georgiaw / smartphone-pentest-framework Goto Github PK

View Code? Open in Web Editor NEW

452.0 452.0 193.0 0 B

Repository for the Smartphone Pentest Framework (SPF)

smartphone-pentest-framework's People

Contributors

Stargazers

Watchers

Forkers

slashie sputnicyes mobilipia grangej davislg fengor okoeroo b1naryshark antimoon papalongo johnnypenn chiehwen zedsharma fr34k8 safeboy ajay656-hash rlgnszzz madmercen planetminguez idkwim 1nv4d3r5 vimokumar tlandjr brunokdoc ha5kersdetect kostar140 tporath cmarvel1975 lamkeysing92 vs280685 esauromano kartikeyap bouquetofbarbedwire talsoft sush667 kdubya050 andlab galagie jockey44 prymodebo ragnardanneskjold yudevan null-sec baldybadgersrunningroundmybrain dru1d blackfa1con reaperx420 charles1024 xbalien threats-pimp khalid8000 restrainedgeek archangel666666 debug-orz thomhastings ksoona sigma-random eudemonics yinyue apixelator eyedeekay sergioag20 jdjones999 sh1nu11bi oguzhantopgul brandonberne leonardotw jhangli 0x7678 vaginessa nasvera zaratros switchkiller pandazheng tatramaco cplushua01 ccgreen13 4sp1r3 telnetgmike workidea team-firebugs az0ne zhangf911 neykl ouadmoha securitywarrior lucabongiorni wflk sinful-jonezy akustolin curtainwang ulrich29 laudarch coldcain kbatistic 98989898 diconal dromero1452 cwalls251 vnclouds

smartphone-pentest-framework's Issues

delete smartphone-pentest-framework

Hello,
I bought a Penetration Testing book: A Hands-On Introduction to Hacking and stopped by the Smarphone-Pentest Framework. Where can I find a smartphone-Pentest-framework? It needs to kali 2.0

Library packages names

Hi, the library packages in the kaliinstall script are named basing on the old system!
The names in the kaliinstall script should be changed to this so the script works! :

apt-get install zlib1g:i386
apt-get install libz1:i386 libncurses5:i386 libbz2-1.0:i386 libstdc++6:i386

Please correct me if I am wrong.

Where i find virtual machine for windows xp and windows 7

@georgiaw
HI
Where i can find legal virtual machine for windows xp and windows 7
i need this to learning tests security
please about give links
thank you very much
Best Regards
kaliman 12

WebServer VPN Connection ?

Hello,

I'm using a secured connection like VPN or OpenVPN PPTP .... etc
But i'm wondering if i can use it with SPF ?

Can't Backdore the Apps :( also apktool is installed but asks again to download.

when i to open a App it gives me this error Help me out please and even when i have installed apktool it still says to download it:(

spf> 5
APKTool not found! Is it installed? Check your config file
Install Android APKTool(y/N)?
spf> n

Puts the Android Agent inside an Android App APK. The application runs normally, with extra functionality.
APK to Backdoor: /root/apps/what.apk
Traceback (most recent call last):
File "./framework.py", line 3428, in
main()
File "./framework.py", line 60, in main
agent_attach2()
File "./framework.py", line 756, in agent_attach2
backdoor_apk()
File "./framework.py", line 443, in backdoor_apk
backdoor_srcmethod()
File "./framework.py", line 145, in backdoor_srcmethod
os.chdir(apksloc)
OSError: [Errno 2] No such file or directory: '/root/Smartphone-Pentest-Framework/APKs'

and one more question was if we can use msfvenome backdore to create backdore in apps.
using SPF.

Thank You

request

i would post in your forum but its closed and i cant add a pull request. Can you guys add in more exploits?

