It has been a month. Time for some bounty!
It's been one month since we have launched the Android Framework for Exploitation. We hope everyone enjoyed using the framework and used it for his individual/enterprise usage.
Today, we are launching the bounty for AFE. Since, this is a free and open source tool, we won’t be giving out cash rewards, but we’ll surely be sending out some amazing gifts at your place, in return for the efforts you put in to develop a plugin for the framework.
The plugins could be based on both app-vulnerability, as well as to extend the functionality/adding new feature to the framework.
There are no fixed amount of gifts we could send out, it all depends on the community response. Once you submit your plugin to firstname.lastname@example.org, with a brief introduction of it, we will be integrating and pushing it in the next update. You could see the update at http://github.com/xysec/AFE/commits.
You can ask your friends to vote up for your plugin, once it appears on this website
There are 2 repos : AFE Server and AFE.
AFE Server is the application apk, which you need to install in your emulator/phone in order to use 'some' of the features of the framework, such as checking for apps having vulnerable content providers.
Once, you have installed it in your device/emulator, and started the server, you could type in the connect localhost from your AFE menu.
AFE is the main repo, which contains the python files and other necessary modules in order to create the malware, botnet and inject the malware service into a legitimate APK.
Usage of the other features are documented in the Manual as well.
Do let us know in case you need any other kind of information.
Feel free to visit our website for more information about us.
And lastly, but most importantly, feel free to develop your plugins and contribute to the framework and community. Developing plugins has been illustrated in the Manual as well. You could also create application specific plugins, such as based on a particular app, having vulnerable content provider, insecure file storage, and exploiting that vulnerability automatically using AFE.