Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/zahidaz/easypentest

The Ultimate App for Dynamic Penetration Testing
https://github.com/zahidaz/easypentest

adb android android-application android-library apk frida pentesting proxy reverse-engineering security-tools

Last synced: 7 months ago
JSON representation

The Ultimate App for Dynamic Penetration Testing

Awesome Lists containing this project

README 

          
# EasyPenTest



**EasyPenTest** is an Android application that provides a simplified web interface for managing essential penetration testing tools like ADB (Android Debug Bridge) and Frida server. This tool is designed to streamline the setup and management of mobile security testing environments.



## Features



### Current Features

- **Web-based Control Panel**: Clean, responsive web interface accessible via browser

- **ADB Management**: Start/stop ADB daemon and install public keys remotely

- **Frida Server Control**: Manage Frida server instances with version selection

- **Device Information**: Real-time display of device details and service status

- **REST API**: Comprehensive API for programmatic access to all features

- **Status Monitoring**: Live status indicators for all services

- **Network Discovery**: Automatic IP address detection for remote access



### Core Components

- **HTTP Server**: Built on NanoHTTPD for lightweight web serving

- **Service Management**: Control ADB and Frida server processes

- **Modern UI**: Material Design 3 with Jetpack Compose

- **API Endpoints**: RESTful endpoints for all operations



## Usage



### Installation

1. Clone the repository:

   ```bash

   ...

   ```



2. Open the project in Android Studio



3. Build and install the APK:

   ```bash

   ...

   ```



### Getting Started



1. **Launch the App**: Open EasyPenTest on your Android device

2. **Note the IP Address**: The app will display your device's IP address and port

3. **Access Web Interface**: Open a browser and navigate to `http://[device-ip]:8080`

4. **Start Services**: Use the web interface to start ADB daemon and Frida server



### Web Interface Features



#### ADB Management

- **Start ADB Daemon**: Initialize ADB service for remote debugging

- **Install Public Key**: Add your workstation's/Docker ADB public key for authentication

- **Stop ADB Daemon**: Terminate ADB service when not needed



#### Frida Server Management

- **Version Selection**: Choose from available Frida server versions

- **Start Server**: Launch Frida server with selected version

- **Status Monitoring**: View current server status and installation path

- **Stop Server**: Terminate Frida server processes



#### Device Information

- Real-time display of:

  - Device name and model

  - Android version

  - Service status indicators

  - Network information



### API Usage



The application provides a REST API for programmatic access:



#### Available Endpoints



| Method | Endpoint | Description |

|--------|----------|-------------|

| GET | `/` | Web interface homepage |

| GET | `/api/info` | Server information |

| GET | `/api/status` | Service status overview |

| GET | `/api/endpoints` | List all API endpoints |

| GET | `/api/device/info` | Device information |

| GET | `/api/adb/start` | Start ADB daemon |

| GET | `/api/adb/stop` | Stop ADB daemon |

| POST | `/api/adb/install-key` | Install ADB public key |

| GET | `/api/frida/start` | Start Frida server |

| GET | `/api/frida/stop` | Stop Frida server |

| GET | `/api/frida/info` | Frida server information |



#### Example API Calls



```bash

# Get device information

curl http://192.168.1.100:8080/api/device/info



# Start ADB daemon

curl http://192.168.1.100:8080/api/adb/start



# Start Frida with specific version

curl "http://192.168.1.100:8080/api/frida/start?version=16.1.4"



# Install ADB key

curl -X POST http://192.168.1.100:8080/api/adb/install-key \

  -H "Content-Type: application/json" \

  -d '{"key": "your-adb-public-key-here"}'

```



## Roadmap



### Phase 1: Core Enhancements

- [ ] **Frida Management**: Install and update Frida server versions

- [ ] **Dynamic Attacker**: Explore apps exported components and services and build a dynamic payload

- [ ] **SELinux**: Status, Enable/Disable SELinux

- https://newandroidbook.com/tools/memento.html xxx

- https://newandroidbook.com/tools/jtrace.html

- https://newandroidbook.com/tools/dextra.html

- https://newandroidbook.com/tools/procexp.html

- https://newandroidbook.com/tools/bdsm.html



### Phase 2: Application Management

- [ ] **App Listing**: Display all installed applications with details

- [ ] **App Information**: Show comprehensive app details (permissions, versions, etc.)

- [ ] **App Installation**: Install APK files remotely via web interface

- [ ] **App Uninstallation**: Remove applications from device

- [ ] **Package Formats**: Support for XAPK and MAPK file installation

- [ ] **App Dumping**: Extract and download installed application packages

- [ ] **Sandbox Management**: Create and manage app sandboxes

- [ ] **File Operations**: Add, delete, and manage sandbox files



### Phase 3: Advanced Security Tools

- [ ] **Script Execution**: Remote script execution and management

- [ ] **Log Viewer**: Real-time log streaming and analysis



### Phase 4: Mobile Forensics & Analysis

- [ ] **File System Explorer**: Browse device file system with proper permissions

- [ ] **Database Viewer**: SQLite database inspection and editing

- [ ] **Memory Dump**: RAM analysis and memory forensics

- [ ] **Screenshot Capture**: Remote screen capture capabilities



## Security Notice



**This tool is intended for legitimate security testing and research purposes only.**



- Only use on devices you own or have explicit permission to test



## Contributing



Contributions are welcome! Please feel free to submit pull requests or open issues for:

- Bug reports and fixes

- Feature requests and implementations

- Documentation improvements

- Security enhancements

- New tool integrations



## License



This project is licensed under the MIT License - see the LICENSE file for details.



---



**Disclaimer**: This tool is provided for educational and security testing purposes. Users are responsible for ensuring compliance with applicable laws and regulations.