Ghost Framework is an Android post-exploitation framework that uses an Android Debug Bridge to remotely access and control Android device. Ghost Framework 7.0 gives us the power and convenience of remote Android device administration.


We can use this framework to control old Android devices which have turn on the debug bridge in the "Developer options". Now this becomes very harmful because an attacker gets the full admin control on the vulnerable Android device.

In our this detailed tutorial we will practically learn how we can use the Ghost Framework to take control of Android device from our Kali Linux system. So we start from cloning the Ghost Framework from GitHub by using following command:
pip3 install git+https://github.com/EntySec/Ghost

In the following screenshot we can see that Ghost is downloaded on our system.
installing ghost from github.png

Now ghost framework is ready to use on our system, we can run it from any where in our terminal by only the ghost command:

The following screenshot shows ghost console is up on our system and it is successfully running.

Ghost on Kali.png

Now we can see the help options of ghost framework by simply running help command on the console.

The help option will be like following screenshot:

ghost help.png

Now we can connect it with vulnerable Android devices. Now how we get a IP address of an old vulnerable Android devices? Shodan is here. Shodan is a grate search engine for searching the devices connected to internet.

In Shodan search engine we have to search for "Android Debug Bridge", as we have shown in following screenshot:

Shodan ghost.png

Here we can see over 2.5k search results. Every device is vulnerable for ghost and those devices are connected to internet. If ghost shows failed to connect then Shodan is showing us an offline device. We also can try this with our Android device.

From here we can pick any IP address and use with connect command. For an example we select the highlighted IP address and connect it with ghost by using following command:

In some seconds it will be connected as we can see in the following screenshot.

ghost connected.png

Here we can see we are connected with the IP address. Now we can run anything from Ghost Framework. We can see the commands we can run after connecting by using help command here.

In the following screenshot we can see a lot of things that we can do with this device.

ghost commands.png

Now we can do almost everything with this device.

What we can do with Ghost Framework​

  • See device activity information.
  • See device battery state.
  • See device network information.
  • See device system information.
  • See device system information.
  • Clicks the specified x and y axis.
  • Control device keyboard.
  • Press/Simulate key-press on target device.
  • Open URL on device.
  • Control device screen.
  • Take device screenshot.
  • Open device shell.
  • Types the specified text on the device.
  • Upload local file.
  • Download remote file.
  • Show Contacts Saved on Device.
  • Reboot device.
Ghost Framework has a simple and clear UX/UI. It is easy to understand. Ghost Framework can be used to remove the remote Android device password if it was forgotten. It is also can be used to access the remote Android device shell without using OpenSSH or other protocols.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our iTabCode family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
TAGs: Tags
android hacking control android devices cyber security hack android