PhoneSploit-Pro - An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session

An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.

Complete Automation to get a Meterpreter session in One Click

This tool can automatically Create, Install, and Run payload on the target device using Metasploit-Framework and ADB to completely hack the Android Device in one click.

The goal of this project is to make penetration testing on Android devices easy. Now you don't have to learn commands and arguments, PhoneSploit Pro does it for you. Using this tool, you can test the security of your Android devices easily.

PhoneSploit Pro can also be used as a complete ADB Toolkit to perform various operations on Android devices over Wi-Fi as well as USB.

Features

v1.0

• Connect device using ADB remotely.
• List connected devices.
• Disconnect all devices.
• Access connected device shell.
• Stop ADB Server.
• Take screenshot and pull it to computer automatically.
• Screen Record target device screen for a specified time and automatically pull it to computer.
• Download file/folder from target device.
• Send file/folder from computer to target device.
• Run an app.
• Install an APK file from computer to target device.
• Uninstall an app.
• List all installed apps in target device.
• Restart/Reboot the target device to System, Recovery, Bootloader, Fastboot.
• Hack Device Completely :
  • Automatically fetch your IP Address to set LHOST.
  • Automatically create a payload using msfvenom, install it, and run it on target device.
  • Then automatically launch and setup Metasploit-Framework to get a meterpreter session.
  • Getting a meterpreter session means the device is completely hacked using Metasploit-Framework, and you can do anything with it.

v1.1

• List all files and folders of the target devices.
• Copy all WhatsApp Data to computer.
• Copy all Screenshots to computer.
• Copy all Camera Photos to computer.
• Take screenshots and screen-record anonymously (Automatically delete file from target device).
• Open a link on target device.
• Display an image/photo on target device.
• Play an audio on target device.
• Play a video on target device.
• Get device information.
• Get battery information.
• Use Keycodes to control device remotely.

v1.2

• Send SMS through target device.
• Unlock device (Automatic screen on, swipe up and password input).
• Lock device.
• Dump all SMS from device to computer.
• Dump all Contacts from device to computer.
• Dump all Call Logs from device to computer.
• Extract APK from an installed app.

v1.3

• Mirror and Control the target device.

v1.4

• Power off the target device.

Requirements

• python3 : Python 3.10 or Newer
• adb : Android Debug Bridge (ADB) from Android SDK Platform Tools
• metasploit-framework : Metasploit-Framework (msfvenom and msfconsole)
• scrcpy : Scrcpy (Screen Copy)

Run PhoneSploit Pro

PhoneSploit Pro does not need any installation and runs directly using python3

On Linux / macOS :

Make sure all the required software are installed.

Open terminal and paste the following commands :

git clone https://github.com/AzeemIdrisi/PhoneSploit-Pro.git

cd PhoneSploit-Pro/

python3 phonesploitpro.py

On Windows :

Make sure all the required software are installed.

Open terminal and paste the following commands :

git clone https://github.com/AzeemIdrisi/PhoneSploit-Pro.git

cd PhoneSploit-Pro/

1. Download and extract latest platform-tools from here.

2. Copy all files from the extracted platform-tools or adb directory to PhoneSploit-Pro directory and then run :

python phonesploitpro.py

Screenshots

Installing ADB

ADB on Linux :

Open terminal and paste the following commands :

• Debian / Ubuntu

sudo apt update

sudo apt install adb

• Fedora

sudo dnf install adb

• Arch Linux / Manjaro

sudo pacman -Sy android-tools

For other Linux Distributions : Visit this Link

ADB on macOS :

Open terminal and paste the following command :

brew install android-platform-tools

or Visit this link : Click Here

ADB on Windows :

Visit this link : Click Here

ADB on Termux :

pkg update

pkg install android-tools

Installing Metasploit-Framework

On Linux / macOS :

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

or Follow this link : Click Here

or Visit this link : Click Here

On Windows :

Visit this link : Click Here

or Follow this link : Click Here

Installing scrcpy

Visit the scrcpy GitHub page for latest installation instructions : Click Here

On Windows : Copy all the files from the extracted scrcpy folder to PhoneSploit-Pro folder.

If scrcpy is not available for your Linux distro, then you can build it with a few simple steps : Build Guide

Tutorial

Setting up Android Phone for the first time

• Enabling the Developer Options

1. Open Settings.
2. Go to About Phone.
3. Find Build Number.
4. Tap on Build Number 7 times.
5. Enter your pattern, PIN or password to enable the Developer options menu.
6. The Developer options menu will now appear in your Settings menu.

• Enabling USB Debugging

1. Open Settings.
2. Go to System > Developer options.
3. Scroll down and Enable USB debugging.

• Connecting with Computer

1. Connect your Android device and adb host computer to a common Wi-Fi network.
2. Connect the device to the host computer with a USB cable.
3. Open terminal in the computer and enter the following command :

adb devices

4. A pop-up will appear in the Android phone when you connect your phone to a new PC for the first time : Allow USB debugging?.
5. Click on Always allow from this computer check-box and then click Allow.
6. Then enter the following command :

adb tcpip 5555

7. Now you can connect the Android Phone over Wi-Fi.
8. Disconnect the USB cable.
9. Go to Settings > About Phone > Status > IP address and note the phone's IP Address.
10. Run PhoneSploit Pro and select Connect a device and enter the target's IP Address to connect over Wi-Fi.

Connecting the Android phone for the next time

1. Connect your Android device and host computer to a common Wi-Fi network.
2. Run PhoneSploit Pro and select Connect a device and enter the target's IP Address to connect over Wi-Fi.

