EggShell – Remote Administration Tool For iOS/macOS

EggShell is a post misuse surveillance instrument written in Python. It gives you a command line session with additional usefulness amongst you and an objective machine. EggShell gives you the power and convenience of uploading/downloading records, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is venture is a proof of concept, expected for use on machines you claim.


For detailed information and how-to visit please access the link.

Also Read Drozer – Android Leading Security Testing Framework

Getting Started With Eggshell

  • Requires python 2.7

macOS/Linux Installation

git clone
cd eggshell

iOS (Jailbroken)

Add Cydia source: Install EggShell 3 Use any mobile terminal application and run the command eggshell

Creating Payloads

Eggshell payloads are executed on the target machine. The payload first sends over instructions for getting and sending back device details to our server and then chooses the appropriate executable to establish a secure remote control session.


Selecting bash from the payload menu will give us a 1 liner that establishes an eggshell session upon execution on the target machine

teensy macOS (USB injection)

Teensy is a USB development board that can be programmed with the Arduino ide. It emulates usb keyboard strokes extremely fast and can inject the EggShell payload just in a few seconds.

Selecting teensy will give us an arduino based payload for the teensy board.

After uploading to the teensy, we can use the device to plug into a macOS usb port. Once connected to a computer, it will automatically emulate the keystrokes needed to execute a payload.

Interacting with a session

After a session is established, we can execute commands on that device through the EggShell command line interface. We can show all the available commands by typing “help”

Tab Completion

Similar to most command line interfaces, EggShell supports tab completion. When you start typing the path to a directory or filename, we can complete the rest of the path using the tab key.


The Multihandler option lets us handle multiple sessions. We can choose to interact with different devices while listening for new connections in the background.

Similar to the session interface, we can type “help” to show Multihandler commands



  • brightness : adjust screen brightness
  • cd : change directory
  • download : download file
  • getfacebook : retrieve facebook session cookies
  • getpaste : get pasteboard contents
  • getvol : get speaker output volume
  • idletime : get the amount of time since the keyboard/cursor were touched
  • imessage : send message through the messages app
  • itunes : iTunes Controller
  • keyboard : your keyboard -> is target’s keyboard
  • lazagne : firefox password retrieval | (
  • ls : list contents of a directory
  • mic : record mic
  • persistence : attempts to re establish connection after close
  • picture : take picture through iSight
  • pid : get process id
  • prompt : prompt user to type password
  • screenshot : take screenshot
  • setvol : set output volume
  • sleep : put device into sleep mode
  • su : su login
  • suspend : suspend current session (goes back to login screen)
  • upload : upload file


  • alert : make alert show up on device
  • battery : get battery level
  • bundleids : list bundle identifiers
  • cd : change directory
  • dhome : simulate a double home button press
  • dial : dial a phone number
  • download : download file
  • getcontacts : download addressbook
  • getnotes : download notes
  • getpasscode : retreive the device passcode
  • getsms : download SMS
  • getvol : get volume level
  • home : simulate a home button press
  • installpro : install substrate commands
  • ipod : control music player
  • islocked : check if the device is locked
  • lastapp : get last opened application
  • locate : get device location coordinates
  • locationservice: toggle location services
  • lock : simulate a lock button press
  • ls : list contents of a directory
  • mic : record mic
  • mute : update and view mute status
  • open : open apps
  • openurl : open url on device
  • persistence : attempts to re establish connection after close
  • picture : take picture through iSight
  • pid : get process id
  • respring : restart springboard
  • safemode : put device into safe mode
  • say : text to speach
  • setvol : set device volume
  • sysinfo : view system information
  • upload : upload file
  • vibrate : vibrate device


  • cd : change directory
  • download : download file
  • ls : list contents of a directory
  • pid : get process id
  • pwd : show current directory
  • upload : upload file

Drozer – Android Leading Security Testing Framework

Drozer (once in the past Mercury) is the main security testing framework for Android.

