georgiaw / smartphone-pentest-framework Goto Github PK
View Code? Open in Web Editor NEWRepository for the Smartphone Pentest Framework (SPF)
Repository for the Smartphone Pentest Framework (SPF)
Hello,
I bought a Penetration Testing book: A Hands-On Introduction to Hacking and stopped by the Smarphone-Pentest Framework. Where can I find a smartphone-Pentest-framework? It needs to kali 2.0
Hi, the library packages in the kaliinstall script are named basing on the old system!
The names in the kaliinstall script should be changed to this so the script works! :
apt-get install zlib1g:i386
apt-get install libz1:i386 libncurses5:i386 libbz2-1.0:i386 libstdc++6:i386
Please correct me if I am wrong.
@georgiaw
HI
Where i can find legal virtual machine for windows xp and windows 7
i need this to learning tests security
please about give links
thank you very much
Best Regards
kaliman 12
Hello,
I'm using a secured connection like VPN or OpenVPN PPTP .... etc
But i'm wondering if i can use it with SPF ?
when i to open a App it gives me this error Help me out please and even when i have installed apktool it still says to download it:(
spf> 5
APKTool not found! Is it installed? Check your config file
Install Android APKTool(y/N)?
spf> n
Puts the Android Agent inside an Android App APK. The application runs normally, with extra functionality.
APK to Backdoor: /root/apps/what.apk
Traceback (most recent call last):
File "./framework.py", line 3428, in
main()
File "./framework.py", line 60, in main
agent_attach2()
File "./framework.py", line 756, in agent_attach2
backdoor_apk()
File "./framework.py", line 443, in backdoor_apk
backdoor_srcmethod()
File "./framework.py", line 145, in backdoor_srcmethod
os.chdir(apksloc)
OSError: [Errno 2] No such file or directory: '/root/Smartphone-Pentest-Framework/APKs'
and one more question was if we can use msfvenome backdore to create backdore in apps.
using SPF.
Thank You
i would post in your forum but its closed and i cant add a pull request. Can you guys add in more exploits?
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
12.) Setup API
0.) Exit
spf> 4
Choose a type of modem to attach to:
1.) Search for attached modem
2.) Attach to a smartphone based app
3.) Generate smartphone based app
4.) Copy App to Webserver
5.) Install App via ADB
spf> 3
Choose a type of control app to generate:
1.) Android App (Android 1.6)
2.) Android App with NFC (Android 4.0 and NFC enabled device)
spf> 1
Phone number of agent: 111222333
Control key for the agent: KEYKEY1
Webserver control path for agent: /androidagent1
Control Number:111222333
Control Key:KEYKEY1
ControlPath:/androidagent1
Is this correct?(y/n)y
sh: 1: /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/android: not found
sh: 1: /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/android: not found
Buildfile: /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml
BUILD FAILED
/root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml:90: Cannot find /root/adt-bundle-linux-x86-20131030/sdk/tools/ant/build.xml imported from /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml
Total time: 0 seconds
Hello there!
I've just installed the SPF and configured the frameworkconsole/config. I've also altered the kaliinstall before running the installation. While trying to run the framework.py I get the following error:
root@kali:~# service apache2 start root@kali:~# service mysql start root@kali:~# Smartphone-Pentest-Framework/frameworkconsole/framework.py Traceback (most recent call last): File "Smartphone-Pentest-Framework/frameworkconsole/framework.py", line 16, in <module> config = Config('config') File "/root/Smartphone-Pentest-Framework/frameworkconsole/lib/config.py", line 6, in __init__ self.config.readfp(FakeSecHead(open(config_file))) IOError: [Errno 2] No such file or directory: 'config'
I really appreciate any help! :)
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 4
Choose a type of modem to attach to:
1.) Search for attached modem
2.) Attach to a smartphone based app
3.) Generate smartphone based app
4.) Copy App to Webserver
5.) Install App via ADB
spf> 2
Connect to a smartphone management app. You will need to supply the phone number,the control key, and the URL path
Phone Number: 15555215558
Control Key: KEYKEY1
App URL Path: /bookspftest1
Phone Number: 15555215558
Control Key: KEYKEY1
URL Path: /bookspftest1
Is this correct?(y/N): y
now from the emulator everything is set and ready but whenever I hit the attach button nothing happens.
the emulator is not getting attached to SPF
The readme has a link to the forums, but the link is dead :( Were there forums in the past that were active? Maybe just consider removing the link. No big deal though.
