XploitSPY: Android hacking/monitoring tool

Xploitspy

XploitSPY is an Android monitoring/spying tool. With the help of this tool, you can achieve a remote control on any android device to access Messages, Calls, Files, etc.

A cloud-based Android spy or monitoring tool, developed in NodeJS.

Read all the steps carefully to configure XploitSPY as it can change as needed.

Darkhackerworld makes no warranty with this software and will not be responsible for any direct or indirect damage caused by the use of this tool. Darkhackerworld is built for educational purposes. Use it at your own risk.


1. Features of XploitSpy

  • GPS log
  • Microphone recording
  • See contacts
  • SMS logs
  • Send SMS
  • Call logs
  • View installed apps
  • View stub permissions
  • Live clipboard log
  • Registration of live notifications (WhatsApp, Facebook, Instagram, Gmail, and more.)
  • See WiFi networks (records seen previously)
  • File Explorer and Downloader
  • Built-in APK Builder

Prerequisites

  • Java Runtime Environment 9+
  • NodeJs
  • A server (optional)

2. Installation on Heroku

First, you must create a Heroku account.

Create a Heroku account


Create heroku account

Once your account is confirmed by email; click on Create a New App in the Heroku panel. Enter the name of the application and click Create App

Create app on heroku


Now install Heroku CLI on your PC, with the instructions here. Alternatively, if you have Node and NPM installed, you can run the following command to install Heroku:

npm install -g heroku

Installing heroku

  • Now open your terminal and run the command git clone. This will download the latest version of XploitSPY to your PC

git clone https://github.com/XploitWizer/XploitSPY

  • After successfully cloning change the directory to XploitSPY using the command cd XploitSPY
Cd XploitSPY

  • Now login to Heroku CLI using the following command.
heroku login -i

After giving heroku login -i command enter the credential that you provided on the Heroku website at the time of signup. After entering your credential press enter.

After successful login, you will see the following things mentioned in the below image.

CLI heroku login


Now we can access the remote app that we have created. Run the following command in a terminal, where it appName will be the name of your application that you chose when creating the application.

heroku git:remote -a appName

Now run the below command to install packages:

heroku buildpacks:add heroku/jvm

then,run:

heroku buildpacks:add heroku/nodejs

Now run this command in your terminal git push heroku master, if you update the existing application or face any error, run this command git push -f heroku master.


git push heroku master

If you follow my every step correctly then you will see the following screen:

Xploitspy

Now Everything is ready and complete, now you can visit your domain displayed in the terminal.


Default username: admin and default password : password


3. Installation in VPS or Server

  • Connect to your server via SSH
  • Install JRE 9+
In Debian, Ubuntu, etc you can use the following command:


sudo apt install openjdk-11-jre-headless

Fedora, Oracle, Red Hat, etc.

sudo yum install java-11-openjdk-devel

Install the NodeJS instructions (if you can't solve this you really shouldn't be using this)

Install pm2

sudo npm install pm2 -g

Clone this repository:

git clone https://github.com/XploitWizer/XploitSPY.git

Now you need to change to the server directory and run these commands

#install dependencies

npm install

# Start the script

sudo pm2 start index.js

# start XploitSPY

sudo pm2 startup

Default username: admin and default password: password

XploitSPY now only works on port 80 for web and client. It is recommended to run XploitSPY behind a reverse proxy like NGINX

4. Spy/Hack Android

First, we will log in to the URL that we had generated in section 2. The default login credentials are admin and password.




login XploitSpy


Next, the administration panel will be presented there. At the moment, there is no device “hacked”. 

So, we must create the APK ( APK Builder) and install it on the victim's smartphone.


XploitSPY apk




After building and downloading the app on your pc send this app to your victim with some social engineering techniques. Or you can send the app to your victim via file upload or on WhatsApp.

Once the victim has installed the APK, we will have remote access to the device.


XploitSPY hack


From the button Manage, we can manage different settings of the phone. such as Messages, Calls, Applications, Microphone, Contacts, File manager, GPS, etc.

Xploitspy remote access

Note: This is for educational purpose only don't use this method of hacking on anyone until you have written permission to do this. The purpose of this article is to make you safe from these kinds of attacks. If you hack anyone without the knowledge of the victim then you can be in trouble.

Now you can browse approx each and everything that is present in the victim device. If you like our article show your love by sharing the article on social media.

If you face any problem then feel free to ask in the comment section.

Post a Comment

Previous Post Next Post