Error - look below ;)

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
12.)  Setup API
 0.)  Exit

spf> 4

Choose a type of modem to attach to:
1.) Search for attached modem
2.) Attach to a smartphone based app
3.) Generate smartphone based app
4.) Copy App to Webserver
5.) Install App via ADB
spf> 3

Choose a type of control app to generate:
1.) Android App (Android 1.6)
2.) Android App with NFC (Android 4.0 and NFC enabled device)
spf> 1
Phone number of agent: 111222333
Control key for the agent: KEYKEY1
Webserver control path for agent: /androidagent1

Control Number:111222333
Control Key:KEYKEY1
ControlPath:/androidagent1
Is this correct?(y/n)y
sh: 1: /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/android: not found
sh: 1: /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/android: not found
Buildfile: /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml

BUILD FAILED
/root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml:90: Cannot find /root/adt-bundle-linux-x86-20131030/sdk/tools/ant/build.xml imported from /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml

Total time: 0 seconds

IOError: No such file or directory: 'config'

Hello there!
I've just installed the SPF and configured the frameworkconsole/config. I've also altered the kaliinstall before running the installation. While trying to run the framework.py I get the following error:

root@kali:~# service apache2 start root@kali:~# service mysql start root@kali:~# Smartphone-Pentest-Framework/frameworkconsole/framework.py Traceback (most recent call last): File "Smartphone-Pentest-Framework/frameworkconsole/framework.py", line 16, in <module> config = Config('config') File "/root/Smartphone-Pentest-Framework/frameworkconsole/lib/config.py", line 6, in __init__ self.config.readfp(FakeSecHead(open(config_file))) IOError: [Errno 2] No such file or directory: 'config'

I really appreciate any help! :)

SPF is not in any of the provided images

I purchased the book and downloaded both the ISO and VMDK images. Neither seem to have SPF. The second sentence in README.md is misleading and indicates that SPF is available in the images. Please update the images or modify README.md to better assist future patrons of your book.

the android application is not attaching with SPF

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 4

Choose a type of modem to attach to:
1.) Search for attached modem
2.) Attach to a smartphone based app
3.) Generate smartphone based app
4.) Copy App to Webserver
5.) Install App via ADB
spf> 2

Connect to a smartphone management app. You will need to supply the phone number,the control key, and the URL path

Phone Number: 15555215558
Control Key: KEYKEY1
App URL Path: /bookspftest1

Phone Number: 15555215558
Control Key: KEYKEY1
URL Path: /bookspftest1
Is this correct?(y/N): y

now from the emulator everything is set and ready but whenever I hit the attach button nothing happens.
the emulator is not getting attached to SPF

Link to forums page not found

The readme has a link to the forums, but the link is dead :( Were there forums in the past that were active? Maybe just consider removing the link. No big deal though.

Command Injection in Framework APK Input File

Not a big deal, just if there was a malformed file name.
https://github.com/georgiaw/Smartphone-Pentest-Framework/blob/master/frameworkconsole/framework.py#L97

Include PileUp exploits into SPF before may 2014 ?

Since http://secureandroidupdate.org/
Accepted by the 35th IEEE Symposium on Security and Privacy. San Jose, CA. May, 2014.

ImportError: No module named serial

Hi, I'm having trouble starting framework.py. I've had to fix several issues with installation, I'm running the minimal kali AMI on an EC2 server so I've had to install certain dependencies and change some configuration files to get this far. But ever since the first time I tried running framework.py I get this error and can't seem to figure it out.

Traceback (most recent call last): File "./framework.py", line 6, in <module> import serial ImportError: No module named serial

It's the last step to getting it running and it's doing my nut in, any help is appreciated.

Thanks

unble to download smartphone framework

As i go through url reffered by the book,i find myself unavle to download smartphone framework

I can't backdoor apps

Hi, I having problems for backdooring APK's it is giving this error message:

Exception in thread "main" brut.androlib.AndrolibException: Could not decode arsc file
at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:52)
at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:538)
at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:63)
at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:55)
at brut.androlib.Androlib.getResTable(Androlib.java:64)
at brut.androlib.ApkDecoder.setTargetSdkVersion(ApkDecoder.java:209)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:92)
at brut.apktool.Main.cmdDecode(Main.java:165)
at brut.apktool.Main.main(Main.java:81)
Caused by: java.io.IOException: Expected: 0x00000008, got: 0x00000001
at brut.util.ExtDataInput.skipCheckShort(ExtDataInput.java:56)
at brut.androlib.res.decoder.ARSCDecoder.readValue(ARSCDecoder.java:238)
at brut.androlib.res.decoder.ARSCDecoder.readEntry(ARSCDecoder.java:201)
at brut.androlib.res.decoder.ARSCDecoder.readConfig(ARSCDecoder.java:189)
at brut.androlib.res.decoder.ARSCDecoder.readType(ARSCDecoder.java:157)
at brut.androlib.res.decoder.ARSCDecoder.readPackage(ARSCDecoder.java:114)
at brut.androlib.res.decoder.ARSCDecoder.readTable(ARSCDecoder.java:78)
at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:47)
... 8 more
Traceback (most recent call last):
File "./framework.py", line 3428, in
main()
File "./framework.py", line 60, in main
agent_attach2()
File "./framework.py", line 756, in agent_attach2
backdoor_apk()
File "./framework.py", line 439, in backdoor_apk
backdoor_srcmethod()
File "./framework.py", line 154, in backdoor_srcmethod
tree.parse(foldername + "/AndroidManifest.xml")
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'facebook2/AndroidManifest.xml'

