EggShell (formerly known as NeonEggShell) is an iOS and OS X surveillance tool written in python. This tool creates an command line session with extra functionality like downloading files, taking pictures, location tracking, and gathering data on a target. Communication between server and target is encrypted with a random 128 bit AES key. EggShell also has the functionality to switch between and handle multiple targets. This is a proof of concept project, intended for use on machines you own.<\/p>\n
<\/p>\n
git clone https:\/\/github.com\/neoneggplant\/EggShell\r\neasy_install pycrypto\r\ncd<\/span> EggShell\r\npython eggshell.py<\/pre>\n<\/div>\n<\/a>iOS Commands:<\/h2>\n\n- ls\u00a0: list contents of directory<\/li>\n
- cd\u00a0: change directories<\/li>\n
- rm\u00a0: delete file<\/li>\n
- pwd\u00a0: get current directory<\/li>\n
- download\u00a0: download file<\/li>\n
- frontcam\u00a0: take picture through front camera<\/li>\n
- backcam\u00a0: take picture through back camera<\/li>\n
- getpid\u00a0: get process id<\/li>\n
- vibrate\u00a0: make device vibrate<\/li>\n
- alert\u00a0: make alert show up on device<\/li>\n
- say\u00a0: make device speak<\/li>\n
- locate\u00a0: get device location<\/li>\n
- respring\u00a0: respring device<\/li>\n
- setvol\u00a0: set mediaplayer volume<\/li>\n
- getvol\u00a0: view mediaplayer volume<\/li>\n
- isplaying\u00a0: view mediaplayer info<\/li>\n
- openurl\u00a0: open url on device<\/li>\n
- dial\u00a0: dial number on device<\/li>\n
- listapps\u00a0: list bundle identifiers<\/li>\n
- open\u00a0: open app<\/li>\n
- installpro\u00a0: installs eggshellpro to device<\/li>\n<\/ul>\n
<\/a>EggShell Pro Commands<\/h2>\n\n- lock\u00a0: simulate lock button press<\/li>\n
- wake\u00a0: wake device from sleeping state<\/li>\n
- home\u00a0: simulate home button press<\/li>\n
- doublehome\u00a0: simulate home button double press<\/li>\n
- play\u00a0: plays music<\/li>\n
- pause\u00a0: pause music<\/li>\n
- next\u00a0: next track<\/li>\n
- prev\u00a0: previous track<\/li>\n
- getpasscode\u00a0: log successfull passcode attempts<\/li>\n
- unlock\u00a0: unlock with passcode<\/li>\n
- keylog\u00a0: log keystrokes<\/li>\n
- keylogclear\u00a0: clear keylog data<\/li>\n
- locationservice: turn on or off location services<\/li>\n<\/ul>\n
<\/a>OS X Commands<\/h2>\n\n- ls\u00a0: list contents of directory<\/li>\n
- cd\u00a0: change directories<\/li>\n
- rm\u00a0: delete file<\/li>\n
- pwd\u00a0: get current directory<\/li>\n
- download\u00a0: download file<\/li>\n
- picture\u00a0: take picture through iSight camera<\/li>\n
- getpid\u00a0: get process id<\/li>\n
- openurl\u00a0: open url through the default browser<\/li>\n
- idletime\u00a0: get the amount of time since the keyboard\/cursor were touched<\/li>\n
- getpaste\u00a0: get pasteboard contents<\/li>\n
- mic\u00a0: record microphone<\/li>\n
- brightness\u00a0: adjust screen brightness<\/li>\n
- getfacebook\u00a0: retrieve facebook cookies from safari<\/li>\n
- exec\u00a0: execute command<\/li>\n
- encrypt\u00a0: encrypt file<\/li>\n
- decrypt\u00a0: decrypt file<\/li>\n
- persistence\u00a0: attempts to connect back every 60 seconds<\/li>\n
- rmpersistence\u00a0: removes persistence<\/li>\n<\/ul>\n
<\/a>Local Commands<\/h2>\n\n- lls\u00a0: list contents of local directory<\/li>\n
- lcd\u00a0: change local directories<\/li>\n
- lpwd\u00a0: get current local directory<\/li>\n
- lopen\u00a0: open local directory<\/li>\n
- clear\u00a0: clears terminal<\/li>\n<\/ul>\n
<\/a>Notes<\/h2>\n