macOS Initial Access Payload Generator
- Intended to be used with https://github.com/its-a-feature/Mythic
Related Blog Post:
- Install Xcode on build machine (Required for Installer Package w/ Installer Plugin)
- Install python requirements
sudo pip3 install -r requirements.txt
- Change settings within the
Settings/MythicSettings.py
file to match your Mythic configs - Run mystikal
python3 mystikal.py
- Select your desired payload from the options
_______ __ __ __ __
| | |.--.--.-----.| |_|__| |--.---.-.| |
| || | |__ --|| _| | <| _ || |
|__|_|__||___ |_____||____|__|__|__|___._||__|
|_____|
Mystikal: macOS Payload Generator
Main Choice: Choose 1 of 11 choices
Choose 1 for Installer Packages
Choose 2 for Mobile Configuration: Chrome Extension
Choose 3 for Mobile Configuration: Webloc File
Choose 4 for Office Macros: VBA
Choose 5 for Office Macros: XLM Macros in SYLK Files
Choose 6 for Disk Images
Choose 7 for Armed PDFs
Choose 8 for Armed Python PIP Packages
Choose 9 for Armed Ruby Gems
Choose 10 for Armed NodeJS NPM Packages
Choose 11 to exit
Option 1, Option 1.4, Option 4, Option 8, Option 9, and Option 11 have submenus shown below
Selected Installer Packages
SubMenu: Choose 1 of 5 choices
Choose 1 for Installer Package w/ only pre/postinstall scripts
Choose 2 for Installer Package w/ Launch Daemon for Persistence
Choose 3 for Installer Package w/ Installer Plugin
Choose 4 for Installer Package w/ JavaScript Functionality
Choose 5 for Installer Package w/ Dylib
Choose 6 to exit
Selected Installer Package w/ JavaScript Functionality
SubMenu Choice: Choose 1 of 3 choices
Choose 1 for Installer Package w/ JavaScript Functionality embedded
Choose 2 for Installer Package w/ JavaScript Functionality in Script
Choose 3 to exit
Selected Office Macros: VBA
SubMenu Choice: Choose 1 of 4 choices
Choose 1 for VBA Macros for Word
Choose 2 for VBA Macros for Excel
Choose 3 for VBA Macros for PowerPoint
Choose 4 to exit
Selected Armed Python PIP Package
SubMenu Choice: Choose 1 of 3 choices
Choose 1 for Armed Python PIP Packages w/ osascript execution
Choose 2 for Armed Python PIP Packages w/ dylib load
Choose 3 to exit
Selected Armed Ruby Gem
SubMenu Choice: Choose 1 of 3 choices
Choose 1 for Armed Ruby Gem w/ osascript execution
Choose 2 for Armed Ruby Gem w/ dylib load
Choose 3 to exit
Selected Tclsh
SubMenu Choice: Choose 1 of 3 choices
Choose 1 for Tclsh w/ local files
Choose 2 for Tclsh w/ hosted dylibs
Choose 3 to exit
To change the execution behavior (which binaries are called upon payload execution)
- Modifications will be required in either the specific payload file under the
Modules
folder or the related template file under theTemplates
folder.
Make sure mythic python package is on the latest version
pip3 uninstall -y mythic && pip3 install mythic