What Can I do to resolve this? I am using Kali 2.0, my architecture is i686.

kaliinstall - missing dep.

kaliinstall is missing android installation lines like in btinstall.

wget http://dl.google.com/android/android-sdk_r21-linux.tgz;
tar -xvzf android-sdk_r21-linux.tgz;
export PATH=${PATH}:${PWD}/android-sdk-linux/tools:${PWD}/android-sdk-linux/platform-tools

Kaliinstall FAIL

Just FYI

I am running kali as my host OS and I used 'git clone' to pull SPF to a folder in '/root/Smartphone-Pentest-Framework'.

This shows up when attempting to run the kali install

...
E: Unable to locate package libexpect-perl
E: Package 'libdbd-pg-perl' has no installation candidate
E: Unable to locate package libdevice-serialport-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package ant
....

also Android SDK install failure?
.....
Downloading Google APIs, Android API 14, revision 2
Installing Google APIs, Android API 14, revision 2
Installed Google APIs, Android API 14, revision 299%)
Updated ADB to support the USB devices declared in the SDK add-ons.
Stopping ADB server failed (code -1).
Unable to run 'adb': Cannot run program "/usr/share/android-sdk/platform-tools/adb": java.io.IOException: error=2, No such file or directory.
Starting ADB server failed (code -1).
Done. 1 package installed.
-e Creating first time 'framework' database (empty)
.......

and service start failure.....

.......
[FAIL] Starting MySQL database server: mysqld . . . . . . . . . . . . . . failed!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
[....] Starting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
. ok
-e

Full output of running kaliinstall is below.

root@kali:# cd Smartphone-Pentest-Framework/
root@kali:/Smartphone-Pentest-Framework# ls
AgentTemplates FrameworkAndroidApp kaliinstall santokuinstall
arm-linux-androideabi-4.6 FrameworkAndroidAppwithNFC license.rtf SPF-manualv0.1.pdf
btinstall frameworkconsole README.md Version
root@kali:~/Smartphone-Pentest-Framework# ./kaliinstall
-e
Installin serialport, dbdpg, and expect for perl

-e #########################################

Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libdbd-pg-perl is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

[FAIL] Starting MySQL database server: mysqld . . . . . . . . . . . . . . failed!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
[....] Starting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
. ok
-e

Install of Smartphone Pentest Framework is complete!

-e You need to edit your config file to your liking in the following location:/root/Smartphone-Pentest-Framework/frameworkconsole/config

-e Once config is setup you can either run ./framework.pl in the frameworkconsole directory,

-e This concludes the install.. enjoy!

backdoor apk error

Whenever I try and backdoor a APK using the SPF I get the following error it is repeatable with multiple APKs

Traceback (most recent call last):
File "./framework.py", line 3508, in
main()
File "./framework.py", line 58, in main
agent_attach2()
File "./framework.py", line 992, in agent_attach2
backdoor_apk()
File "./framework.py", line 90, in backdoor_apk
backdoor_apk2()
File "./framework.py", line 426, in backdoor_apk2
tree.parse(foldername + "/AndroidManifest.xml")
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'OsmAndMapsNavigation./AndroidManifest.xml'

HELP HELP

may i ask you two questions?

I run SPF0.1.4 in bt5 , i use 'Generate Agent App', after compile, which is the true AndroidAgent.apk?
AndroidAgentActivity-debug.apk or AndroidAgentActivity-debug-unaligned.apk or others?

when i use 'Attach Framework to a Deployed Agent' ,why "/text.txt" is empty and it will be wrong, it can't work, what is the reason.

it is very kind of you to help me , thank you very much,very much...

