SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
Home Page: https://theapplewiki.com/wiki/SeaShell
License: MIT License
Describe the bug
Description: running a command did not receive an expected outcome and resulted in an error
To Reproduce
Steps to reproduce the behavior:
devices -i 0cam -s 0 <insert directory>Failed to read device #0!Expected behavior
Expected to receive image in the directory specified and not receive an error.
Screenshots
Desktop:
Smartphone:
Describe the bug
when trying to generate the .ipa i get an error after entering the path to save the IPA: An error occurred: module 'PIL.Image' has no attribute 'ANTIALIAS'!
To Reproduce
(seashell)> ipa
[>] Application name (Mussel): seaShell
[>] Bundle ID (com.entysec.mussel): com.seaShell.seaShell
[?] Add application icon [y/N]: n
[>] Host to connect back: 192.168.2.116
[>] Port to connect back: 8888
[>] Path to save the IPA: seaShell.ipa
[-] An error occurred: module 'PIL.Image' has no attribute 'ANTIALIAS'!
Expected behavior
an .ipa file is generated and saved to ~/
Desktop (please complete the following information):
Bug:
Cannot run on Apple Silicon. Installed it but all you get is:
OSError: dlopen(/opt/homebrew/lib/python3.11/site-packages/capstone/lib/libcapstone.dylib, 0x0006): tried: '/opt/homebrew/lib/python3.11/site-packages/capstone/lib/libcapstone.dylib' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/lib/python3.11/site-packages/capstone/lib/libcapstone.dylib' (no such file), '/opt/homebrew/lib/python3.11/site-packages/capstone/lib/libcapstone.dylib' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64'))
[-] An error occurred: Instagram is not a zip file!
File "/usr/local/bin/seashell", line 8, in
sys.exit(cli())
File "/home/kali/.local/lib/python3.11/site-packages/seashell/init.py", line 105, in cli
console.console()
File "/home/kali/.local/lib/python3.11/site-packages/seashell/core/console.py", line 198, in console
result = self.runtime.catch(self.shell)
File "/home/kali/.local/lib/python3.11/site-packages/hatsploit/lib/runtime.py", line 126, in catch
traceback.print_stack(file=sys.stdout)
I tried to reinstall seashell then something like this pop out on the red :
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
faraday-agent-dispatcher 3.2.1 requires pytenable, which is not installed.
mitmproxy 10.2.2 requires mitmproxy-rs<0.6,>=0.5.1, which is not installed.
mitmproxy 10.2.2 requires urwid-mitmproxy<2.2,>=2.1.1, which is not installed.
crackmapexec 5.4.0 requires aioconsole<0.4.0,>=0.3.3, but you have aioconsole 0.7.0 which is incompatible.
crackmapexec 5.4.0 requires minikerberos==0.3.3, but you have minikerberos 0.4.0 which is incompatible.
crackmapexec 5.4.0 requires neo4j<5.0.0,>=4.1.1, but you have neo4j 5.2.dev0 which is incompatible.
crackmapexec 5.4.0 requires paramiko<3.0.0,>=2.7.2, but you have paramiko 3.4.0 which is incompatible.
crackmapexec 5.4.0 requires pypsrp<0.8.0,>=0.7.0, but you have pypsrp 0.8.1 which is incompatible.
crackmapexec 5.4.0 requires xmltodict<0.13.0,>=0.12.0, but you have xmltodict 0.13.0 which is incompatible.
faraday-agent-dispatcher 3.2.1 requires python-socketio==5.8.0, but you have python-socketio 5.7.2 which is incompatible.
fastapi 0.101.0 requires starlette<0.28.0,>=0.27.0, but you have starlette 0.31.1 which is incompatible.
lsassy 3.1.6 requires impacket<0.10.0,>=0.9.22, but you have impacket 0.11.0 which is incompatible.
lsassy 3.1.6 requires netaddr<0.9.0,>=0.8.0, but you have netaddr 1.2.1 which is incompatible.
