-Python-blue.svg)](https://github.com/EntySec/SeaShell)\n[![Forks](https://img.shields.io/github/forks/EntySec/SeaShell?style=flat\u0026color=green)](https://github.com/EntySec/SeaShell/forks)\n[![Stars](https://img.shields.io/github/stars/EntySec/SeaShell?style=flat\u0026color=yellow)](https://github.com/EntySec/SeaShell/stargazers)\n[![CodeFactor](https://www.codefactor.io/repository/github/EntySec/SeaShell/badge)](https://www.codefactor.io/repository/github/EntySec/SeaShell)\n\n[SeaShell Framework](https://blog.entysec.com/2023-12-31-seashell-ios-malware/) is an iOS/macOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.\n\n## Features\n\n* **Powerful Implant** - SeaShell Framework uses the advanced and powerful payload with lots of features. It is called [Pwny](https://github.com/EntySec/Pwny). You can extend it by adding your own post-exploitation modules or plugins.\n* **Basic Set** - SeaShell Framework comes with basic set of post-exploitation modules that may exfiltrate following user data: SMS, VoiceMail, Safari history and much more.\n* **Encrypted communication** - Communication between device and SeaShell is encrypted using the [TLS 1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security) encryption by default.\n* **Regular updates** - SeaShell Framework is being actively updated, so don't hesitate and leave your [feature request](https://github.com/EntySec/SeaShell/issues/new?assignees=\u0026labels=\u0026projects=\u0026template=feature_request.md\u0026title=)!\n\n## Installation\n\nTo install SeaShell Framework you just need to type this command in your terminal:\n\n```shell\npip3 install git+https://github.com/EntySec/SeaShell\n```\n\nAfter this SeaShell can be started with `seashell` command.\n\n## Updating\n\nTo update SeaShell and get new commands run this:\n\n```shell\npip3 install --force-reinstall git+https://github.com/EntySec/SeaShell\n```\n\n## Usage\n\n### Generating IPA\n\nSimply generate custom IPA file or patch existing one and install it on target's iPhone or iPad via [TrollStore](https://trollstore.app/) or other IPA installer that bypasses CoreTrust.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"70%\" src=\"seashell/data/preview/ipa.svg\"\u003e\n\u003c/p\u003e\n\n### Starting listener\n\nThen you will need to start a listener on a host and port you added to your IPA. Once the installed application opens, you will receive a connection.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"70%\" src=\"seashell/data/preview/listen.svg\"\u003e\n\u003c/p\u003e\n\n### Accessing device\n\nOnce you have received the connection, you will be able to communicate with the session through a [Pwny](https://github.com/EntySec/Pwny) interactive shell. Use `devices -i \u003cid\u003e` to interact and `help` to view list of all available commands. You can even extract Safari history like in the example below.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"70%\" src=\"seashell/data/preview/safari.svg\"\u003e\n\u003c/p\u003e\n\n## Available commands\n\nFind the map of available commands. New commands/modules being added regularly so this list might be outdated.\n\n\u003ch3 align=\"center\"\u003e\n    \u003cimg width=\"100%\" src=\"seashell/data/builtins.png\"\u003e\n\u003c/h3\u003e\n\n## Covering them All\n\nA wide range of iOS versions are supported, being 14.0 beta 2 - 16.6.1, 16.7 RC, and 17.0 beta 1 - 17.0, as these versions are vulnerable to the CoreTrust bug.\n\n## Endless Capabilities\n\n[Pwny](https://github.com/EntySec/Pwny) is a powerful implant with plenty of features including evasion, dynamic extensions and much more. It is embedded into the second phase of SeaShell Framework attack. These are all phases:\n\n* **1.** IPA file installed and opened.\n* **2.** Pwny is loaded through `posix_spawn()`.\n* **3.** Connection established and Pwny is ready to receive commands.\n\n## Issues and Bugs\n\nSeaShell was just released and is in **BETA** stage for now. If you find a bug or some function that does not work we will be glad if you immediately submit an issue describing a problem. The more details the issue contains the faster we will be able to fix it.\n\n## External Resources\n\n* Medium: [SeaShell: iOS 16/17 Remote Access](https://medium.com/@enty8080/seashell-ios-16-17-remote-access-41cc3366019d)\n* iDeviceCentral: [iOS Malware Makes TrollStore Users Vulnerable To Monitoring, File Extraction \u0026 Remote Control on iOS 14 – iOS 17](https://idevicecentral.com/news/ios-malware-makes-trollstore-users-vulnerable-to-monitoring-file-extraction-remote-control-on-ios-14-ios-17/)\n* TheAppleWiki: [SeaShell](https://theapplewiki.com/wiki/SeaShell)\n* One Jailbreak: [SeaShell Trojan Horse iOS](https://onejailbreak.com/blog/seashell-trojan-horse-ios/)\n\n## Legal Use\n\nNote that the code and methods provided in this repository must not be used for malicious purposes and should only be used for testing and experimenting with devices **you own**. Please consider out [Terms of Service](https://github.com/EntySec/SeaShell/blob/main/TERMS_OF_SERVICE.md) before using the tool.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fentysec%2Fseashell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fentysec%2Fseashell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fentysec%2Fseashell/lists"}