Kali vm image password

The vm from the readme link https://nostarch.com/pentesting is password protected. I failed to find the account credentials for logging in.

Making A Mobile Modem

When I try to make a mobile modem I follow your guys tutorial and always end up with,

Control Number:**********
Control Key:*******
ControlPath:/androidagent1
Is this correct?(y/n)y
Updated project.properties
Updated local.properties
Updated file /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/proguard-project.txt
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Updated local.properties
Updated file /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/proguard-project.txt
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
sh: 1: ant: not found

I follow your guys tutorial

What similar program instead of Smartphone Pentest Framework

What similar program instead of Smartphone Pentest Framework can I use to perform security tests on Kali Linux software? It is important that the software is simple and free and it is possible to develop it constantly. I am asking for a hint

DOUBTS REGARDING SPF

please help me on how to install it in real time as we are doing a project on this spf

Where to find Windows Xp and 7

hi georgiaw,
i used many files of windows xp and 7 iso files
none are not working perfectly
even if they are working after changing the properties of local area connection i cant able to access to internet and cannot ping from kali to xp ip
it shows DNS error while opening webpage in xp
please help me
thank you

Cant Download

Hey Georgia,

I purchased a copy of your book for pentesting, i am trying to download the Smartphone-Pentest-Framework, every-time i use the link in the book git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git
the only thing it downloads is the README.md
i then changed cd Smartphone-Pentest-Framework
then nano Kaliinstall
when i type in what you have on page 28 it and then do ./kalliinstall it tells me permission denied and moves no further. Can you help me with this?

Also i am no sure at the moment (new to pentesting) where to find the correct adt-bundle-linux version that i downloaded in order to change to my current version i am using.

Thank you,

I cannot use internet in XP virtual machine

@georgiaw
Hello
I have a problem setting the internet in a virtual machine with windows XP installed. And exactly the problem is that the Internet is not VMwarew I have in network connections set as it is written in the book. I followed the instructions exactly. So I tried the network connection on the bridge with a NAT connection and nothing worked and for the host (no internet). I tried to use the internet for wireless and wired connection and to install network drivers, but nothing works. The error that pops up for me is "the page cannot be displayed" and hints on what to set I set everything as it is written in the error message and does not work. What can I change in settings?
Please help
Best Regards

Ubuntu Install scripts still failing

Errors:
Error: Flag '-a,addon-google_apis-google-4' is not valid for 'update sdk'.

mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'

No update to this script since February and previous issues closed without any changes.

Backdoor Android APK with Agent

Hi Georgia,

i have a good.apk application (safe, normal application). When i choose "Backdoor Android APK with Agent", the prompt shows:

APK to Backtdoor: /root/Desktop/good.apk

and press enter. Now, i have the following output:

Destination directory (/root/Smartphone-Pentest-Framework/APKs/MapsDemo) already exists. Use -f switch if you want to overwrite it.
mkdir: cannot create directory AndroidAgent/src/com/': File exists mkdir: cannot create directoryAndroidAgent/src/com/bulbsecurity/': File exists
mkdir: cannot create directory `AndroidAgent/src/com/bulbsecurity/framework/': File exists
Updated local.properties
Updated file AndroidAgent/build.xml
Updated file AndroidAgent/proguard-project.txt
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/build.xml

-check-env:
[checkenv] Android SDK Tools Revision 22.0.0
[checkenv] Installed at /usr/share/android-sdk

-setup:
[echo] Project Name: AndroidAgent
[gettype] Project Type: Application

-pre-clean:

clean:
[delete] Deleting directory /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin
[delete] Deleting directory /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/gen
[getlibpath] Library dependencies:
[getlibpath] No Libraries
[subant] No sub-builds to iterate on

-set-mode-check:

-set-debug-files:

-check-env:
[checkenv] Android SDK Tools Revision 22.0.0
[checkenv] Installed at /usr/share/android-sdk

-setup:
[echo] Project Name: AndroidAgent
[gettype] Project Type: Application

-set-debug-mode:

-debug-obfuscation-check:

-pre-build:

