โ””โ”€โ”€ README.md /README.md: -------------------------------------------------------------------------------- 1 | # Remote Access Tools For android Pentesting 2 | # HIGHSCHOOL PROJECT [SUPPORT AND CLASSES](https://t.me/efxtv) 3 | 4 | 5 | This repo contains android trojan (and [Dataset](#)) as far as I know (free or paid app) with feature and permission list for my documentation. 6 | 7 | Looking for port forwarding without buying VPN or Router setting?? Use [Ngrok](https://ngrok.com/) 8 | 9 | #Vx-Underground 10 | https://www.vx-underground.org/archive.html#builders 11 | 12 | # Note 13 | Please don't download the project if you won't be infected by Trojan, make sure to recheck before downloading or installing from an unknown source (Trojan in a Trojan??). 14 | 15 | - DroidJack [GUI] 16 | - Camera, Microphone, Location 17 | - Storage 18 | - SMS, CALL, Contact 19 | - Whatsapp Reader 20 | - Browser History 21 | - App Manager 22 | 23 | - AndroRAT https://github.com/DesignativeDave/androrat https://github.com/karma9874/AndroRAT https://github.com/The404Hacking/AndroRAT [GUI] 24 | - Contact, Call logs, Call, SMS 25 | - Location, Camera, Microphone 26 | - Streaming video (for activity based client only) 27 | - Do a toast, message 28 | - Give call 29 | - Open an URL in the default browser 30 | - Do vibrate the phone 31 | 32 | - SpyNote [GUI] 33 | - Bind app, Storage, Location 34 | - SMS, Call, Call logs, Contact, Camera 35 | - Listen live conversation through mic, record mic sound live. 36 | - Check browser history. 37 | - Check installed apps. 38 | - Get phoneโ€™s information (IMEI, WIFI MAC, PHONE CARRIER). 39 | - Fun Panel (Show messages, shake the phone etc) 40 | 41 | - AhMyth [GUI] https://github.com/AhMyth/AhMyth-Android-RAT 42 | - Camera, Mircophone, 43 | - Storage, Location 44 | - Message, Call, Call logs, Contact 45 | 46 | 47 | - TheFatRAT https://github.com/Screetsec/TheFatRat 48 | - execute command 49 | - process lost 50 | - camera snap, stream, list, microphone 51 | 52 | - BetterAndroRAT https://github.com/mwsrc/BetterAndroRAT 53 | - Add and remove app 54 | - Camera, Microphone, Storage 55 | - Call & SMS 56 | - Remote Device Controller 57 | 58 | - UnknownRAT [GUI] 59 | - Storage access 60 | - Android Tools such, take photo, screenshot etc 61 | - Record audio 62 | 63 | - android_trojan / Android Trojan https://github.com/androidtrojan1/android_trojan 64 | - shell command, browser history, microphone, location, storage 65 | - add and remove app 66 | - call log, contact,sms dump, 67 | 68 | 69 | - OmniRAT [GUI] 70 | - Fully Remote Access 71 | - File Manager, add and remove apps 72 | - App Widgets 73 | - Full System Information 74 | - Call & SMS 75 | 76 | - Android Voyage 77 | - Remote Android Screen 78 | - Screenshot, keylog, traffic monitor 79 | - Make as system application 80 | - Lock unlock, hide unhide app 81 | - Remove android password 82 | - Message Access 83 | - Bricks the device, Anti Antivirus 84 | - Self Destructive Mode 85 | - Password Grabbers 86 | 87 | - NetWire 88 | - camera 89 | - audio 90 | - keylogger 91 | - storage 92 | - download upload 93 | - location 94 | - etc 95 | 96 | - rdroid https://github.com/m301/rdroid 97 | - Contact 98 | - System 99 | - App 100 | - Storage 101 | - Call 102 | - Message 103 | - Shell 104 | 105 | - LokiDroid [GUI] 106 | - SMS, Call, Call logs, Contact, Toast, Browser 107 | - Storage, Location, Microphone, Camera 108 | - Phone's Hardware and Software details 109 | - Sim details 110 | - Internet details and IP 111 | - offline commands for bots 112 | - Multiple commands for multiple bots 113 | - http RAT ( not required port forwarding) 114 | 115 | 116 | - KevDroid 117 | - Installed applications 118 | - Phone number 119 | - Phone Unique ID 120 | - Location (the application tries to switch on the GPS, 10s capture location) 121 | - Contact, SMS, Call logs, Call, Mails 122 | - Storage, Microphone 123 | 124 | - columbus-trojan https://github.com/project-columbus/trojan (cute trojan) 125 | - Image (front-facing camera) 126 | - 10-second sound clip (microphone) 127 | - Location (mobile triangulation) 128 | 129 | - GhostCtrl 130 | - Admin 131 | - Voice record 132 | - Message 133 | - Location 134 | 135 | 136 | - Pupy https://github.com/n1nj4sec/pupy 137 | - Text to speech for Android to say stuff out loud 138 | - webcam snapshots (front cam & back cam) 139 | - GPS tracker ! 