Not a big deal, just if there was a malformed file name.
https://github.com/georgiaw/Smartphone-Pentest-Framework/blob/master/frameworkconsole/framework.py#L97
Since http://secureandroidupdate.org/
Accepted by the 35th IEEE Symposium on Security and Privacy. San Jose, CA. May, 2014.
Hi, I'm having trouble starting framework.py. I've had to fix several issues with installation, I'm running the minimal kali AMI on an EC2 server so I've had to install certain dependencies and change some configuration files to get this far. But ever since the first time I tried running framework.py I get this error and can't seem to figure it out.
Traceback (most recent call last): File "./framework.py", line 6, in <module> import serial ImportError: No module named serial
It's the last step to getting it running and it's doing my nut in, any help is appreciated.
Thanks
As i go through url reffered by the book,i find myself unavle to download smartphone framework
Hi, I having problems for backdooring APK's it is giving this error message:
Exception in thread "main" brut.androlib.AndrolibException: Could not decode arsc file
at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:52)
at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:538)
at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:63)
at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:55)
at brut.androlib.Androlib.getResTable(Androlib.java:64)
at brut.androlib.ApkDecoder.setTargetSdkVersion(ApkDecoder.java:209)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:92)
at brut.apktool.Main.cmdDecode(Main.java:165)
at brut.apktool.Main.main(Main.java:81)
Caused by: java.io.IOException: Expected: 0x00000008, got: 0x00000001
at brut.util.ExtDataInput.skipCheckShort(ExtDataInput.java:56)
at brut.androlib.res.decoder.ARSCDecoder.readValue(ARSCDecoder.java:238)
at brut.androlib.res.decoder.ARSCDecoder.readEntry(ARSCDecoder.java:201)
at brut.androlib.res.decoder.ARSCDecoder.readConfig(ARSCDecoder.java:189)
at brut.androlib.res.decoder.ARSCDecoder.readType(ARSCDecoder.java:157)
at brut.androlib.res.decoder.ARSCDecoder.readPackage(ARSCDecoder.java:114)
at brut.androlib.res.decoder.ARSCDecoder.readTable(ARSCDecoder.java:78)
at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:47)
... 8 more
Traceback (most recent call last):
File "./framework.py", line 3428, in
main()
File "./framework.py", line 60, in main
agent_attach2()
File "./framework.py", line 756, in agent_attach2
backdoor_apk()
File "./framework.py", line 439, in backdoor_apk
backdoor_srcmethod()
File "./framework.py", line 154, in backdoor_srcmethod
tree.parse(foldername + "/AndroidManifest.xml")
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'facebook2/AndroidManifest.xml'
What Can I do to resolve this? I am using Kali 2.0, my architecture is i686.
kaliinstall is missing android installation lines like in btinstall.
wget http://dl.google.com/android/android-sdk_r21-linux.tgz;
tar -xvzf android-sdk_r21-linux.tgz;
export PATH=${PATH}:${PWD}/android-sdk-linux/tools:${PWD}/android-sdk-linux/platform-tools
Just FYI
I am running kali as my host OS and I used 'git clone' to pull SPF to a folder in '/root/Smartphone-Pentest-Framework'.
This shows up when attempting to run the kali install
...
E: Unable to locate package libexpect-perl
E: Package 'libdbd-pg-perl' has no installation candidate
E: Unable to locate package libdevice-serialport-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package ant
....
also Android SDK install failure?
.....
Downloading Google APIs, Android API 14, revision 2
Installing Google APIs, Android API 14, revision 2
Installed Google APIs, Android API 14, revision 299%)
Updated ADB to support the USB devices declared in the SDK add-ons.
Stopping ADB server failed (code -1).
Unable to run 'adb': Cannot run program "/usr/share/android-sdk/platform-tools/adb": java.io.IOException: error=2, No such file or directory.
Starting ADB server failed (code -1).
Done. 1 package installed.
-e Creating first time 'framework' database (empty)
.......
and service start failure.....
.......