-build-setup:
[getbuildtools] Using latest Build Tools: 19.0.3
[echo] Resolving Build Target for AndroidAgent...
[gettarget] Project Target: Google APIs
[gettarget] Vendor: Google Inc.
[gettarget] Platform Version: 1.6
[gettarget] API level: 4
[echo] ----------
[echo] Creating output directories if needed...
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin/res
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/gen
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin/classes
[mkdir] Created dir: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/bin/dexedLibs
[echo] ----------
[echo] Resolving Dependencies for AndroidAgent...
[dependency] Ordered libraries:
[dependency]
[dependency] ------------------
[dependency] API<=15: Adding annotations.jar to the classpath.
[echo] ----------
[echo] Building Libraries with 'debug'...
[subant] No sub-builds to iterate on

-code-gen:
[mergemanifest] Merging AndroidManifest files into one.
[mergemanifest] Manifest merger disabled. Using project manifest only.
[echo] Handling aidl files...
[aidl] No AIDL files to compile.
[echo] ----------
[echo] Handling RenderScript files...
[renderscript] No RenderScript files to compile.
[echo] ----------
[echo] Handling Resources...
[aapt] Generating resource IDs...
[aapt] /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/res/layout/main.xml:7: error: Error: No resource found that matches the given name (at 'text' with value '@string/hello').

BUILD FAILED
/usr/share/android-sdk/tools/ant/build.xml:650: The following error occurred while executing this line:
/usr/share/android-sdk/tools/ant/build.xml:691: null returned: 1

Total time: 1 second
Input file (AndroidAgent/bin/AndroidAgent-debug.apk) was not found or was not readable.
mkdir: cannot create directory MapsDemo/smali/com': File exists cp: cannot statAndroidAgent2/smali/com/bulbsecurity': No such file or directory
mkdir: cannot create directory MapsDemo/smali/jackpal': File exists cp: cannot statAndroidAgent2/smali/jackpal': No such file or directory
Phone number of the control modem for the agent:

Can you help me please?
Tnx!

Various Issues

I've been trying to play around with this, but I have not gotten anything working so far. I'm using Kail. Here are some issues:
spf> 1

Select An Option from the Menu:

1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key

spf> 2
1.) MapsDemo
2.) BlankFrontEnd

spf> 2
Phone number of the control modem for the agent: 15555555555
Control key for the agent: KEYKEY1
Webserver control path for agent:

Control Number:15555555555
Control Key:KEYKEY1
ControlPath:
Is this correct?(y/n) y
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Scripts/Smartphone-Pentest-Framework/AgentTemplates/BlankFrontEnd/build.xml

BUILD FAILED
/root/Scripts/Smartphone-Pentest-Framework/AgentTemplates/BlankFrontEnd/build.xml:90: Cannot find /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml imported from /root/Scripts/Smartphone-Pentest-Framework/AgentTemplates/BlankFrontEnd/build.xml

Total time: 0 seconds
1.) MapsDemo
2.) BlankFrontEnd

"/root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml" obviously doesn't exist because there is a "Scripts" folder within the "root" folder. Everything in the "config" file is set with this in mind.

It doesn't like common words very much:
spf> help
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 59, in main
agent_attach2()
File "./framework.py", line 685, in agent_attach2
choose_build()
File "./framework.py", line 865, in choose_build
pick = int(choice)-1
ValueError: invalid literal for int() with base 10: 'help'

spf> exit
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 59, in main
agent_attach2()
File "./framework.py", line 685, in agent_attach2
choose_build()
File "./framework.py", line 865, in choose_build
pick = int(choice)-1
ValueError: invalid literal for int() with base 10: 'exit'

Not sure if I was doing this right, but it doesn't like what I did.

root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 1

Select An Option from the Menu:

1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key

spf> 1
Attach to a Deployed Agent:

This will set up handlers to control an agent that has already been deployed.

Agent URL Path:
Agent Control Key: t
Communication Method(SMS/HTTP): HTTP

URL Path:
Control Key: t
Communication Method: HTTP
Is this correct?(y/N): y
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 59, in main
agent_attach2()
File "./framework.py", line 681, in agent_attach2
agent_attach()
File "./framework.py", line 2271, in agent_attach
f = open(text, 'r+')
IOError: [Errno 2] No such file or directory: '/var/www/text.txt'
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py

It also doesn't like Metasploit:

root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 8

Runs smartphonecentric Metasploit modules for you.

