Skip to content

sundaysec/Android-Exploits

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Android-Exploits

A collection of android Exploits and guide on android exploitation

root@n3x7:~$ ls -l
drwxr-xr-x  dos     - Denial Of Service exploits
drwxr-xr-x  local   - Local Exploits
drwxr-xr-x  remote  - remote exploits
drwxr-xr-x  webapps - webapp exploits

Usage and Where to start

Clone me :)

git clone https://github.com/sundaysec/Android-Exploits.git

Recommend you grab exploitpack latest version

wget https://github.com/juansacco/exploitpack/archive/master.zip

Extract then Navigate into the folder and type:

java -jar ExploitPack.jar

Load the exploits

Learn and hack

OWASP Top 10 Mobile Risks

  1. Insecure Data Storage
  2. Weak Server Side Controls
  3. Insufficient Transport Layer Protection
  4. Client Side Injection
  5. Poor Authorization and Authentication
  6. Improper Session Handling
  7. Security Decisions Via Untrusted Inputs
  8. Side Channel Data Leakage
  9. Broken Cryptography
  10. Sensitive Information Disclosure
───────▀▄───▄▀────────
──────▄█▀███▀█▄───────
─────█▀███████▀█──────
─────█─█▀▀▀▀▀█─█──────
────────▀▀─▀▀─────────
-->> exploit

Common Tools(In mobile Exploits)

  • SSH
  • VNC server
  • A compiler (gcc / agcc)
  • Android SDK (adb!)
  • XCode
  • Jailbroken iDevice
  • Rooted Android Device

Android Hacking Tools

Mobile Apps (Hack On Android)

  • AndroRat - Android Remote Administrative Tool
  • cspoilt - A tool that enumerates local hosts, finds vulnerabilities and their exploits, cracks Wi-Fi password, installs backdoors blablabla!!!
  • Hackode - All In One Android Pentest Tool
  • zANTI - Network mapping, port discovery, sniffing, packet manipulation, DoS, MITM blablabla!!
  • FaceNiff - Intercept and sniff WiFi network traffic for Social Media packets
  • Droidsheep - Android application that analyzes security in wireless networks and also captures Twitter, Linked, Facebook, and other accounts
  • USB Cleaver - Silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information
  • Shark - Network Packate analysis tool
  • DroidBox - Dynamic analysis of Android apps
  • Wi-Fi Kill - Disable other Users from WiFi Access

Books and Articles

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.