140 | 141 | 142 | - TeleRAT and IIRAT (Telegram BOT) 143 | - Clipboard 144 | - App list 145 | - SMS, Contact 146 | - Storage, Microphone, Camera 147 | - Control Admin Screen, Vibrate 148 | 149 | - Hidden Cobra 150 | - Proxy 151 | - Contact 152 | - SMS 153 | - Payload 154 | 155 | - Dendroid https://github.com/nyx0/Dendroid 156 | - SMS, Call, Call logs, 157 | - Opening web pages 158 | - Uploading images and video 159 | - Opening an application 160 | - Performing denial-of-service attacks 161 | - Changing the command and control server 162 | 163 | - Casperspy https://github.com/dhanumurti [GUI] 164 | - Similar with dendroid 165 | - Actually Botnet by dendroid 166 | - SMS 167 | - Camera, Storage, Microphone 168 | - Browser open page 169 | 170 | - Joanap 171 | - Mic 172 | - botnet 173 | - steal log 174 | 175 | - SHConnect 176 | - Camera 177 | - Location 178 | - Storage 179 | 180 | - HighRise 181 | - Incoming outgoing SMS 182 | 183 | - LaRAT https://github.com/c4wrd/LaRat 184 | - Get messages 185 | - Screenshot Functionality 186 | - Camera Access 187 | - Add Google form for passwords 188 | 189 | - Triout Framework 190 | - Record phonecall, save it, send it to C&C 191 | - SMS Logs 192 | - Call Logs 193 | - Steal Images or Video, Camera Access 194 | - Hide 195 | 196 | - Cerberusapp 197 | - Storage 198 | - Location 199 | - Camera 200 | - Admin 201 | - notdeleteable 202 | - more 203 | 204 | - Pegasus (Sample https://github.com/9aylas/Pegasus-samples) (decompiled https://github.com/jonathandata1/pegasus_spyware) 205 | - Storage, Microhpone, Location 206 | - Screenshot 207 | - Calender 208 | - Instant Messaging 209 | - Contact & Call & SMS & Mail 210 | - Browser History 211 | - Device Setting 212 | 213 | - Adobot https://github.com/adonespitogo/AdoBot 214 | - Realtime command execution 215 | - Schedule commands 216 | - Hidden app icon (stealth mode) 217 | - SMS, Call, Call logs, Contact 218 | - etc 219 | 220 | - Adroid Spy App https://github.com/abhinavsuthar/Android_Spy_App 221 | - Contact, Call logs, SMS 222 | - Logs 223 | - Location, Storage 224 | - Etc 225 | 226 | - SpyApp Client https://github.com/ghazikr/SpyAppClient [GUI] 227 | - Notification Listener (Facebook, whatsapp, email, instagram etc) 228 | - Call Logs 229 | - Contact 230 | - SMS 231 | - Etc 232 | 233 | - i-spy Android https://github.com/JohnReagan/i-spy-android 234 | - Camera 235 | - Location 236 | - Storage 237 | - Etc 238 | 239 | - FinSpy 240 | - Storage 241 | - Phone information 242 | - Call Sms Mms 243 | - Contact 244 | - GPS Location 245 | - Voip record such Skype, WeChat, Viber, LINE etc 246 | 247 | - Monokle 248 | - GPS location 249 | - Audio record, call record 250 | - Screen recording 251 | - Keylogger and fingerprint-device duplicate 252 | - History browser and Call log, SMS Email logs, create a Call and SMS 253 | - Contact and calender 254 | - Shell as root (rooted/rootable) 255 | 256 | - Cerberus Banking [GUI] 257 | - Bots 258 | - Bank and CC Logs information 259 | - Mail logs 260 | - SMS, Call (+Forward), Contact, GPS, Audio 261 | - Monitoring all activity / logs 262 | - Push to turnoff Play Protected (Disable) 263 | - Download, Install, Remove Apps 264 | - Lock device 265 | 266 | - Joker (infect many apps in playstore) 267 | - SMS CALL CONTACT 268 | - Storage 269 | - Manipulating subscription (money) 270 | 271 | - Hawkshaw https://github.com/saksham2410/Android-RAT---Hawkshaw 272 | - similar "Adroid Spy App" 273 | - Call, SMS, Contact, Phone Information 274 | - Camera, Audio, Location, Storage 275 | - Account Detail 276 | - Lock, Vibrate, Flash 277 | - Owner Access (Boot) 278 | - Inject, Install / Remove Apps 279 | - Logs and Keylog (messenger, socialmedia) 280 | 281 | - Strandhogg 282 | - Hijack Session, apps log 283 | - Almost all permission 284 | 285 | - TearDroid PHP https://github.com/ScRiPt1337/Teardroid-phprat 286 | - Retrieve Contact 287 | - Retrieve SMS 288 | - Retrieve running Services 289 | - Retrieve Device Location (๐Ÿ˜Ÿ Only work when the app is open on newer devices) 290 | - Retrieve Call Logs 291 | - Run Shell Command ( use findphno command in run shell command to get device phone number and use findx:pdf to find all the pdf files on the device ) 292 | - Change Wallpaper 293 | - Send SMS 294 | - Make Call 295 | - Get Installed Apps 296 | - Download File 297 | - Read Notification 298 | 299 | - AndroSpy https://github.com/qH0sT/AndroSpy 300 | - Camera 301 | - SMS Contact Call 302 | - Storage 303 | - Install, Inject 304 | 305 | - GravityRAT 306 | - SMS Contact Call 307 | - Storage 308 | - exfiltrate 309 | 310 | - BlueEagle jRAT 311 | - similar "jRAT" 312 | - Call, SMS, Contact, Phone Information 313 | - Camera, Audio, Location, Storage 314 | - Account Detail 315 | - Owner Access (Boot) 316 | - Block google protect 317 | 318 | - TalentRAT https://github.com/honglvt/TalentRAT 319 | - SMS CALL CONTACT 320 | - GPS 321 | - CAMERA AUDIO 322 | 323 | - WH-RAT https://github.com/wh-Cyberspace/WH-RAT [GUI] (Similar with SpyNote NjRAT) 324 | - x soon 325 | - etc 326 | 327 | - Mass RAT https://github.com/NYAN-x-CAT/Mass-RAT 328 | - sms call 329 | - storage 330 | - camera, etc 331 | 332 | - HaxRAT https://github.com/Hax4us/haxRat 333 | - storage, camera 334 | - audio, etc 335 | 336 | - Rogue RAT 337 | - Camera, Audio 338 | - Storage, GPS 339 | - Keylog, etc 340 | 341 | - LodaRAT 342 | - Camera, Microphone, Phone 343 | - Storage, GPS 344 | - Install, Account Credentials, etc 345 | 346 | - Rafel RAT https://github.com/swagkarna/Rafel-Rat 347 | - GPS, Storage 348 | - Camera, Audio, Phone 349 | - Ransomware ? ([Syntax](https://github.com/swagkarna/Rafel-Rat/blob/6398b6ccb48b5039c2ddfc7441ce2adbcc550054/BlackMart/app/src/main/java/com/velociraptor/raptor/InternalService.java#L302)) 350 | - Browserhistory (prefer to syntax) 351 | 352 | - StrongPity 353 | - GPS, Storage 354 | - Phone, Boot, Network Info 355 | 356 | - ERMAC 357 | - SMS, CALL, CONTACT 358 | - InstallApps, GetApps, Inject 359 | 360 | - Android Spyware https://github.com/CanciuCostin/android-spyware 361 | - SMS, Call, Contact, Device Information 362 | - InstallApps, GetApps, Inject 363 | - Cam, Storage, Mic 364 | - Adb command control 365 | 366 | - BRAT (Brazilian RAT) 367 | - Install and remove apps, GetApps, Inject 368 | - Factory Reset 369 | - Admin Control 370 | 371 | - Nivistealer (web steal based - allow/permission interaction) https://github.com/swagkarna/Nivistealer 372 | - IP, GPS, Device information 373 | - Camera, steal clipboard 374 | - set phishing site 375 | 376 | - DogeRAT 377 | - Install and remove apps, GetApps, Inject 378 | - Camera, SMS, Keylogger 379 | - Admin Control etc 380 | 381 | - Dash [GUI] https://github.com/muneebwanee/Dash 382 | - Camera 383 | - Multiple Child clients 384 | - Hidden app icon (stealth mode) 385 | - Real-time location. 386 | - Recording calls: incoming/outgoing. 387 | - SMS: received/sent. 388 | - Environment recording. 389 | - Take pictures. 390 | - Keylogger. 391 | - Phishing social network. 392 | - Notifications received: Whatsapp, Instagram, Messenger. 393 | 394 | - AIRAVAT https://github.com/Th30neAnd0nly/AIRAVAT 395 | - Storage, Admin Permission, List App 396 | - SMS, Call, Contact 397 | - Camera, Audio, Screenshot 398 | - Ransomware, Shell Command 399 | 400 | - IMG-RAT 401 | - Storage, Camera, Audio 402 | - SMS, Call, Contact 403 | - Keylogger, Shell 404 | 405 | - Nexus 406 | - Storage, Camera, Audio 407 | - SMS, Call, Shell, Location, Keylogger 408 | - Inject Banking, Crypto app 409 | - 2FA app 410 | --------------------------------------------------------------------------------