[FAIL] Starting MySQL database server: mysqld . . . . . . . . . . . . . . failed!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
[....] Starting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
. ok
-e
Full output of running kaliinstall is below.
root@kali:# cd Smartphone-Pentest-Framework//Smartphone-Pentest-Framework# ls
root@kali:
AgentTemplates FrameworkAndroidApp kaliinstall santokuinstall
arm-linux-androideabi-4.6 FrameworkAndroidAppwithNFC license.rtf SPF-manualv0.1.pdf
btinstall frameworkconsole README.md Version
root@kali:~/Smartphone-Pentest-Framework# ./kaliinstall
-e
Installin serialport, dbdpg, and expect for perl
-e #########################################
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libdbd-pg-perl is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Unable to locate package libexpect-perl
E: Package 'libdbd-pg-perl' has no installation candidate
E: Unable to locate package libdevice-serialport-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package ant
Refresh Sources:
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml
Validate XML
Parse XML
Fetched Add-ons List successfully
Refresh Sources
Fetching URL: https://dl-ssl.google.com/android/repository/repository-7.xml
Validate XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Parse XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Fetching URL: https://dl-ssl.google.com/android/repository/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Installing Archives:
Preparing to install archives
Downloading Android SDK Platform-tools, revision 16.0.2
Installing Android SDK Platform-tools, revision 16.0.2
Stopping ADB server failed (code -1).
Installed Android SDK Platform-tools, revision 16.0.299%)
Stopping ADB server failed (code -1).
Unable to run 'adb': Cannot run program "/usr/share/android-sdk/platform-tools/adb": java.io.IOException: error=2, No such file or directory.
Starting ADB server failed (code -1).
Done. 1 package installed.
Refresh Sources:
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml
Validate XML
Parse XML
Fetched Add-ons List successfully
Refresh Sources
Fetching URL: https://dl-ssl.google.com/android/repository/repository-7.xml
Validate XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Parse XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Fetching URL: https://dl-ssl.google.com/android/repository/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Installing Archives:
Preparing to install archives
Downloading SDK Platform Android 1.6, API 4, revision 3
Installing SDK Platform Android 1.6, API 4, revision 3
Installed SDK Platform Android 1.6, API 4, revision 399%)
Done. 1 package installed.
Refresh Sources:
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml
Validate XML
Parse XML
Fetched Add-ons List successfully
Refresh Sources
Fetching URL: https://dl-ssl.google.com/android/repository/repository-7.xml
Validate XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Parse XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Fetching URL: https://dl-ssl.google.com/android/repository/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Installing Archives:
Preparing to install archives
Downloading Google APIs, Android API 4, revision 2
Installing Google APIs, Android API 4, revision 2
Installed Google APIs, Android API 4, revision 299%)
Updated ADB to support the USB devices declared in the SDK add-ons.
Stopping ADB server failed (code -1).
Unable to run 'adb': Cannot run program "/usr/share/android-sdk/platform-tools/adb": java.io.IOException: error=2, No such file or directory.
Starting ADB server failed (code -1).
Done. 1 package installed.
Refresh Sources:
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml
Validate XML
Parse XML
Fetched Add-ons List successfully
Refresh Sources
Fetching URL: https://dl-ssl.google.com/android/repository/repository-7.xml
Validate XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Parse XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Fetching URL: https://dl-ssl.google.com/android/repository/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/extras/intel/addon.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
Fetching URL: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Validate XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Parse XML: https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
Installing Archives:
Preparing to install archives
Downloading SDK Platform Android 4.0, API 14, revision 3
Installing SDK Platform Android 4.0, API 14, revision 3
Installed SDK Platform Android 4.0, API 14, revision 396%)
Done. 1 package installed.
Refresh Sources:
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml
Validate XML
Failed to fetch URL https://dl-ssl.google.com/android/repository/addons_list-1.xml, reason: peer not authenticated
Parse XML
Fetched Add-ons List successfully
Refresh Sources
Fetching URL: https://dl-ssl.google.com/android/repository/repository-7.xml
Validate XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Parse XML: https://dl-ssl.google.com/android/repository/repository-7.xml
Fetching URL: https://dl-ssl.google.com/android/repository/addon.xml
Validate XML: https://dl-ssl.google.com/android/repository/addon.xml
Parse XML: https://dl-ssl.google.com/android/repository/addon.xml
Installing Archives:
Preparing to install archives
Downloading Google APIs, Android API 14, revision 2
Installing Google APIs, Android API 14, revision 2
Installed Google APIs, Android API 14, revision 299%)
Updated ADB to support the USB devices declared in the SDK add-ons.
