SeaShell - Libre iOS Post-exploitation Pentesting Framework

SeaShell - Libre iOS Post-exploitation Pentesting Framework

What is SheShell?

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Features

  • IPA generator - All you need to do is generate an IPA file and install it on a target's device via TrollStore or other IPA installer that bypasses CoreTrust. After app was installed, a target simply need to run an app single time (he may close application completely after this).
  • Powerful Implant - SeaShell Framework uses the advanced and powerful payload with lots of features. It is called Pwny. You can extend it by adding your own post-exploitation modules or plugins.
  • Basic Set - SeaShell Framework comes with basic set of post-exploitation modules that may exfiltrate following user data: SMS, VoiceMail, Safari history and much more.
  • Encrypted communication - Communication between device and SeaShell is encrypted using the TLS 1.3 encryption by default.
  • Regular updates - SeaShell Framework is being actively updated, so don't hesitate and leave your feature request!

Install

To install SeaShell Framework you just need to type this command in your terminal:

pip3 install git+https://github.com/EntySec/SeaShell

After this SeaShell can be started with seashell command.

Updating

To update SeaShell and get new commands run this:

pip3 install --force-reinstall git+https://github.com/EntySec/SeaShell

Usage

Generating IPA

Simply generate custom IPA file or patch existing one and install it on target's iPhone or iPad via TrollStore or other IPA installer that bypasses CoreTrust.

Listener

Then you will need to start a listener on a host and port you added to your IPA. Once the installed application opens, you will receive a connection

Accessing device

Once you have received the connection, you will be able to communicate with the session through a Pwny interactive shell. Use devices -i <id> to interact and help to view list of all available commands. You can even extract Safari history like in the example below.

License

  • MIT License

Resources & Downloads








Open-source Apps

9,500+

Medical Apps

500+

Lists

450+

Dev. Resources

900+