This tool is tested on

• ✅Ubuntu
• ✅Linux Mint
• ✅Kali Linux
• ✅Fedora
• ✅Arch Linux
• ✅Parrot Security OS
• ✅Windows 11
• ✅Termux (Android)

All the new features are primarily tested on Linux, thus Linux is recommended for running PhoneSploit Pro. Some features might not work properly on Windows.

Disclaimer

• Neither the project nor its developer promote any kind of illegal activity and are not responsible for any misuse or damage caused by this project.
• This project is for the purpose of penetration testing only.
• Please do not use this tool on other people's devices without their permission.
• Do not use this tool to harm others.
• Use this project responsibly on your own devices only.
• It is the end user's responsibility to obey all applicable local, state, federal, and international laws.

QuadraInspect - Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications

The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile platform, the need for effective tools to assess its security has also increased. In response to this need, a new Android framework has emerged that combines three powerful tools - AndroPass, APKUtil, RMS, and MobFS - to conduct comprehensive vulnerability analysis of Android applications. This framework is known as QuadraInspect.

QuadraInspect is an Android framework that integrates AndroPass, APKUtil, RMS and MobFS, providing a powerful tool for analyzing the security of Android applications. AndroPass is a tool that focuses on analyzing the security of Android applications' authentication and authorization mechanisms, while APKUtil is a tool that extracts valuable information from an APK file. Lastly, MobFS and RMS facilitates the analysis of an application's filesystem by mounting its storage in a virtual environment.

By combining these three tools, QuadraInspect provides a comprehensive approach to vulnerability analysis of Android applications. This framework can be used by developers, security researchers, and penetration testers to assess the security of their own or third-party applications. QuadraInspect provides a unified interface for all three tools, making it easier to use and reducing the time required to conduct comprehensive vulnerability analysis. Ultimately, this framework aims to increase the security of Android applications and protect users' sensitive data from potential threats.

Requirements

• Windows, Linux or Mac
• NodeJs installed
• Python 3 installed
• OpenSSL-3 installed
• Wkhtmltopdf installed

Installation

To install the tools you need to: First : git clone https://github.com/morpheuslord/QuadraInspect

Second Open a Administrative cmd or powershell (for Mobfs setup) and run : pip install -r requirements.txt && python3 main.py

Third : Once QuadraInspect loads run this command QuadraInspect Main>> : START install_tools

The tools will be downloaded to the tools directory and also the setup.py and setup.bat commands will run automatically for the complete installation.

Usage

Each module has a help function so that the commands and the discriptions are detailed and can be altered for operation.

These are the key points that must be addressed for smooth working:

• The APK file or target must be declared before starting any attack
• The Attacks are seperate entities combined via this framework doing research on how to use them is recommended.
• The APK file can be ether declared ether using args or using SET target withing the tool.
• The target APK file must be placed in the target folder as all the tool searches for the target file with that folder.

Modes

There are 2 modes:

|
└─> F mode
└─> A mode

F mode

The f mode is a mode where you get the active interface for using the interactive vaerion of the framework with the prompt, etc.

F mode is the normal mode and can be used easily

A mode

A mode or argumentative mode takes the input via arguments and runs the commands without any intervention by the user this is limited to the main menu in the future i am planning to extend this feature to even the encorporated codes.

python main.py --target <APK_file> --mode a --command install_tools/tools_name/apkleaks/mobfs/rms/apkleaks

Main Module

the main menu of the entire tool has these options and commands:

As mentioned above the target must be set before any tool is used.

Apkleaks menu

The APKLeaks menu is also really straight forward and only a few things to consider:

• The options SET output and SET json-out takes file names not the actual files it creates an output in the result directory.
• The SET pattern option takes a name of a json pattern file. The JSON file must be located in the pattern directory

Mobfs

Mobfs is pritty straight forward only the port number must be taken care of which is by default on port 5000 you just need to start the program and connect to it on 127.0.0.1:5000 over your browser.

AndroPass

AndroPass is also really straight forward it just takes the file as input and does its job without any other inputs.

Architecture:

The APK analysis framework will follow a modular architecture, similar to Metasploit. It will consist of the following modules:

• Core module: The core module will provide the basic functionality of the framework, such as command-line interface, input/output handling, and logging.
• Static analysis module: The static analysis module will be responsible for analyzing the structure and content of APK files, such as the manifest file, resources, and code.
• Dynamic analysis module: The dynamic analysis module will be responsible for analyzing the behavior of APK files, such as network traffic, API calls, and file system interactions.
• Reverse engineering module: The reverse engineering module will be responsible for decompiling and analyzing the source code of APK files.
• Vulnerability testing module: The vulnerability testing module will be responsible for testing the security of APK files, such as identifying vulnerabilities and exploits.

Adding more

Currentluy there only 3 but if wanted people can add more tools to this these are the things to be considered:

• Installer function
• Seperate tool function
• Main function

Installer Function

• Must edit in the config/installer.py
• The things to consider in the installer is the link for the repository.
• keep the cloner and the directory in a try-except condition to avoide errors.
• choose an appropriate command for further installation

Seperate tool function

• Must edit in the config/mobfs.py , config/androp.py, config/apkleaks.py
• Write a new function for the specific tool
• File handeling is up to you I recommend passing the file name as an argument and then using the name to locate the file using the subprocess function
• the tools must also recommended to be in a try-except condition to avoide unwanted errors.

Main Function

• A new case must be added to the switch function to act as a main function holder
• the help menu listing and commands are up to your requirements and comfort

If wanted you could do your upgrades and add it to this repository for more people to use kind of growing this tool.