Stopping ADB server failed (code -1).
Unable to run 'adb': Cannot run program "/usr/share/android-sdk/platform-tools/adb": java.io.IOException: error=2, No such file or directory.
Starting ADB server failed (code -1).
Done. 1 package installed.
-e Creating first time 'framework' database (empty)
[FAIL] Starting MySQL database server: mysqld . . . . . . . . . . . . . . failed!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
[....] Starting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
. ok
-e
Install of Smartphone Pentest Framework is complete!
-e You need to edit your config file to your liking in the following location:/root/Smartphone-Pentest-Framework/frameworkconsole/config
-e Once config is setup you can either run ./framework.pl in the frameworkconsole directory,
-e This concludes the install.. enjoy!
Whenever I try and backdoor a APK using the SPF I get the following error it is repeatable with multiple APKs
Traceback (most recent call last):
File "./framework.py", line 3508, in
main()
File "./framework.py", line 58, in main
agent_attach2()
File "./framework.py", line 992, in agent_attach2
backdoor_apk()
File "./framework.py", line 90, in backdoor_apk
backdoor_apk2()
File "./framework.py", line 426, in backdoor_apk2
tree.parse(foldername + "/AndroidManifest.xml")
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'OsmAndMapsNavigation./AndroidManifest.xml'
may i ask you two questions?
when i use 'Attach Framework to a Deployed Agent' ,why "/text.txt" is empty and it will be wrong, it can't work, what is the reason.
it is very kind of you to help me , thank you very much,very much...
The vm from the readme link https://nostarch.com/pentesting is password protected. I failed to find the account credentials for logging in.
When I try to make a mobile modem I follow your guys tutorial and always end up with,
Control Number:**********
Control Key:*******
ControlPath:/androidagent1
Is this correct?(y/n)y
Updated project.properties
Updated local.properties
Updated file /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/proguard-project.txt
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Updated local.properties
Updated file /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/proguard-project.txt
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
sh: 1: ant: not found
I follow your guys tutorial
What similar program instead of Smartphone Pentest Framework can I use to perform security tests on Kali Linux software? It is important that the software is simple and free and it is possible to develop it constantly. I am asking for a hint
please help me on how to install it in real time as we are doing a project on this spf
hi georgiaw,
i used many files of windows xp and 7 iso files
none are not working perfectly
even if they are working after changing the properties of local area connection i cant able to access to internet and cannot ping from kali to xp ip
it shows DNS error while opening webpage in xp
please help me
thank you
Hey Georgia,
I purchased a copy of your book for pentesting, i am trying to download the Smartphone-Pentest-Framework, every-time i use the link in the book git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git
the only thing it downloads is the README.md
i then changed cd Smartphone-Pentest-Framework
then nano Kaliinstall
when i type in what you have on page 28 it and then do ./kalliinstall it tells me permission denied and moves no further. Can you help me with this?
Also i am no sure at the moment (new to pentesting) where to find the correct adt-bundle-linux version that i downloaded in order to change to my current version i am using.
Thank you,
@georgiaw
Hello
I have a problem setting the internet in a virtual machine with windows XP installed. And exactly the problem is that the Internet is not VMwarew I have in network connections set as it is written in the book. I followed the instructions exactly. So I tried the network connection on the bridge with a NAT connection and nothing worked and for the host (no internet). I tried to use the internet for wireless and wired connection and to install network drivers, but nothing works. The error that pops up for me is "the page cannot be displayed" and hints on what to set I set everything as it is written in the error message and does not work. What can I change in settings?
Please help
Best Regards
Errors:
Error: Flag '-a,addon-google_apis-google-4' is not valid for 'update sdk'.
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'
No update to this script since February and previous issues closed without any changes.
Hi Georgia,
i have a good.apk application (safe, normal application). When i choose "Backdoor Android APK with Agent", the prompt shows:
APK to Backtdoor: /root/Desktop/good.apk
and press enter. Now, i have the following output:
Destination directory (/root/Smartphone-Pentest-Framework/APKs/MapsDemo) already exists. Use -f switch if you want to overwrite it.
mkdir: cannot create directory AndroidAgent/src/com/': File exists mkdir: cannot create directory
AndroidAgent/src/com/bulbsecurity/': File exists
mkdir: cannot create directory `AndroidAgent/src/com/bulbsecurity/framework/': File exists
Updated local.properties
Updated file AndroidAgent/build.xml
Updated file AndroidAgent/proguard-project.txt
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/build.xml
-check-env:
[checkenv] Android SDK Tools Revision 22.0.0
[checkenv] Installed at /usr/share/android-sdk
-setup:
[echo] Project Name: AndroidAgent
[gettype] Project Type: Application
-pre-clean:
clean:
[delete] Deleting directory /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin
[delete] Deleting directory /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/gen
[getlibpath] Library dependencies:
[getlibpath] No Libraries
[subant] No sub-builds to iterate on
-set-mode-check:
-set-debug-files:
-check-env:
[checkenv] Android SDK Tools Revision 22.0.0
[checkenv] Installed at /usr/share/android-sdk
-setup:
[echo] Project Name: AndroidAgent
[gettype] Project Type: Application
-set-debug-mode:
-debug-obfuscation-check:
-pre-build:
-build-setup:
[getbuildtools] Using latest Build Tools: 19.0.3
[echo] Resolving Build Target for AndroidAgent...
[gettarget] Project Target: Google APIs
[gettarget] Vendor: Google Inc.
[gettarget] Platform Version: 1.6
[gettarget] API level: 4
[echo] ----------
[echo] Creating output directories if needed...
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin/res
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/gen
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin/classes
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin/dexedLibs
[echo] ----------
[echo] Resolving Dependencies for AndroidAgent...
[dependency] Ordered libraries:
[dependency]
[dependency] ------------------
[dependency] API<=15: Adding annotations.jar to the classpath.
[echo] ----------
[echo] Building Libraries with 'debug'...
[subant] No sub-builds to iterate on
-code-gen:
[mergemanifest] Merging AndroidManifest files into one.
[mergemanifest] Manifest merger disabled. Using project manifest only.
[echo] Handling aidl files...
[aidl] No AIDL files to compile.
[echo] ----------
[echo] Handling RenderScript files...
[renderscript] No RenderScript files to compile.
[echo] ----------
[echo] Handling Resources...
[aapt] Generating resource IDs...
[aapt] /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/res/layout/main.xml:7: error: Error: No resource found that matches the given name (at 'text' with value '@string/hello').
BUILD FAILED
/usr/share/android-sdk/tools/ant/build.xml:650: The following error occurred while executing this line:
/usr/share/android-sdk/tools/ant/build.xml:691: null returned: 1
Total time: 1 second
Input file (AndroidAgent/bin/AndroidAgent-debug.apk) was not found or was not readable.
mkdir: cannot create directory MapsDemo/smali/com': File exists cp: cannot stat
AndroidAgent2/smali/com/bulbsecurity': No such file or directory
mkdir: cannot create directory MapsDemo/smali/jackpal': File exists cp: cannot stat
AndroidAgent2/smali/jackpal': No such file or directory
Phone number of the control modem for the agent:
Can you help me please?
Tnx!
I've been trying to play around with this, but I have not gotten anything working so far. I'm using Kail. Here are some issues:
spf> 1
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key
spf> 2
1.) MapsDemo
2.) BlankFrontEnd
spf> 2
Phone number of the control modem for the agent: 15555555555
Control key for the agent: KEYKEY1
Webserver control path for agent:
Control Number:15555555555
Control Key:KEYKEY1
ControlPath:
Is this correct?(y/n) y
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Scripts/Smartphone-Pentest-Framework/AgentTemplates/BlankFrontEnd/build.xml
BUILD FAILED
/root/Scripts/Smartphone-Pentest-Framework/AgentTemplates/BlankFrontEnd/build.xml:90: Cannot find /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml imported from /root/Scripts/Smartphone-Pentest-Framework/AgentTemplates/BlankFrontEnd/build.xml
Total time: 0 seconds
1.) MapsDemo
2.) BlankFrontEnd
"/root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml" obviously doesn't exist because there is a "Scripts" folder within the "root" folder. Everything in the "config" file is set with this in mind.
It doesn't like common words very much:
spf> help
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 59, in main
agent_attach2()
File "./framework.py", line 685, in agent_attach2
choose_build()
File "./framework.py", line 865, in choose_build
pick = int(choice)-1
ValueError: invalid literal for int() with base 10: 'help'
spf> exit
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 59, in main
agent_attach2()
File "./framework.py", line 685, in agent_attach2
choose_build()
File "./framework.py", line 865, in choose_build
pick = int(choice)-1
ValueError: invalid literal for int() with base 10: 'exit'
Not sure if I was doing this right, but it doesn't like what I did.
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 1
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key
spf> 1
Attach to a Deployed Agent:
This will set up handlers to control an agent that has already been deployed.
Agent URL Path:
Agent Control Key: t
Communication Method(SMS/HTTP): HTTP
URL Path:
Control Key: t
Communication Method: HTTP
Is this correct?(y/N): y
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 59, in main
agent_attach2()
File "./framework.py", line 681, in agent_attach2
agent_attach()
File "./framework.py", line 2271, in agent_attach
f = open(text, 'r+')
IOError: [Errno 2] No such file or directory: '/var/www/text.txt'
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py
It also doesn't like Metasploit:
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 8
Runs smartphonecentric Metasploit modules for you.
Select An Option from the Menu:
1.) Run iPhone Metasploit Modules
2.) Create Android Meterpreter
3.) Setup Metasploit Listener
4.) Run Android Metasploit Modules
spf> 2
Generate Android Meterpreter
IP to connect back to:192.168.1.75
Port to connect back to:4444
Is this correct(y/N):y
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
Found 0 compatible encoders
Or this:
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 6
Choose a social engineering or client side attack to launch:
1.) Direct Download Agent
2.) Client Side Shell
3.) USSD Webpage Attack (Safe)
4 ) USSD Webpage Attack (Malicious)
spf> 2
Select a Client Side Attack to Run
1) CVE=2010-1759 Webkit Vuln Android
spf> exit
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 6
Choose a social engineering or client side attack to launch:
1.) Direct Download Agent
2.) Client Side Shell
3.) USSD Webpage Attack (Safe)
4 ) USSD Webpage Attack (Malicious)
spf> 3
Hosting Path:
Filename: test
Phone Number to Attack: 15555555555
mkdir: cannot create directory `/var/www': File exists
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 69, in main
social()
File "./framework.py", line 978, in social
ussdsafe()
File "./framework.py", line 1120, in ussdsafe
modem = get_modem()
File "./framework.py", line 1799, in get_modem
db.query("SELECT COUNT(*) from modems")
File "/root/Scripts/Smartphone-Pentest-Framework/frameworkconsole/lib/db.py", line 83, in query
return self._dbe.query(q, params)
File "/root/Scripts/Smartphone-Pentest-Framework/frameworkconsole/lib/db.py", line 18, in query
self.cur.execute(q, params)
File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 174, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1146, "Table 'framework.modems' doesn't exist")
Or this:
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 4
Choose a type of modem to attach to:
1.) Search for attached modem
2.) Attach to a smartphone based app
3.) Generate smartphone based app
4.) Copy App to Webserver
5.) Install App via ADB
spf> 3
Choose a type of control app to generate:
1.) Android App (Android 1.6)
2.) Android App with NFC (Android 4.0 and NFC enabled device)
spf> 2
Phone number of agent: 15555555555
Control key for the agent: KEYKEY1
Webserver control path for agent:
Control Number:15555555555
Control Key:KEYKEY1
ControlPath:
Is this correct?(y/n): y
sh: 1: Syntax error: Unterminated quoted string
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/build.xml
-check-env:
[checkenv] Android SDK Tools Revision 22.0.1
[checkenv] Installed at /usr/share/android-sdk
-setup:
[echo] Project Name: FrameworkAndroidAppActivity
[gettype] Project Type: Application
-pre-clean:
clean:
[delete] Deleting directory /root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/bin
[delete] Deleting directory /root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/gen
[getlibpath] Library dependencies:
[getlibpath] No Libraries
[subant] No sub-builds to iterate on
-set-mode-check:
-set-debug-files:
-check-env:
[checkenv] Android SDK Tools Revision 22.0.1
[checkenv] Installed at /usr/share/android-sdk
-setup:
[echo] Project Name: FrameworkAndroidAppActivity
[gettype] Project Type: Application
-set-debug-mode:
-debug-obfuscation-check:
-pre-build:
-build-setup:
BUILD FAILED
/usr/share/android-sdk/tools/ant/build.xml:479: SDK does not have any Build Tools installed.
Total time: 1 second
cp: cannot stat `/root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/bin/FrameworkAndroidAppActivity-debug-unaligned.apk': No such file or directory
It seems, in general, Python errors are quite abundant. I am just going through some of the things at random and this is what I have encountered. Also, "exploit/android/browser/webview_addjavascriptinterface" should be added.
Hello,
I have just installed SPF, but got "Target id 'Google Inc.:Google APIs:4 is not valid" error when creating an SPF App. I use Ubuntu 14.04 64bit.
Please help. Thanks,
Tuan
Output:
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml
BUILD FAILED
/root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml:90: Cannot find /root/adt-bundle-linux-x86-20131030/sdk/tools/ant/build.xml imported from /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml
Total time: 0 seconds
Hi
I have updated the ADT bundle then after I have been trying to connect to drozer agent. I have forwarded the port to 31415 and run the command "drozer console connect".But I am getting error while connecting saying "error no 22 invalid argument".
Whenever I try to backdoor an apk I get this error:
IOError: [Errno 2] No such file or directory xxxx.//AndroidManifest.xml'
I tried 3 different apks result are the same. What should I do?
Also when I try to generate agentapp I get this:
"Google Inc.:Google APIs:4' is not valid."
So far I couldn't do anything with this tool :/
Latest version of Kali Linux 32 bit
would be awesome if you could integrate mercury in to spf
Control Number:**********
Control Key:KEYKEY1
ControlPath:/androidagent1
Is this correct?(y/n)y
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml
BUILD FAILED
/root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml:90: Cannot find /root/adt-bundle-linux-x86-20131030/sdk/tools/ant/build.xml imported from /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml
Im using Backtrack 5r3
Hi when ever I try and build a Agent I get the following error
sed: couldn't open file ww</string>/: No such file or directory
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /pentest/mobile/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml
BUILD FAILED
/pentest/mobile/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml:90: Cannot find /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml imported from /pentest/mobile/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml
It seems to think my android sdk is in /root/ when no where in the config file is /root/ specified also my previous issues with backdooring APKs persists and I have tested it on the APK we discussed as well as angry birds (as a test). It seems to still have issues opening AndroidManifest.xml stack trace bellow:
I: Baksmaling...
I: Loading resource table...
I: Loaded.
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/user/apktool/framework/1.apk
I: Loaded.
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Done.
I: Copying assets and libs...
Traceback (most recent call last):
File "./framework.py", line 3577, in
main()
File "./framework.py", line 58, in main
agent_attach2()
File "./framework.py", line 1030, in agent_attach2
backdoor_apk()
File "./framework.py", line 90, in backdoor_apk
backdoor_apk2()
File "./framework.py", line 428, in backdoor_apk2
tree.parse(foldername + "/AndroidManifest.xml")
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'Angry Birds_3.3.0./AndroidManifest.xml'
First off thank you so much for putting in your time and effort to make such a cool tool. I'v been trying to generate a agent app using maps demo and the blank front but continue to have the same errors I'v tried this on a ubuntu 32 bit machine for the last two days without any luck now I'm using kali 64 bit and I'm getting the same error how can I make this go away
BUILD FAILED
/root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)
Total time: 0 seconds
1.) MapsDemo
2.) BlankFrontEnd
spf>
i can’t find it!!!
when ever I try and run framework.py the following traceback is given:
Traceback (most recent call last):
File "./framework.py", line 16, in
config = Config('config')
File "Smartphone-Pentest-Framework/frameworkconsole/lib/config.py", line 6, in init
self.config.readfp(FakeSecHead(open(config_file)))
File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
self._read(fp, filename)
File "/usr/lib/python2.7/ConfigParser.py", line 546, in _read
raise e
ConfigParser.ParsingError: File contains parsing errors: <???>
[line 34]: '<<<<<<< HEAD\n'
[line 36]: '=======\n'
[line 38]: '>>>>>>> 32a44fa\n'
[line 44]: '<<<<<<< HEAD\n'
[line 46]: '=======\n'
[line 56]: '<<<<<<< HEAD\n'
[line 57]: '>>>>>>> 32a44fa\n'
[line 58]: '=======\n'
[line 61]: '>>>>>>> 9d10151\n'
I bought Penetration Testing: A Hands-On Introduction to Hacking book and I'm trying to configure SPF. I've found than I can download it from https://github.com/thefailtheory/Smartphone-Pentest-Framework but still can't config. There is no config file in frameworkconsole subdir.
There is no framework.py , too. Can you help me?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.