lsassy 3.1.6 requires rich<11.0.0,>=10.6.0, but you have rich 13.3.1 which is incompatible.
mitmproxy 10.2.2 requires cryptography<41.1,>=39.0, but you have cryptography 42.0.5 which is incompatible.
mitmproxy 10.2.2 requires protobuf<5,>=3.14, but you have protobuf 5.26.1 which is incompatible.
mitmproxy 10.2.2 requires pyOpenSSL<23.4,>=22.1, but you have pyopenssl 24.1.0 which is incompatible.
notus-scanner 22.6.2 requires packaging<23.3, but you have packaging 24.0 which is incompatible.
ospd-openvas 22.6.2 requires lxml<5.0.0,>=4.5.2, but you have lxml 5.2.1 which is incompatible.
ospd-openvas 22.6.2 requires packaging<24.0,>=20.4, but you have packaging 24.0 which is incompatible.
ospd-openvas 22.6.2 requires redis>=4.5.0, but you have redis 4.3.4 which is incompatible.
pyppeteer 1.0.1 requires pyee<9.0.0,>=8.1.0, but you have pyee 11.1.0 which is incompatible.
pyppeteer 1.0.1 requires urllib3<2.0.0,>=1.25.8, but you have urllib3 2.2.1 which is incompatible.
theharvester 4.5.1 requires aiohttp==3.9.3, but you have aiohttp 3.9.1 which is incompatible.
theharvester 4.5.1 requires aiosqlite==0.19.0, but you have aiosqlite 0.17.0 which is incompatible.
theharvester 4.5.1 requires dnspython==2.5.0, but you have dnspython 2.6.1 which is incompatible.
theharvester 4.5.1 requires fastapi==0.109.0, but you have fastapi 0.101.0 which is incompatible.
theharvester 4.5.1 requires lxml==5.1.0, but you have lxml 5.2.1 which is incompatible.
theharvester 4.5.1 requires netaddr==0.10.1, but you have netaddr 1.2.1 which is incompatible.
theharvester 4.5.1 requires pyppeteer==1.0.2, but you have pyppeteer 1.0.1 which is incompatible.
theharvester 4.5.1 requires retrying==1.3.4, but you have retrying 1.3.3 which is incompatible.
theharvester 4.5.1 requires setuptools==69.0.3, but you have setuptools 68.1.2 which is incompatible.
theharvester 4.5.1 requires shodan==1.31.0, but you have shodan 1.30.1 which is incompatible.
theharvester 4.5.1 requires slowapi==0.1.8, but you have slowapi 0.1.4 which is incompatible.
theharvester 4.5.1 requires uvicorn==0.27.0.post1, but you have uvicorn 0.27.0 which is incompatible.
Traceback (most recent call last):
File "/Users/dnn/PycharmProjects/pythonProject/.venv/bin/seashell", line 5, in
from seashell import cli
File "/Users/dnn/PycharmProjects/pythonProject/.venv/lib/python3.11/site-packages/seashell/init.py", line 28, in
from seashell.core.ipa import IPA
File "/Users/dnn/PycharmProjects/pythonProject/.venv/lib/python3.11/site-packages/seashell/core/ipa.py", line 31, in
from pex.string import String
ModuleNotFoundError: No module named 'pex.string'
TrollSotre is just an ipa installer witch uses CoreTrust bug. Why can't we include CoreTrust itself into generated ipa?
This ipa patch command error happens with every single ipa, (ipa build command works that is which generates mussel, but not able to do it in existing ipa)
☻(seashell)> ipa patch test.ipa
☻[>] Host to connect back: 192.168.0.105
☻[>] Port to connect back: 8888
[-] An error occurred: [WinError 5] Access is denied: 'test\Payload\TrollLEDs.app\mussel'!
File "C:\Users\Joyas\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main
return run_code(code, main_globals, None,
File "C:\Users\Joyas\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in run_code
exec(code, run_globals)
File "C:\Users\Joyas\AppData\Local\Programs\Python\Python310\Scripts\seashell.exe_main.py", line 7, in
sys.exit(cli())
File "C:\Users\Joyas\AppData\Local\Programs\Python\Python310\lib\site-packages\seashell_init.py", line 106, in cli
console.console()
File "C:\Users\Joyas\AppData\Local\Programs\Python\Python310\lib\site-packages\seashell\core\console.py", line 199, in console
result = self.runtime.catch(self.shell)
File "C:\Users\Joyas\AppData\Local\Programs\Python\Python310\lib\site-packages\hatsploit\lib\runtime.py", line 126, in catch
traceback.print_stack(file=sys.stdout)
☻(seashell)>
I still get an error when I enter the seashell command even if I install the Keystone engine and the Capstone solution doesn’t work for me
MBP M1 macOS 13.6.3
Python: 3.11.7 pip3: 23.3.1
File "/opt/homebrew/bin/seashell", line 5, in
from seashell import cli
File "/opt/homebrew/lib/python3.11/site-packages/seashell/init.py", line 31, in
from seashell.core.console import Console
File "/opt/homebrew/lib/python3.11/site-packages/seashell/core/console.py", line 32, in
from hatsploit.lib.commands import Commands
File "/opt/homebrew/lib/python3.11/site-packages/hatsploit/init.py", line 30, in
from .main import HatSploit, HatSploitGen
File "/opt/homebrew/lib/python3.11/site-packages/hatsploit/main.py", line 30, in
from hatasm import HatAsm
File "/opt/homebrew/lib/python3.11/site-packages/hatasm/init.py", line 25, in
from .main import HatAsm
File "/opt/homebrew/lib/python3.11/site-packages/hatasm/main.py", line 25, in
from .assembler import Assembler
File "/opt/homebrew/lib/python3.11/site-packages/hatasm/assembler.py", line 25, in
import keystone
File "/Users//Library/Python/3.11/lib/python/site-packages/keystone/init.py", line 4, in
from .keystone import Ks, ks_version, ks_arch_supported, version_bind, debug, KsError, _
version_
File "/Users//Library/Python/3.11/lib/python/site-packages/keystone/keystone.py", line 74, in
raise ImportError("ERROR: fail to load the dynamic library.")
ImportError: ERROR: fail to load the dynamic library.
Describe the bug
I've installed everything according to the readme. iOS 15.6, Trollstore installed and working, generated the ipa using seashell, installed trollstore. Started listener on 0.0.0.0 9564 and the ipa has the correct ip address and port (verified 10 times). I can connect to the listener from a different computer via nc and when I ctrl-c the listener responds with error ssl.SSLEOFError: [SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1006) which seems to indicate that the listener is indeed accepting connections from other devices. however, I cannot connect to the listener from the iPhone and the app. The app opens succesfully and presents "Mussel Muffled" - however no connection back. I'm on the same wifi, there is no firewall active. Not sure how to debug this.
MacOS 13.2.1, M1, Python 3.11.6
Command cam -s fails to take a picture using one of the front or back cameras. Unfortunately, I don't have a solution yet. You can find a source code of this command here and try to find what's wrong:
What is your question?
So I recenty runned the pylint on the codebase and the results aren't that good. So is there any need to fix linting? also a workflow can be created to check wether the project really gets built, linting, formatting etc.
Additional context
Any suggestions for the docs?
can work on fixing the linting but will be a large commit (probably gonna sqash commits while merging here).
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Is it possible to add this to the AUR so it's possible to use on arch linux based distributions?
I have python3 installed and added to my path but seashell will not open after I run the install command. Is this user error or is their not windows support?
I tried on local lan and it worked but i tried over wan using ngrok and playit but the connection never come idk why
As you can see i put while generating ipa host name that ngrok gave to me and the port too
And i start listening on 127.0.0.1 and 1177 port
Note: ngrok and playit working
with other rats like (AsyncRAT)
What is your question?
Is there a way to dump the ios keychains?
If yes, how can I execute it?
If no, could you add this feature?