Select An Option from the Menu:

1.) Run iPhone Metasploit Modules
2.) Create Android Meterpreter
3.) Setup Metasploit Listener
4.) Run Android Metasploit Modules

spf> 2

Generate Android Meterpreter

IP to connect back to:192.168.1.75
Port to connect back to:4444
Is this correct(y/N):y
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
Found 0 compatible encoders

Or this:

root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 6

1) CVE=2010-1759 Webkit Vuln Android

spf> exit

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 6

Choose a social engineering or client side attack to launch:
1.) Direct Download Agent
2.) Client Side Shell
3.) USSD Webpage Attack (Safe)
4 ) USSD Webpage Attack (Malicious)
spf> 3
Hosting Path:
Filename: test
Phone Number to Attack: 15555555555
mkdir: cannot create directory `/var/www': File exists
Traceback (most recent call last):
File "./framework.py", line 3369, in
main()
File "./framework.py", line 69, in main
social()
File "./framework.py", line 978, in social
ussdsafe()
File "./framework.py", line 1120, in ussdsafe
modem = get_modem()
File "./framework.py", line 1799, in get_modem
db.query("SELECT COUNT(*) from modems")
File "/root/Scripts/Smartphone-Pentest-Framework/frameworkconsole/lib/db.py", line 83, in query
return self._dbe.query(q, params)
File "/root/Scripts/Smartphone-Pentest-Framework/frameworkconsole/lib/db.py", line 18, in query
self.cur.execute(q, params)
File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 174, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1146, "Table 'framework.modems' doesn't exist")

Or this:
root@Kali:~/Scripts/Smartphone-Pentest-Framework/frameworkconsole# ./framework.py

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 4

Choose a type of modem to attach to:
1.) Search for attached modem
2.) Attach to a smartphone based app
3.) Generate smartphone based app
4.) Copy App to Webserver
5.) Install App via ADB
spf> 3

Choose a type of control app to generate:
1.) Android App (Android 1.6)
2.) Android App with NFC (Android 4.0 and NFC enabled device)
spf> 2
Phone number of agent: 15555555555
Control key for the agent: KEYKEY1
Webserver control path for agent:

Control Number:15555555555
Control Key:KEYKEY1
ControlPath:
Is this correct?(y/n): y
sh: 1: Syntax error: Unterminated quoted string
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/build.xml

-check-env:
[checkenv] Android SDK Tools Revision 22.0.1
[checkenv] Installed at /usr/share/android-sdk

-setup:
[echo] Project Name: FrameworkAndroidAppActivity
[gettype] Project Type: Application

-pre-clean:

clean:
[delete] Deleting directory /root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/bin
[delete] Deleting directory /root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/gen
[getlibpath] Library dependencies:
[getlibpath] No Libraries
[subant] No sub-builds to iterate on

-set-mode-check:

-set-debug-files:

-check-env:
[checkenv] Android SDK Tools Revision 22.0.1
[checkenv] Installed at /usr/share/android-sdk

-setup:
[echo] Project Name: FrameworkAndroidAppActivity
[gettype] Project Type: Application

-set-debug-mode:

-debug-obfuscation-check:

-pre-build:

-build-setup:

BUILD FAILED
/usr/share/android-sdk/tools/ant/build.xml:479: SDK does not have any Build Tools installed.

Total time: 1 second
cp: cannot stat `/root/Scripts/Smartphone-Pentest-Framework/FrameworkAndroidAppwithNFC/bin/FrameworkAndroidAppActivity-debug-unaligned.apk': No such file or directory

It seems, in general, Python errors are quite abundant. I am just going through some of the things at random and this is what I have encountered. Also, "exploit/android/browser/webview_addjavascriptinterface" should be added.

Target id 'Google Inc.:Google APIs:4 is not valid issue

Hello,

I have just installed SPF, but got "Target id 'Google Inc.:Google APIs:4 is not valid" error when creating an SPF App. I use Ubuntu 14.04 64bit.
Please help. Thanks,
Tuan

Output:

Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml

Total time: 0 seconds

Drozer error while connecting [error no 22] invalid argument

Hi
I have updated the ADT bundle then after I have been trying to connect to drozer agent. I have forwarded the port to 31415 and run the command "drozer console connect".But I am getting error while connecting saying "error no 22 invalid argument".

