Mystikal

macOS Initial Access Payload Generator

Usage:

Install Xcode on build machine (Required for Installer Package w/ Installer Plugin)
Install python requirements

sudo pip3 install -r requirements.txt

Change settings within the Settings/MythicSettings.py file to match your Mythic configs
Run mystikal

python3 mystikal.py

Select your desired payload from the options

 _______               __   __ __           __
|   |   |.--.--.-----.|  |_|__|  |--.---.-.|  |
|       ||  |  |__ --||   _|  |    <|  _  ||  |
|__|_|__||___  |_____||____|__|__|__|___._||__|
         |_____|
         
Mystikal: macOS Payload Generator
Main Choice: Choose 1 of 8 choices
Choose 1 for Installer Packages
Choose 2 for Mobile Configuration: Chrome Extension
Choose 3 for Mobile Configuration: Webloc File
Choose 4 for Office Macros: VBA
Choose 5 for Office Macros: XLM Macros in SYLK Files
Choose 6 for Disk Images
Choose 7 for Armed PDFs
Choose 8 to exit

Note:

Option 1, Option 1.4, and Option 4 have submenus shown below

Selected Installer Packages
SubMenu: Choose 1 of 5 choices
Choose 1 for Installer Package w/ only pre/postinstall scripts
Choose 2 for Installer Package w/ Launch Daemon for Persistence
Choose 3 for Installer Package w/ Installer Plugin
Choose 4 for Installer Package w/ JavaScript Functionality
Choose 5 to exit

Selected Installer Package w/ JavaScript Functionality
SubMenu Choice: Choose 1 of 3 choices
Choose 1 for Installer Package w/ JavaScript Functionality embedded
Choose 2 for Installer Package w/ JavaScript Functionality in Script
Choose 3 to exit

Selected Office Macros: VBA
SubMenu Choice: Choose 1 of 4 choices
Choose 1 for VBA Macros for Word
Choose 2 for VBA Macros for Excel
Choose 3 for VBA Macros for PowerPoint
Choose 4 to exit

Behavior Modifications:

To change the execution behavior (which binaries are called upon payload execution)

Modifications will be required in either the specific payload file under the Modules folder or the related template file under the Templates folder.

macOS Initial Access Payload Generator

Related tags

Overview

Mystikal

Usage:

Note:

Behavior Modifications:

Owner

Leo Pitt

Python Library For Ethical Hacker

MS-FSRVP coercion abuse PoC

This is a js front-end encryption blasting account and password tools

cve-2021-21985 exploit

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

POC for CVE-2022-1388

Use scrapli to retrieve security zone information from a Juniper SRX firewall

DNSSEQ: PowerDNS with FALCON Signature Scheme

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

Log4Shell Proof of Concept (CVE-2021-44228)

A secure way of storing your passwords.

Password-Manager - This app can generate ,save , find and delete passwords.

The Decompressoin tool for Vxworks MINIFS

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine