EvilOSX Remote Administration Tool for macOS

evil RAT (Remote Administration Tool) for macOS / OS X. – GitHub – Marten4n6/EvilOSX: An evil RAT (Remote Administration Tool) for macOS / OS X.

EvilOSX. A pure python, post-exploitation, remote administration tool (RAT) for macOS / OS X. Features. Emulate a simple terminal instance.

EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Features of EvilOSX: Emulate a simple terminal instance.

EvilOSX – Remote Administration Tool for MacOS / OS X: RAT tool which allows the user to gain access to Mac OS systems and retrieve data from them

EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

Features of EvilOSX:

  • Emulate a simple terminal instance
    This means we can input commands directly as though we were sitting behind the machine’s terminal interface.
  • Sockets are encrypted with CSR via OpenSSL
    Our communications to our infected hosts is encrypted, ensuring our communications remain secure.
  • No dependencies (pure python)
    No dependencies, aside from standard Python libraries, meaning nothing extra to install.
  • Persistence
    The ability to migrate to an in-memory process so that it can survive after the terminal it’s launched in is closed.
  • Retrieve Chrome passwords
  • Retrieve iCloud contacts
  • Attempt to get iCloud password via phishing
  • Show local iOS backups
  • Download and upload files
  • Retrieve find my iphone devices
  • Attempt to get root via local privilege escalation (<= 10.10.5)
    Attempt to get root via local privilege escalation based on the linked exploit of macOS,
  • Auto installer, simply run EvilOSX on the target and the rest is handled automatically


Step — 1 — Making the payload

The program will ask you for the IP address of the attacking machine. Enter your IP address, and then the server port of your choice. It may complain a little, but the end result should be an “EvilOSX.py” build file located in the “Builds” folder.

Command — ./BUILDER EvilOSX.py

Step — 2 — Starting the Server

In order to establish the connection to our victim machine when it attempts to connect to us, we’ll have to start a server on our attacker machine to listen for it. We will do this while still in the EvilOSX directory by running

Command — ./Server

Step 3 — Social Engineering

Transfer the file to victim by any method, then ask him to run the file.

Command: — python filename.py


As soon as victim runs the file the victim gets hacked by the attacker without any knowledge and attacker have gained the shell.

Help Menu

Command — help — Displays available options to the user.

Available Commands

Status — This option helps the attacker to know that weather the victim is been connected or not.

Clients — This option tell the attacker the list of the online clients. Who has run the file.

Connect — This options helps the attacker to establish the connection victim

Get_info — This option tell the attacker all the information of the victim machine

State — Not Working

Get_root — This options will give the attacker root access of the victim machine.

State — Not Working

Download — This option gives the permission to attacker to any type of file from victim machine.

Upload — This option give the attacker permission to upload any file to victim machine.

Chrome_password — This option can steal all the password which are stored in google chrome of victim

State — Not Working

icloud_contacts — This attack can steal all the password from the victims icloud and give to attacker.

State — Not Working

icloud_phish — This attack make the fake icloud sign in popup on the victim machine by the attacker to get password of his/her account

Download EvilOSX Tool Free

Zip Extract Password: www.masterscyber.com

Cleaning Up

When finished doing whatever remote administration it is that you’re doing, make sure to send a final kill_server command to kill the connection, and clean up and remove the client server. After this, you won’t be able to connect again, so make sure you’re ready to let go before running this final command.