如何安裝使用Evil-Droid進行滲透測試

發表於 2022-07-17 分類於 Penetration Test ， Security

在Evil-Droid是一個開源在github上的，基於Android安卓進行滲透測試並運行在linux架構下的工具。
是以現今已公開已知漏洞進行攻擊測試。
工具github頁面:https://github.com/M4sc3r4n0/Evil-Droid

注意事項

請勿使用該工具進行惡意攻擊或侵犯他人隱私的事情，以免觸法！！！
該工具所生成的app目前皆能已被市面上防毒軟體偵測封鎖。

安裝說明

首先使用git將套件下載下來

1	git clone https://github.com/M4sc3r4n0/Evil-Droid.git

並切換到該目錄底下
1
cd Evil-Droid
權限設定並安裝or執行(下列指令擇一使用及可)
1
sudo chmod +755 evil-droid && ./evil-droid

1	sudo chmod u + x evil-droid && ./evil-droid

可能遇到的錯誤說明

當你如果遇到以下錯誤：

[ ✔ ] Metasploit-Framework..............[ found ]  
[ ✔ ] Xterm.............................[ found ]  
[ ✔ ] Zenity............................[ found ]  
[ ✔ ] Aapt..............................[ found ]  
[ ✔ ] Apktool...........................[ found ]
[ ✔ ] Zipalign..........................[ found ]
[✔] BYPASS AV APK

[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Generating apk payload
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Decompiling Payload APK...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Scrubbing the payload contents to avoid AV signatures...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Changing name and icon payload...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Rebuilding APK file...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Checking for ~/.android/debug.keystore for signing...
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Attempting to sign the package with your android debug key
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[] Verifying signed artifacts...
[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
[!] Failed to verify signed artifacts

代表你電腦少了套件或tool版本過舊。

解決方法

安裝套件

1	sudo apt-get install openjdk-11-jdk-headless

以及更新apktool。

使用方法

執行

切換到evil-droid目錄下執行該工具

1	./evil-droid

啟動成功結果如下圖：

這時再根據你想要執行的功能輸入數字，然後enter。

選項說明

[1]APK MSF
直接產生一個MSF的後門程式。
[2]BACKDOOR APK ORIGINAL(OLD)
將後門程式注入進某個APK安裝檔裡。
[3]BACKDOOR APK ORIGINAL(NEW)
將後門程式注入進某個APK安裝檔裡。 [4]BYPASS AV APK(ICON CHANGE)
將選項1的MSF的apk圖示使用自行選用icon來生成
[5]START LISTENER
監聽之前生成的後門程式

教學影片

安裝說明

實作1實作2

參考資料

https://github.com/M4sc3r4n0/Evil-Droid
https://github.com/M4sc3r4n0/Evil-Droid/issues/5