It enables you to scan for security vulnerabilities in applications and devices by expecting the part of an application and cooperating with the Dalvik VM, other applications’ IPC endpoints and the basic OS.

It gives apparatuses to enable you to utilize, share and comprehend open Android abuses. It causes you to send a Agent to a device through abuse or social engineering. Utilizing weasel (MWR’s propelled abuse payload) it can amplify the authorizations accessible to it by introducing a full operator, infusing a constrained specialist into a running procedure, or associating a turn around shell to go about as a Remote Access Tool (RAT).

Requirement For Drozer

Note: On Windows please ensure that the path to the Python installation and the Scripts folder under the Python installation are added to the PATH environment variable.

Note: On Windows please ensure that the path to javac.exe is added to the PATH environment variable.

Also Read AutoNSE – Massive NSE AutoSploit and AutoScanner

Command Reference



run Executes a drozer module
list Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run.
shell Start an interactive Linux shell on the device, in the context of the Agent process.
cd Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module.
clean Remove temporary files stored by drozer on the Android device.
contributors Displays a list of people who have contributed to the drozer framework and modules in use on your system.
echo Print text to the console.
exit Terminate the drozer session.
help Display help about a particular command or module.
load Load a file containing drozer commands, and execute them in sequence.
module Find and install additional drozer modules from the Internet.
permissions Display a list of the permissions granted to the drozer Agent.
set Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by it.
unset Remove a named variable that it passes to any Linux shells that it spawns.


Installing the Agent

It can be installed using Android Debug Bridge (adb).

Download the latest Drozer Agent by clicking here.

$ adb install drozer-agent-2.x.x.apk

Starting a Session

You should now have the Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.

We will use the server embedded in the drozer Agent to do this.

If using the Android emulator, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, it uses port 31415:

$ adb forward tcp:31415 tcp:31415

Now, launch the Agent, select the “Embedded Server” option and tap “Enable” to start the server. You should see a notification that the server has started.

Then, on your PC, connect using the drozer Console:

On Linux:

$ drozer console connect

On Windows:

> drozer.bat console connect

If using a real device, the IP address of the device on the network must be specified:

On Linux:

$ drozer console connect --server

On Windows:

> drozer.bat console connect --server

You should be presented with a drozer command prompt:

selecting f75640f67144d9a3 (unknown sdk 4.1.1)  

The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.

You are now ready to start exploring the device.

AutoNSE – Massive NSE AutoSploit and AutoScanner

Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmap’s most capable and adaptable features. It enables clients to compose (and share) basic scripts (utilizing the Lua programming dialect ) to computerize a wide variety of networking tasks. Those contents are executed in parallel with the speed and effectiveness you anticipate from Nmap. Clients can depend on the developing and diverse arrangement of scripts appropriated with Nmap, or write their own to address custom issues.

AutoSploit and AutoScanner

For more information’s Click Here.

Installation AutoSploit and AutoScanner

$ git clone
$ cd AutoNSE 
$ bash

Also Read WiFi-Pumpkin – Framework for Rogue Wi-Fi Access Point Attack


$ bash

WiFi-Pumpkin – Framework for Rogue Wi-Fi Access Point Attack

WiFi-Pumpkin is a complete framework for auditing Wi-Fi security. The main feature is the ability to create a fake AP and make Man In The Middle attack, but the list of features is quite broad.