IOError: [Errno 2] No such file or directory

Whenever I try to backdoor an apk I get this error:

IOError: [Errno 2] No such file or directory xxxx.//AndroidManifest.xml'

I tried 3 different apks result are the same. What should I do?

Also when I try to generate agentapp I get this:
"Google Inc.:Google APIs:4' is not valid."

So far I couldn't do anything with this tool :/

Latest version of Kali Linux 32 bit

feature request

would be awesome if you could integrate mercury in to spf

https://github.com/mwrlabs/mercury

Making a mobile framework app

Control Number:**********
Control Key:KEYKEY1
ControlPath:/androidagent1
Is this correct?(y/n)y
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /root/Smartphone-Pentest-Framework/FrameworkAndroidApp/build.xml

Im using Backtrack 5r3

Issue building Agent and backdooring issue persists

Hi when ever I try and build a Agent I get the following error
sed: couldn't open file ww</string>/: No such file or directory
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: Target id 'Google Inc.:Google APIs:4' is not valid. Use 'android list targets' to get the target ids.
Error: The project either has no target set or the target is invalid.
Please provide a --target to the 'android update' command.
It seems that there are sub-projects. If you want to update them
please use the --subprojects parameter.
Buildfile: /pentest/mobile/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml

BUILD FAILED
/pentest/mobile/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml:90: Cannot find /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml imported from /pentest/mobile/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml

It seems to think my android sdk is in /root/ when no where in the config file is /root/ specified also my previous issues with backdooring APKs persists and I have tested it on the APK we discussed as well as angry birds (as a test). It seems to still have issues opening AndroidManifest.xml stack trace bellow:

I: Baksmaling...
I: Loading resource table...
I: Loaded.
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/user/apktool/framework/1.apk
I: Loaded.
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Done.
I: Copying assets and libs...
Traceback (most recent call last):
File "./framework.py", line 3577, in
main()
File "./framework.py", line 58, in main
agent_attach2()
File "./framework.py", line 1030, in agent_attach2
backdoor_apk()
File "./framework.py", line 90, in backdoor_apk
backdoor_apk2()
File "./framework.py", line 428, in backdoor_apk2
tree.parse(foldername + "/AndroidManifest.xml")
File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 647, in parse
source = open(source, "rb")
IOError: [Errno 2] No such file or directory: 'Angry Birds_3.3.0./AndroidManifest.xml'

Generate agent error

First off thank you so much for putting in your time and effort to make such a cool tool. I'v been trying to generate a agent app using maps demo and the blank front but continue to have the same errors I'v tried this on a ubuntu 32 bit machine for the last two days without any luck now I'm using kali 64 bit and I'm getting the same error how can I make this go away

BUILD FAILED
/root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)

Total time: 0 seconds
1.) MapsDemo
2.) BlankFrontEnd

spf>

where is it？

i can’t find it！！！

framework.py issue

when ever I try and run framework.py the following traceback is given:
Traceback (most recent call last):
File "./framework.py", line 16, in
config = Config('config')
File "Smartphone-Pentest-Framework/frameworkconsole/lib/config.py", line 6, in init
self.config.readfp(FakeSecHead(open(config_file)))
File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
self._read(fp, filename)
File "/usr/lib/python2.7/ConfigParser.py", line 546, in _read
raise e
ConfigParser.ParsingError: File contains parsing errors: <???>
[line 34]: '<<<<<<< HEAD\n'
[line 36]: '=======\n'
[line 38]: '>>>>>>> 32a44fa\n'
[line 44]: '<<<<<<< HEAD\n'
[line 46]: '=======\n'
[line 56]: '<<<<<<< HEAD\n'
[line 57]: '>>>>>>> 32a44fa\n'
[line 58]: '=======\n'
[line 61]: '>>>>>>> 9d10151\n'

SPF deleted

I bought Penetration Testing: A Hands-On Introduction to Hacking book and I'm trying to configure SPF. I've found than I can download it from https://github.com/thefailtheory/Smartphone-Pentest-Framework but still can't config. There is no config file in frameworkconsole subdir.
There is no framework.py , too. Can you help me?

georgiaw / smartphone-pentest-framework Goto Github PK

smartphone-pentest-framework's People

Contributors

Stargazers

Watchers

Forkers

smartphone-pentest-framework's Issues

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

Recommend Projects

Recommend Topics

Recommend Org