macOS Initial Access Payload Generator

Related tags

Security related resources Mystikal
Overview

Mystikal

macOS Initial Access Payload Generator

Related Blog Post:

Usage:

  1. Install Xcode on build machine (Required for Installer Package w/ Installer Plugin)
  2. Install python requirements
sudo pip3 install -r requirements.txt
  1. Change settings within the Settings/MythicSettings.py file to match your Mythic configs
  2. Run mystikal
python3 mystikal.py
  1. Select your desired payload from the options
 _______               __   __ __           __
|   |   |.--.--.-----.|  |_|__|  |--.---.-.|  |
|       ||  |  |__ --||   _|  |    <|  _  ||  |
|__|_|__||___  |_____||____|__|__|__|___._||__|
         |_____|
         
Mystikal: macOS Payload Generator
Main Choice: Choose 1 of 8 choices
Choose 1 for Installer Packages
Choose 2 for Mobile Configuration: Chrome Extension
Choose 3 for Mobile Configuration: Webloc File
Choose 4 for Office Macros: VBA
Choose 5 for Office Macros: XLM Macros in SYLK Files
Choose 6 for Disk Images
Choose 7 for Armed PDFs
Choose 8 to exit

Note:

Option 1, Option 1.4, and Option 4 have submenus shown below

Selected Installer Packages
SubMenu: Choose 1 of 5 choices
Choose 1 for Installer Package w/ only pre/postinstall scripts
Choose 2 for Installer Package w/ Launch Daemon for Persistence
Choose 3 for Installer Package w/ Installer Plugin
Choose 4 for Installer Package w/ JavaScript Functionality
Choose 5 to exit

Selected Installer Package w/ JavaScript Functionality
SubMenu Choice: Choose 1 of 3 choices
Choose 1 for Installer Package w/ JavaScript Functionality embedded
Choose 2 for Installer Package w/ JavaScript Functionality in Script
Choose 3 to exit

Selected Office Macros: VBA
SubMenu Choice: Choose 1 of 4 choices
Choose 1 for VBA Macros for Word
Choose 2 for VBA Macros for Excel
Choose 3 for VBA Macros for PowerPoint
Choose 4 to exit

Behavior Modifications:

To change the execution behavior (which binaries are called upon payload execution)

  • Modifications will be required in either the specific payload file under the Modules folder or the related template file under the Templates folder.
You might also like...
Dumps the payload.bin image found in Android update images.
Dumps the payload.bin image found in Android update images.

payload dumper Dumps the payload.bin image found in Android update images. Has significant performance gains over other tools due to using multiproces

Rasmus 7 Nov 17, 2022
Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework) Yosh! If you are a django backend develo

Abram (^o^) 7 Sep 30, 2022
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

null 9.4k Jan 4, 2023
macOS persistence tool
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Mythic Agents 37 Dec 6, 2022
This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl

Chaithu 14 Sep 30, 2022
this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

Titan_Exodous 1 Nov 4, 2021
An easy-to-use wrapper for NTFS-3G on macOS

ezNTFS ezNTFS is an easy-to-use wrapper for NTFS-3G on macOS. ezNTFS can be used as a menu bar app, or via the CLI in the terminal. Installation To us

Matthew Go 34 Dec 1, 2022
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
Comments
  • Update the path for the PowerPoint payload to match the path that's printed in the terminal

    Update the path for the PowerPoint payload to match the path that's printed in the terminal

    I'm suggesting a minor tweak to the path for the PowerPoint macro payload, so that it matches what's printed in the terminal output and for consistency with the other macro payloads. Cheers 👍

    Copy the macro from Payloads/MacroPowerPoint_Payload/macro.txt
    opened by threat-punter 1
  • TypeError: __init__() got an unexpected keyword argument 'selected_os'

    TypeError: __init__() got an unexpected keyword argument 'selected_os'

    Please make a choice: 4 Selected Office Macros: VBA SubMenu Choice: Choose 1 of 4 choices Choose 1 for VBA Macros for Word Choose 2 for VBA Macros for Excel Choose 3 for VBA Macros for PowerPoint Choose 4 to exit Please make a choice: 1 [+] Logging into Mythic Traceback (most recent call last): File "mystikal.py", line 161, in main() File "mystikal.py", line 73, in main office_macros_menu() File "mystikal.py", line 136, in office_macros_menu macro_word() File "/Users/ccccc/Downloads/Mystikal/Modules/Macro_Word.py", line 104, in macro_word loop.run_until_complete(main()) File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/Users/cccc/Downloads/Mystikal/Modules/Macro_Word.py", line 86, in main await scripting() File "/Users/ccc/Downloads/Mystikal/Modules/Macro_Word.py", line 30, in scripting p = mythic_rest.Payload( TypeError: init() got an unexpected keyword argument 'selected_os'

    opened by HSIS007 1
  • got unexpected keyword argument 'mythic_encrypts'

    got unexpected keyword argument 'mythic_encrypts'