Installation – WiFi-Pumpkin

Python 2.7
git clone
cd WiFi-Pumpkin
./ --install


  • Rogue Wi-Fi Access Point.
  • Deauth Attack Clients AP.
  • Probe Request Monitor.
  • DHCP Starvation Attack.
  • Credentials Monitor.
  • Transparent Proxy.
  • Windows Update Attack.
  • Phishing Manager.
  • Partial Bypass HSTS protocol.
  • Support beef hook.
  • ARP PoisonDNS Spoof.
  • Patch Binaries via MITM.
  • Karma Attacks (support hostapd-mana).
  • LLMNR, NBT-NS and MDNS poisoner (Responder).
  • Pumpkin-Proxy (ProxyServer (mitmproxy API)).
  • Capture images on the fly.
  • TCP-Proxy (with scapy)


Tools Plugin

Plugin Description
Dns2proxy This tools offer a different features for post-explotation once you change the DNS server to a Victim.
Sstrip2 Sslstrip is a MITM tool that implements Moxie Marlinspike’s SSL stripping attacks based version fork @LeonardoNve/@xtr4nge.
Sergio_proxy Sergio Proxy (a Super Effective Recorder of Gathered Inputs and Outputs) is an HTTP proxy that was written in Python for the Twisted framework.
BDFProxy Patch Binaries via MITM: BackdoorFactory + mitmProxy, bdfproxy-ng is a fork and review of the original BDFProxy @secretsquirrel.
Responder an LLMNR, NBT-NS and MDNS poisoner. Author: Laurent Gaffie

Transparent Proxy

Transparent proxies(mitmproxy) that you can use to intercept and manipulate HTTP traffic modifying requests and responses, that allow injecting javascript into the targets visited. You can easily implement a module to inject data into pages creating a python file in directory “plugins/extension/” automatically will be listed on the Pumpkin-Proxy tab.

Also Read Fern Wifi Cracker For Wireless Security

TCP-Proxy Server

A proxy that you can place between in a TCP stream. It filters the request and response streams with (scapy module) and actively modify packets of a TCP protocol that gets intercepted by WiFi-Pumpkin. this plugin uses modules to view or modify the intercepted data that possibly the easiest implementation of a module, just add your custom module on “plugins/analyzers/” automatically will be listed on the TCP-Proxy tab.

Tool Credits: 

Hack Windows Installer For The Hack Typeface

Hack Windows Installer

A Hack Windows installer for the Hack typeface.

While it may appear like pointless excess to utilize a hack windows installer for fonts, there is justifiable reason explanation behind this on the Windows platform. Various things can turn out badly when one tries to install or update every now and again updated fonts manually.

This installer tends to about the greater part of the regularly observed issues.

Usage Of Hack Windows Installer


  • Download HackFontsWindowsInstaller.exe from Releases
  • Double click HackFontsWindowsInstaller.exe
  • In the event that you see a Windows secured your PC message, tap on More info and select Run anyway. This Windows SmartScreen warning can be securely overlooked, the installer is virus and addware free.
  • Follow the installation instructions
  • If a font file was installed or removed, the installer will request a reboot

Installer Source

You may audit the remark commented on installer source in HackWindowsInstaller.iss.

To build this setup yourself, download the latest ANSI (not Unicode) rendition of Inno Setup. Install it and actuate the choice to Install the Inno Setup Preprocessor. Double tap HackWindowsInstall.iss, which will stack it in Inno Setup and select Build – Compile.

We release the aggregated installer with its SHA256 hash process and VirusTotal malware examines report link in Releases.

Quiet Installation

To install it, utilize the accompanying command:


To remove it :

C:\Program Files\Hack Fonts\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART


The installer makes a log file on the way C:\Users\ (Username) \AppData\Local\Temp\Setup Log (Year-Month-Day) #XXX.txt with full information, as well as C:\Program Files\Hack Fonts\Log-FontData.txt;. The later just contains a subset of the first.

If you are using EMET: If the “Only trusted fonts” option is activated, you need to declare Hack as trusted or it will not be usable.

Fern Wifi Cracker For Wireless Security

Fern Wifi Cracker is a Wireless security evaluating and assault software program composed utilizing the Python Programming Language and the Python Qt GUI library, the program can crack and recover WEP/WPA/WPS keys and furthermore run other network based attacks on wireless or ethernet based networks.

