Skip to content


Repository files navigation

Contributors Forks Stargazers Issues MIT License Last Commit Repo Size



Android Penetration Tool [ RAT for Android ] 💀
View Release · Report Bug · Request Feature

⚖️ Legal Disclaimer: For Educational Purpose Only

Usage of XHUNTER for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Use Responsibly!

About The Project

There are many great Android RAT available on GitHub; however, I didn't find one that really suited my needs so I created this enhanced one. I want to create a RAT so amazing that it'll be the last one you ever need -- I think this is it.

Here's why:

  • The main reason, I did started on this project is to simplify the problem of connection between attacker and victim.[Eliminated all port forwarding and over the internet issues]
  • Followed by, I wanted to have control over victims using smartphone📱 with a simple UI app rather then a pc💻 or remote virtual machine🖥 with command line interface.

Of course, no one will serve all features since your needs may be different. So I'll be adding more in the near future. You may also suggest changes by forking this repo and creating a pull request or opening an issue.😀

(back to top)

Getting Started


Before we proceed one must have:

  • Android Device
  • Good Internet Connection

Installation and Usage

In order to use tool we must :

  • Setup your xhunter-server from here
  1. Download the latest version xhunter_vX.X.apk from release section: here
  2. Once downloaded, Install/Open the app in your device. If you face Unknown Source error see

  1. Once installed, Open app and select Build Payloads option and select any desired option to build payload :
  • Build WhatsApp Payload (use this option/payload to enable whatsapp message feature)
  • Build + Bind Payload (use this option/payload to bind xhunter malicious code with legitimate apk)

  1. Send the payload to the victim (use social engineering or other method)

  1. Once victim uses the payload you will get a active session of victim device to your device

In order to connect/listen to your victim you must :

  1. Select Start Listening option to listen for the active connection

  2. Once started listening you can select active victim device from device list and can access all the listed features below

(back to top)


  • ✅ Real time
  • ✅ receive any file or folder from target device
  • ✅ bind with other apps
  • ✅ fetch all whatsapp messages
  • ✅ fetch all whatsapp contacts
  • ✅ receive all target message
  • ✅ send sms with target device to any number
  • ✅ recive all target contacts
  • ✅ receive list of all installedd apps in target device
  • ⏳ delete any file or folder from target device
  • ⏳ capture main and front camera
  • ⏳ capture microphone
  • ⏳ receive last clipboard text


Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

(back to top)



Distributed under the MIT License. See for more information.

(back to top)