Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/entysec/seashell

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
https://github.com/entysec/seashell

exploit exploitation ios ios-exploit ios-exploitation ios-hacking ios-malware ipados jailbreak post-exploitation post-exploitation-toolkit remote-access-tool remote-admin-tool reverse-shell trollstore

Last synced: 4 days ago
JSON representation

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Awesome Lists containing this project

README 

        


    logo




[![Developer](https://img.shields.io/badge/developer-EntySec-blue.svg)](https://entysec.com)

[![Language](https://img.shields.io/badge/language-Python-blue.svg)](https://github.com/EntySec/SeaShell)

[![Forks](https://img.shields.io/github/forks/EntySec/SeaShell?style=flat&color=green)](https://github.com/EntySec/SeaShell/forks)

[![Stars](https://img.shields.io/github/stars/EntySec/SeaShell?style=flat&color=yellow)](https://github.com/EntySec/SeaShell/stargazers)

[![CodeFactor](https://www.codefactor.io/repository/github/EntySec/SeaShell/badge)](https://www.codefactor.io/repository/github/EntySec/SeaShell)



[SeaShell Framework](https://blog.entysec.com/2023-12-31-seashell-ios-malware/) is an iOS/macOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.



## Features



* **Powerful Implant** - SeaShell Framework uses the advanced and powerful payload with lots of features. It is called [Pwny](https://github.com/EntySec/Pwny). You can extend it by adding your own post-exploitation modules or plugins.

* **Basic Set** - SeaShell Framework comes with basic set of post-exploitation modules that may exfiltrate following user data: SMS, VoiceMail, Safari history and much more.

* **Encrypted communication** - Communication between device and SeaShell is encrypted using the [TLS 1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security) encryption by default.

* **Regular updates** - SeaShell Framework is being actively updated, so don't hesitate and leave your [feature request](https://github.com/EntySec/SeaShell/issues/new?assignees=&labels=&projects=&template=feature_request.md&title=)!



## Installation



To install SeaShell Framework you just need to type this command in your terminal:



```shell

pip3 install git+https://github.com/EntySec/SeaShell

```



After this SeaShell can be started with `seashell` command.



## Updating



To update SeaShell and get new commands run this:



```shell

pip3 install --force-reinstall git+https://github.com/EntySec/SeaShell

```



## Usage



### Generating IPA



Simply generate custom IPA file or patch existing one and install it on target's iPhone or iPad via [TrollStore](https://trollstore.app/) or other IPA installer that bypasses CoreTrust.





  




### Starting listener



Then you will need to start a listener on a host and port you added to your IPA. Once the installed application opens, you will receive a connection.





  




### Accessing device



Once you have received the connection, you will be able to communicate with the session through a [Pwny](https://github.com/EntySec/Pwny) interactive shell. Use `devices -i ` to interact and `help` to view list of all available commands. You can even extract Safari history like in the example below.





  




## Available commands



Find the map of available commands. New commands/modules being added regularly so this list might be outdated.





    




## Covering them All



A wide range of iOS versions are supported, being 14.0 beta 2 - 16.6.1, 16.7 RC, and 17.0 beta 1 - 17.0, as these versions are vulnerable to the CoreTrust bug.



## Endless Capabilities



[Pwny](https://github.com/EntySec/Pwny) is a powerful implant with plenty of features including evasion, dynamic extensions and much more. It is embedded into the second phase of SeaShell Framework attack. These are all phases:



* **1.** IPA file installed and opened.

* **2.** Pwny is loaded through `posix_spawn()`.

* **3.** Connection established and Pwny is ready to receive commands.



## Issues and Bugs



SeaShell was just released and is in **BETA** stage for now. If you find a bug or some function that does not work we will be glad if you immediately submit an issue describing a problem. The more details the issue contains the faster we will be able to fix it.



## External Resources



* Medium: [SeaShell: iOS 16/17 Remote Access](https://medium.com/@enty8080/seashell-ios-16-17-remote-access-41cc3366019d)

* iDeviceCentral: [iOS Malware Makes TrollStore Users Vulnerable To Monitoring, File Extraction & Remote Control on iOS 14 – iOS 17](https://idevicecentral.com/news/ios-malware-makes-trollstore-users-vulnerable-to-monitoring-file-extraction-remote-control-on-ios-14-ios-17/)

* TheAppleWiki: [SeaShell](https://theapplewiki.com/wiki/SeaShell)

* One Jailbreak: [SeaShell Trojan Horse iOS](https://onejailbreak.com/blog/seashell-trojan-horse-ios/)



## Legal Use



Note that the code and methods provided in this repository must not be used for malicious purposes and should only be used for testing and experimenting with devices **you own**. Please consider out [Terms of Service](https://github.com/EntySec/SeaShell/blob/main/TERMS_OF_SERVICE.md) before using the tool.