Visit for newer downloads

Operating System Supported The Software keeps running on any Linux machine with the programs requirements, But the program has been tried on the accompanying Linux based working frameworks:

Essentials The Program requires the accompanying to run appropriately:

The accompanying conditions can be introduced utilizing the Debian bundle installer command on Debian based frameworks utilizing apt-get install program or generally downloaded and install manually.


Features Of Fern Wifi Cracker 

  • WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
  • WPA/WPA2 Cracking with Dictionary or WPS based attacks
  • Automatic saving of key in database on successful crack
  • Automatic Access Point Attack System
  • Session Hijacking (Passive and Ethernet Modes)
  • Access Point MAC Address Geo Location Tracking
  • Internal MITM Engine
  • Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
  • Update Support

Fern Wifi Cracker Installation


Installation Debian Package supported systems:

root@host:~# dpkg -i Fern-Wifi-Cracker_1.6_all.deb

The source code for the program can be fetched using the following command on terminal

root@host:~# svn checkout

Upgrading and Updating

The Program consequently checks for updates each time the program is ran, if the program finds a updates, it informs client with the message New Update is Available, in other to updates all you essentially need to do is tap on the updates button When the button is clicked, permit to download update records until the point that it shows the message Please Restart Application.



A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis – AndroL4b

AndroL4b is an android security virtual machine in view of ubuntu-mate incorporates the accumulation of most recent framework, instructional exercises and labs from various security nerds and researchers for figuring out and malware analysis.

What’s new in Androl4b v.3?

  1. Tools are updated
  2. New tools and lab included
  3. Upgraded to Ubuntu mate 17.04
  4. Some cleanup


Radare2 Unix-like reverse engineering framework and commandline tools

Frida Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.

ByteCodeViewer Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)

Mobile Security Framework (MobSF) (Android/iOS) Automated Pentesting Framework (Just Static Analysis in this VM)

Drozer Security Assessment Framework for Android Applications

APKtool Reverse Engineering Android Apks

AndroidStudio IDE For Android Application Development

BurpSuite Assessing Application Security

Wireshark Network Protocol Analyzer

MARA Mobile Application Reverse engineering and Analysis Framework

FindBugs-IDEA Static byte code analysis to look for bugs in Java code

AndroBugs Framework Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications

Qark Tool to look for several security related Android application vulnerabilities


Damn Insecure and vulnerable App for Android(DIVA) Vulnerable Android Application

InsecureBankv2 Vulnerable Android Application

Android Security Sandbox An app showcase of some techniques to improve Android app security

GoatDroid A fully functional and self-contained training environment for educating developers and testers on Android security


Stitch A Cross Platform Python Remote Administration Tool

This is a cross-platform python framework that permits you to create custom payloads for Windows, Mac OSX, and UNIX moreover. you’re ready to choose whether or not the payload binds to a selected scientific discipline and port, listens for an association on a port, the choice to send associate degree email of system data once the system boots, associate degree choice to begin keylogger on boot. Payloads created will Python RAT solely run on the OS that they were created on.


Cross-Platform Support

  • Command and file auto-completion
  • Antivirus detection
  • Able to turn off/on display monitors
  • Hide/unhide files and directories
  • View/edit the hosts file
  • View all the systems environment variables
  • Keylogger with options to view status, start, stop and dump the logs onto your host system
  • View the location and other information of the target machine
  • Execute custom python scripts which return whatever you print to screen
  • Screenshots
  • Virtual machine detection
  • Download/Upload files to and from the target system
  • Attempt to dump the systems password hashes
  • Payloads’ properties are “disguised” as other known programs

Windows Specific

  • Display a user/password dialog box to obtain user password
  • Dump passwords saved via Chrome
  • Clear the System, Security, and Application logs
  • Enable/Disable services such as RDP,UAC, and Windows Defender
  • Edit the accessed, created, and modified properties of files
  • Create a custom popup box
  • View connected webcam and take snapshots
  • View past connected wifi connections along with their passwords
  • View information about drives connected
  • View summary of registry values such as DEP