    Hey, I'm getting the following error when trying to create an Armed PDF in Mystikal

     _______               __   __ __           __
|   |   |.--.--.-----.|  |_|__|  |--.---.-.|  |
|       ||  |  |__ --||   _|  |    <|  _  ||  |
|__|_|__||___  |_____||____|__|__|__|___._||__|
         |_____|

Mystikal: macOS Initial Access Payload Generator
Main Choice: Choose 1 of 8 choices
Choose 1 for Installer Packages
Choose 2 for Mobile Configuration: Chrome Extension
Choose 3 for Mobile Configuration: Webloc File
Choose 4 for Office Macros: VBA
Choose 5 for Office Macros: XLM Macros in SYLK Files
Choose 6 for Disk Images
Choose 7 for Armed PDFs
Choose 8 to exit
Please make a choice: 7
Selected Armed PDF
!!! This module currently downloads a pdf to modify as a default example
[+] Copied Template Folder to './Payloads/PDF_Payload'
[+] Logging into Mythic
[+] Creating new apfell payload
Traceback (most recent call last):
  File "mystikal.py", line 141, in <module>
    main()
  File "mystikal.py", line 48, in main
    pdf()
  File "/Users/rt/Downloads/Mystikal/Modules/PDF.py", line 103, in pdf
    loop.run_until_complete(main())
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
    return future.result()
  File "/Users/rt/Downloads/Mystikal/Modules/PDF.py", line 85, in main
    await scripting()
  File "/Users/rt/Downloads/Mystikal/Modules/PDF.py", line 56, in scripting
    resp = await mythic.create_payload(p, all_commands=True, wait_for_build=True)
  File "/Users/rt/Downloads/Mystikal/mythic.py", line 4026, in create_payload
    resp = await self.get_payloadtypes()
  File "/Users/rt/Downloads/Mystikal/mythic.py", line 4132, in get_payloadtypes
    tmp.append(PayloadType(**x))
TypeError: __init__() got an unexpected keyword argument 'mythic_encrypts'

    Mythic Version: Current main branch (2.2) Mystikal Version: Current main branch

    Any idea why I might be getting this error? pip says all requirements are satisfied and as far as I can see all the settings in MythicSettings.py are correct.

    opened by checkymander 1
  • Adding PIP package, Ruby Gem, and NPM package creation

    Adding PIP package, Ruby Gem, and NPM package creation

    Contributing code to create poisoned PIP packages, Ruby gems, and NPM packages for Mythic.

    I'm having a lot of trouble testing and could use some help.

    opened by ForensicITGuy 0
Owner
Leo Pitt
Leo Pitt
GitHub
PyFUD - Fully Undetectable payload generator for metasploit

PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host

null 3 Mar 25, 2022
Malware Configuration And Payload Extraction

CAPEv2 (Python3) has now been released CAPEv2 With the imminent end-of-life for Python 2 (January 1 2020), CAPEv1 will be phased out. Please upgrade t

Context Information Security 701 Dec 27, 2022
Malware Configuration And Payload Extraction

CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of mal

Kevin O'Reilly 1k Dec 30, 2022
对安卓APP注入MSF PAYLOAD,并且对手机管家进行BYPASS。

520_APK_HOOK 介绍 将msf生成的payload,注入到一个正常的apk文件中,重新打包后进行加固,bypass手机安全管家的检测。 项目地址: https://github.com/cleverbao/520apkhook 作者: BaoGuo 优点 相比于原始的msf远控,此版本ap

BaoGuo 368 Jan 2, 2023
HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

EntySec 100 Dec 23, 2022
Tool To generate Stable Undetected Payload

windowsPayload Tool To generate Stable Undetected Payload Don t Upload to Virus Total :) Follow on Social Media Platforms ScreenShots How to install +

youhacker55 117 Dec 30, 2022
proxyshell payload generate

Py Permutative Encoding https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-pst/5faf4800-645d-49d1-9457-2ac40eb467bd Generate proxyshell

Evi1cg 63 Nov 15, 2022
Extendable payload obfuscation and delivery framework

NSGenCS What Is? An extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Installation Requirements Currently

null 123 Dec 19, 2022
Ducky Script is the payload language of Hak5 gear.

Ducky Script is the payload language of Hak5 gear. Since its introduction with the USB Rubber Ducky in 2010, Ducky Script has grown in capability while maintaining simplicity. Aided by Bash for logic and conditional operations, Ducky Script provides multi-vector functions for all Hak5 payload platforms.

Abir Abedin Khan 6 Oct 7, 2022
Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

elyesa 5 Nov 9, 2022