Traceback (most recent call last):
File "", line 198, in run_module_as_main
File "", line 88, in run_code
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Scripts\seashell.exe_main.py", line 4, in
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\seashell_init.py", line 30, in
from seashell.core.console import Console
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\seashell\core\console.py", line 32, in
from hatsploit.lib.commands import Commands
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\hatsploit_init_.py", line 30, in
from .main import HatSploit, HatSploitGen
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\hatsploit_main_.py", line 30, in
from hatasm import HatAsm
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\hatasm_init_.py", line 25, in
from .main import HatAsm
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\hatasm_main_.py", line 25, in
from .assembler import Assembler
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\hatasm\assembler.py", line 27, in
import readline
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\readline.py", line 34, in
rl = Readline()
^^^^^^^^^^
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\pyreadline\rlmain.py", line 422, in init
BaseReadline.init(self)
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\pyreadline\rlmain.py", line 62, in init
mode.init_editing_mode(None)
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\pyreadline\modes\emacs.py", line 633, in init_editing_mode
self._bind_key('space', self.self_insert)
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\pyreadline\modes\basemode.py", line 162, in _bind_key
if not callable(func):
^^^^^^^^^^^^^^
File "C:\Users\korbo\AppData\Local\Programs\Python\Python312\Lib\site-packages\pyreadline\py3k_compat.py", line 8, in callable
return isinstance(x, collections.Callable)
^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'collections' has no attribute 'Callable'
The phone heats up to 40 degrees Celsius when using the payload. it also drains the battery very quickly even when it is not controlled
Iphone 11 - OS: iOS 16.2
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
I bought my hosting, i specified its ip in seashell but listening still doesn't work, how can i configure seashell to work in wan?
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
If you connect to the ip using dynamic dns , the device that is logged into the application does not display, it turns out that so far it works only in the local network
You said (on reddit) that this would cause a process named mussel to be visible in cocoatop. I want to know the limits of this. Does it show up once you install the ipa and stay there untill you reboot ? Does it only show up when you open the app and keep it running ? Does it only show up when the attacker is messing with the system ? Can i kill this process from cocoatop to prevent it ? Is there a way to see which app is infected after seeing mussel in cocoatop without prior knownledge ? Sorry if most of these were in docs. Thanks.
This error originates from a subprocess, and is likely not a problem with pip.
How to fix that??
What is your question?
Listener command doesn't seem to exist ?
Why is this happening?
Apple Air M2
when I am trying toi install seashell with command that provided in readme file its give me this error:
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
googletrans-py 4.0.0 requires h2<5,>=4, but you have h2 3.2.0 which is incompatible.
googletrans-py 4.0.0 requires httpx>=0.22.0, but you have httpx 0.13.3 which is incompatible.
seleniumbase 4.19.2 requires chardet==5.2.0, but you have chardet 3.0.4 which is incompatible.
seleniumbase 4.19.2 requires charset-normalizer==3.3.0, but you have charset-normalizer 3.3.2 which is incompatible.
seleniumbase 4.19.2 requires h11==0.14.0, but you have h11 0.9.0 which is incompatible.
seleniumbase 4.19.2 requires idna==3.4, but you have idna 2.10 which is incompatible.
seleniumbase 4.19.2 requires urllib3<2.1.0,>=1.26.16; python_version >= "3.10", but you have urllib3 2.2.1 which is incompatible.
google-api-core 2.11.1 requires protobuf!=3.20.0,!=3.20.1,!=4.21.0,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5,<5.0.0.dev0,>=3.19.5, but you have protobuf 5.26.0 which is incompatible.
google-cloud-translate 3.12.0 requires protobuf!=3.20.0,!=3.20.1,!=4.21.0,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5,<5.0.0dev,>=3.19.5, but you have protobuf 5.26.0 which is incompatible.
Hello,
I can't run SeaShell. Could you help me please ?
When I run the command it appears in the last two line:
import distutils.sysconfig
ModuleNotFoundError: No module named 'distutils'
Thank you
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