Mac OSX Specific

  • Display a user/password dialog box to obtain user password
  • Change the login text at the user’s login screen
  • Webcam snapshots

Mac OSX/Linux Specific

  • SSH from the target machine into another host
  • Run sudo commands
  • Attempt to bruteforce the user’s password using the passwords list found in Tools/
  • Webcam snapshots? (untested on Linux)

Implemented Transports

All communication between the host and target is AES encrypted. Every Stitch program generates an AES key which is then put into all payloads. To access a payload the AES keys must match. To connect from a different system running Stitch you must add the key by using the showkey command from the original system and the addkey command on the new system.

Implemented Payload Installers

The “stitchgen” command gives the user the option to create NSIS installers on Windows and Makeself installers on posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the firewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer places the payload and attempts to add persistence. To create NSIS installers you must download and install NSIS.


For easy installation run the following command that corresponds to your OS:

# for Windows
pip install -r win_requirements.txt

# for Mac OSX
pip install -r osx_requirements.txt

# for Linux
pip install -r lnx_requirements.txt

Windows Specific

Mac OSX Specific

Mac OSX/Linux Specific

To Run

python or ./


All-in-One Wi-Fi Cracking Tools for Android – Hijacker v1.5

Hijacker v1.5 is a Graphical User Interface for the penetration testing instruments Aircrack-ng, Airodump-ng, MDK3 and Reaver. It offers a basic and simple UI to utilize these devices without using commands in a console and copy and pasting MAC addresses. This application requires an ARM android smartphone with an internal wireless adapter that backings Monitor Mode. A couple of android gadgets do, however none of them locally. This implies you will require a custom firmware. Any gadget that uses the BCM4339 chipset. Gadgets that utilization BCM4330 can utilize bcmon.
An option is utilize an external adapter that backings monitor mode in Android with an OTG link. The required tools are incorporated for armv7l and aarch64 devices as of rendition 1.1. The Nexmon driver and administration utility for BCM4339 and BCM4358 are additionally included. Root get to is likewise vital, as these apparatuses require root to work.

Features Hijacker v1.5


Information Gathering

  1. View a list of access points and stations (clients) around you (even hidden ones)
  2. View the activity of a specific network (by measuring beacons and data packets) and its clients
  3. Statistics about access points and stations
  4. See the manufacturer of a device (AP or station) from the OUI database
  5. See the signal power of devices and filter the ones that are closer to you
  6. Save captured packets in .cap file


  1. Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)
  2. Deauthenticate a specific client from the network it’s connected
  3. MDK3 Beacon Flooding with custom options and SSID list
  4. MDK3 Authentication DoS for a specific network or to every nearby AP
  5. Capture a WPA handshake or gather IVs to crack a WEP network
  6. Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)


  1. Leave the app running in the background, optionally with a notification
  2. Copy commands or MAC addresses to clipboard
  3. Includes the required tools, no need for manual installation
  4. Includes the Nexmon driver, required library and management utility for BCM4339 and BCM4358 devices
  5. Set commands to enable and disable monitor mode automatically
  6. Crack .cap files with a custom wordlist
  7. Create custom actions and run them on an access point or a client easily
  8. Sort and filter Access Points and Stations with many parameters
  9. Export all gathered information to a file
  10. Add a persistent alias to a device (by MAC) for easier identification


Installation Hijacker v1.5

Make sure:

  • You are on Android 5+
  • You are rooted (SuperSU is required, if you are on CM/LineageOS install SuperSU)
  • You have a firmware to support Monitor Mode on your wireless interface

Download the latest version by clicking the download button below.

Hijacker v1.5

When you run Hijacker for the first time, you will be asked whether you want to install the nexmon firmware or go to home screen. If you have installed your firmware or use an external adapter, you can just go to the home screen. Otherwise, and if your device is supported, click ‘Install Nexmon’ and then ‘Install’. Afterwards you will land on the home screen and airodump will start. Make sure you have enabled your WiFi and it’s in monitor mode.

