AndroHunter

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://github.com/ynsmroztas/AndroHunter
• Blog Title: AndroHunter
• Suggested Section: Mobile Pentesting → Android Applications Pentesting (augment: Intent Injection / Exploiting Content Providers / Webview Attacks & SSL pinning bypass / FileProvider & content:// tricks). Potentially add a small subsection: “On-device Android pentest toolchains (AndroHunter)” with the key techniques and reproduction commands.

🎯 Content Summary

Title/Project: AndroHunter (native Android app) — an on-device Android security research toolkit for bug bounty hunters and mobile penetration testers.

What it is / why it matters
AndroHunter bundles common Android app-testing tasks into a single on-device app (Jetpack Compose “dark terminal UI”). It is not a single CVE write-up; instead it is a toolkit meant to find and help exploit recurring Android vulnerability classes across the full attack surface: stat...

🔧 Technical Details

Exported component abuse (Activities/Services/Receivers) via Intent/Broadcast injection: Enumerate exported components from the manifest, then send crafted Intents/broadcasts with attacker-controlled extras, categories, and data URIs. Include file-URI style data (e.g., file:///data/...) to probe components that mistakenly trust URIs and pass them to file-handling logic. Use generated ADB commands to reproduce launches/injections (e.g., adb shell am start -n pkg/activity --es data "payload") and validate outcomes using logcat monitoring.

ContentProvider SQL injection probing at the IPC boundary: Enumerate exported providers and test multiple SQLi payload styles (error-based, boolean-based, UNION-based, time-based) to detect injection in provider query/update/delete paths. Also assess provider exposure (readable/writable) and schema disclosure to determine whether the impact is data exfiltration, unauthorized modification, or both.

<...

🤖 Agent Actions

Summary:
Added an “On-device Android pentest toolchains (AndroHunter)” subsection with concise technique-oriented notes and sample commands in src/mobile-pentesting/android-app-pentesting/README.md.
Appended AndroHunter to the References list in src/mobile-pentesting/android-app-pentesting/README.md.

Files changed:

• src/mobile-pentesting/android-app-pentesting/README.md

Tests:

• Not run.

Next steps:

1. Review the new subsection placement to confirm it fits your intended flow.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://github.com/ynsmroztas/AndroHunter

Content Categories: Based on the analysis, this content was categorized under "Mobile Pentesting → Android Applications Pentesting (augment: Intent Injection / Exploiting Content Providers / Webview Attacks & SSL pinning bypass / FileProvider & content:// tricks). Potentially add a small subsection: “On-device Android pentest toolchains (AndroHunter)” with the key techniques and reproduction commands.".

Repository Maintenance:

• MD Files Formatting: 954 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0