Linux Tool to extract sensitive data and inject payloads into any Android devices.

12 April 2016


Linux tool used to extract sensitive data, inject backdoor or drop remote shells on android devices.

There may be some bugs on devices running Android 6.* Marshmallow because of new Android security policies. And keypad injection may not work depending on processing speed of device and version.

This program has been tested on Android 5.0.2 Lollipop on an LG H818n. It works flawlessly on many other devices but I do not guarantee this program will work for you flawlessly.

Do not hesitate in contacting me if you have any question o suggestion.

Here is the complete tutorial for this tool.

* I have decided to stop developing this tool for now due to constant android updates and new security policies.
* This tool is for educational and android developing purposes only. This was made to test and expose Android and WhatsApp security flaws.


WhatsPwn 2.0

The first version was full of awfull bugs that in some systems it was just “unrunnable”. So that’s why I decided to rebuild the tool from scratch.

  • New payload features: Inject meterpreter into legitimate apk, create hidden or visible payloads.
  • Constant connection status.
  • UI
  • Fixed a lot of major and minor bugs
  • Only ask for connection when it needs it
  • Autodetect local or wireless extraction
  • Command line arguments


The next steps would be;

  • Survive reboot on non-rooted devices.
  • Some sort of background connection checking.
  • Add more features like;
    • Contacts and SMS extraction.
    • Support for other apps not just WhatsApp and Telegram.


See the license file or the disclaimer file.

Interests: Chemistry, biology, coding, technology, computers and cooking. You might also find me playing some PC Games on steam as "chocheluisrf".