Note: On some devices, changing files in /system might trigger an Android security feature and your system partition will be restored when you reboot.


This app is designed and tested for ARM devices. All the binaries included are compiled for that architecture and will not work on anything else. You can check whether your device is compatible by going to Settings: if you have the option to install Nexmon, then you are on the correct architecture, otherwise you will have to install all the tools manually (busybox, aircrack-ng suite, mdk3, reaver, wireless tools, library) in a PATH accessible directory and set the ‘Prefix’ option for the tools to preload the library they need: LD_PRELOAD=/path/to/

In settings, there is an option to test the tools. If something fails, you can click ‘Copy test command’ and select the tool that fails. This will copy a test command to your clipboard, which you can manually run in a root shell and see what’s wrong. If all the tests pass and you still have a problem, feel free to open an issue here to fix it, or use the ‘Send feedback’ option in the app’s settings.

If the app happens to crash, a new activity will start which will generate a bug report in your external storage and give you the option to submit it by email. The report is shown in the activity so you can see exactly what will be sent.

Do not report bugs for devices that are not supported or when you are using an outdated version.

Keep in mind that Hijacker is just a GUI for these tools. The way it runs the tools is fairly simple, and if all the tests pass and you are in monitor mode, you should be getting the results you want. Also keep in mind that these are auditing tools. This means that they are used to test the integrity of your network, so there is a chance (and you should hope for it) that the attacks don’t work on your network. It’s not the app’s fault, it’s actually something to be happy about (given that this means that your network is safe). However, if an attack works when you type a command in a terminal, but not with the app, feel free to post here to resolve the issue. This app is still under development so bugs are to be expected.


Vulnerability Scanner And Information Gatherer For The Concrete5 CMS – C5Scan

Vulnerability scanner and data gatherer for the Concrete5 CMS or C5Scan. Is somewhat outdated by and by pending a refactor.

Concrete5 is an open-source content management system (CMS) for distributing content on the World Wide Web and intranets. concrete5 includes in-context altering. Editable zones are characterized in concrete5 layouts which enable editors to embed blocks of content. These can contain basic substance like text and pictures or have more intricate usefulness.

Use :

Concrete5 CMS


Dependencies :

Concrete5 CMS


Example Concrete5 CMS :

$ python -u localhost -r

*                      ~ C5scan ~                        *
* A vulnerability and information gatherer for concrete5 *
*                       *

No http:// or https:// provided. Trying http://
URL: http://localhost/

[+] Discovered version from meta 'generator' tag
[+] Interesting header: server: Apache/2.2.14 (Ubuntu)
[+] Interesting header: x-powered-by: PHP/5.3.2-1ubuntu4.24
[+] robots.txt found at  http://localhost/robots.txt
User-agent: *
Disallow: /blocks 
Disallow: /concrete 
Disallow: /config 
Disallow: /controllers 
Disallow: /css 
Disallow: /elements 
Disallow: /helpers 
Disallow: /jobs 
Disallow: /js 
Disallow: /languages 
Disallow: /libraries 
Disallow: /mail 
Disallow: /models 
Disallow: /packages 
Disallow: /single_pages 
Disallow: /themes 
Disallow: /tools
Disallow: /updates

Enumerating updates in /updates/
[+] Update version exists
[+] Update version exists

Looking for Readme files
[+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/adodb/readme.txt
[+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/adodb/docs/docs-adodb.htm
[+] Found a readme at:  http://localhost/concrete/blocks/video/README
[+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/StandardAnalyzer/Readme.txt
[+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/securimage/README.txt

Checking for known vulnerabilities in updates
[+] A known vulnerability exists for
SQL Injection in index.php cID param

Checking for known vulnerabilities in current version
[+] A known vulnerability exists for
SQL Injection in index.php cID param