Table of Contents
ShotDroid is one of the new best tools for pentesting to android and windows. their main function is to get access from android and windows files, webcam, and keylogger.
Hide apps in android files.
Custom android directory.
For Android Keylogger -> you can see it here: Simple-keyboard or LokiBoard.
Automatic HTML template intake face webcam.
Custom HTML or custom your HTML folder intake face webcam tool.
How to Download and install ShotDroid Tool
First, we need to install some dependencies so execute the below command on your Linux terminal
sudo apt install zenity xterm
Now download the “ShotDroid” tool so execute the following command on your terminal
git clone https://github.com/kp300/shotdroid.git
After that change the directory with help of “cd” command
cd shotdroid ls
Now we need to install the ngrok so run the below command on your terminal. after that sing up ngrok.com and get your authtoken
curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list && sudo apt update && sudo apt install ngrok
Now execute the below command on your terminal. after executing you can see three options that are Android Files, Android Keylogger, and Take Face Webcam
Android Files – shotdroid
Now type one and hit enter. Then type “y” for hiding apps then hit enter. after that, you can see 7 options see the below image
Now choose a number which you want, for my convenient I choose the 5th option. then hit enter
Now we need to choose port forwarding options, this tool gives 2 options for that but I preferred 2nd option (ngrok)
In the wake of finishing the above steps, you will get a sharable connection. then, at that point, share that connection with the victim in case the victim click that interfaces the payload was downloaded then if the victim installs that payload you will get every one of their records into your terminal
The second one is the android key logger first you will choose 2nd option and then hit enter, Then choose a port forwarding option
Now share a link to the victim if your victim click that link you will get all stroke data in your terminal
Take face webcam
This also the same procedure first, choose the “Take face webcam” option then select the port forwarding option and share the link to the victim
When the victim opens the URL, it will ask him for permission to access the camera of his device and as soon as the victim allows it, the picture will start being captured.
As you can see the picture has been started to be captured from the victim device.