Skip to content
Switch branches/tags


Failed to load latest commit information.
Latest commit message
Commit time

Now included in Empire 2.0 Beta

  • - Empire module to backdoor the sudo command
  • - Empire Module to add mail rule persistence
  • - Empire Module for piggybacking off of sudo sessions
  • - Enables ScreenSharing to allow you to connect to the host via VNC.

It's recommended just to use the Empire modules, but I've left the other scripts I created when initially developing this.

pOSt-eX - OS X post-exploitation scripts

  • - Creates a an ApleScript payload with Empire and configures a mail rule to launch it
  • - EmPyre module implementation of
  • - Piggybacks off a user's sudo session to spawn an agent with root privileges
  • - EmPye module of

MailPersist - Post-exploitation script for OS X persistance


This script creates a new rule in the OS X Mail application to automatically trigger an AppleScript payload when an email is recieved using a trigger word in the subject of the email.

The trigger email will be deleted before it is visible. The Script Monitor will also be killed imediately after executing the python stager. There should not be any visual indicators.


All dependancies are met on a default installation of OS X. With that said, you will likely want to use EmPyre to create your AppleScript payload.


Creating an AppleScript payload with Empyre:

(EmPyre) > listeners
(EmPyre: listeners) > set Name mylistener
(EmPyre: listeners) > execute
(EmPyre: listeners) > usestager applescript mylistener
(EmPyre: stager/applescript) > execute

Open and paste the output in the specified area. Modify the trigger word as you see fit.

When pasting the AppleScript payload from Empire, you need to make two modifications:

  • Double up the backslash characters
  • Remove the final double quote


Post-exploitation scripts for OS X persistence and privesc



No releases published


No packages published