Author: Mascerano Bachir [dev-labs]
Enhanced by: Tech Sky - Security Research Team
Version: 0.4 (Enhanced)
The author and contributors do not hold any responsibility for the bad use of this tool. This framework is intended ONLY FOR EDUCATIONAL PURPOSES and authorized penetration testing. Users are solely responsible for compliance with applicable laws and regulations.
Evil-Droid is an advanced framework designed to create, generate, and embed APK payloads for Android penetration testing. This enhanced version (v0.4) includes improved dependency management, better error handling, enhanced AV evasion techniques, and robust APK signing capabilities.
- Enhanced Dependency Management: Automatic installation with fallback packages
- Improved APK Signing: Modern apksigner integration with debug keystore generation
- Better Error Handling: Comprehensive error checking and graceful exits
- AV Evasion Enhancements: Advanced payload obfuscation techniques
- Robust Package Detection: Improved original APK analysis and injection
- Service Management: Automatic Apache2 and PostgreSQL service handling
- Progress Indicators: Visual feedback for all operations
- Enhanced Cleanup: Thorough temporary file management
- metasploit-framework - Payload generation engine
- xterm - Terminal emulator for operations
- zenity - GUI dialog interface
- aapt - Android Asset Packaging Tool
- apktool - APK reverse engineering tool
- zipalign - APK optimization tool
- apksigner - Modern APK signing tool
- keytool - Java keystore management (JDK)
- wget - Website cloning utility
- curl - HTTP client for downloads
- unzip - Archive extraction utility
android-sdk-platform-tools-common,android-framework-res(for aapt)android-sdk-build-tools(for zipalign/apksigner)default-jdk,openjdk-11-jdk,openjdk-8-jdk(for keytool)
git clone https://github.com/TechSky-EH/Evil-Droid.git
cd Evil-Droidchmod +x evil-droidsudo ./evil-droidNote: Root privileges required for service management and dependency installation.
- APK MSF - Generate standalone Metasploit payload APK
- BACKDOOR APK ORIGINAL (OLD) - Legacy embedding method
- BACKDOOR APK ORIGINAL (NEW) - Enhanced embedding with advanced injection
- BYPASS AV APK (ICON CHANGE) - AV evasion with custom icons
- START LISTENER - Launch Metasploit multi-handler
- CLEAN - Remove all generated files
- QUIT - Exit framework
- Attack Vector Mode: Website cloning with automatic APK delivery (soon)
- Multi-Handler Integration: Seamless listener setup
- Custom Icon Support: PNG icon replacement for stealth
- Payload Obfuscation: Variable renaming and signature evasion
# Automatic package installation with alternatives
install_package "primary-package" "Display Name" "alternative1" "alternative2"# Modern signing workflow
keytool -genkey → zipalign → apksigner → verification- Comprehensive exit codes
- Service cleanup on interruption
- Graceful failure recovery
- User-friendly error messages
- Dynamic class/method renaming
- Package structure obfuscation
- Permission randomization
- Signature scrubbing
android/shell/reverse_tcpandroid/shell/reverse_httpandroid/shell/reverse_httpsandroid/meterpreter/reverse_tcpandroid/meterpreter/reverse_httpandroid/meterpreter/reverse_httpsandroid/meterpreter_reverse_tcpandroid/meterpreter_reverse_httpandroid/meterpreter_reverse_https
- Penetration Testing: Authorized Android security assessments
- Red Team Operations: Social engineering campaigns
- Security Research: Malware analysis and defense testing
- Educational Purposes: Learning Android security concepts
- Operating System: Linux (Ubuntu/Debian/Kali recommended)
- Architecture: x86_64
- Memory: Minimum 2GB RAM
- Storage: 5GB free space
- Network: Internet connection for dependencies
- Privileges: Root access required
- Java not found: Install JDK (
apt install default-jdk) - Apktool errors: Update to latest version
- Signing failures: Check keystore permissions
- Build failures: Verify APK format and permissions
# Run with verbose output
export EVIL_DROID_DEBUG=1
./evil-droid- ✅ Enhanced dependency management with automatic installation
- ✅ Modern APK signing with apksigner integration
- ✅ Improved error handling and service management
- ✅ Advanced AV evasion techniques
- ✅ Better progress indicators and user feedback
- ✅ Comprehensive cleanup functionality
- ✅ Enhanced payload obfuscation methods
- Install zipalign dependency
- Detect errors and terminate services with exit mode
- Fix section bypass AV + change icon APK
- Add new method backdoor + autodetect Smali
- Fix apktool build packages APK
- Adding mode running payload in the background
- Mascerano Bachir - Original developer and framework creator
- Tech Sky - Security Research Team - Framework enhancements and improvements
- MrPedroubuntu - Testing and feedback
- Kader Achraf - Code optimization suggestions
- Youcef Yahia - Security analysis
- Mohammed Yacine - Documentation improvements
This is an open-source tool. If you modify or add features, please contribute back to the community.
This framework is designed for:
- ✅ Authorized penetration testing
- ✅ Educational research
- ✅ Security awareness training
- ✅ Red team exercises with proper authorization
DO NOT USE FOR:
- ❌ Unauthorized access to devices
- ❌ Malicious activities
- ❌ Privacy violations
- ❌ Illegal purposes
We welcome contributions! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request with detailed description
- Follow coding standards and include documentation
- Issues: Create GitHub issues for bugs and feature requests
- Community: Join our security research discussions
- Updates: Watch the repository for latest releases
Remember: Use this tool responsibly and only on systems you own or have explicit permission to test.