_   _            _     _
      /\     | | | |          | |   (_)
     /  \    | |_| |__   ___  | |__  _   ___   _ __
    / /\ \   | __|  _ \ / _ \ |  _ \| | / _ \ |  _ \
   / ____ \  | |_| | | |  __/ | | | | || (_) || | | |
  /_/    \_\  \__|_| |_|\___| |_| |_|_| \___/ |_| |_|
  

Aetherion

Android Security Assessment & Remote Management Framework

Installation • Quick Start • Features • Interactive Console • CLI Reference • Configuration • Plugins • Development

Baca dalam Bahasa Indonesia

---

Overview

Aetherion is an all-in-one Android security toolkit that combines network scanning, exploitation, post-exploitation, persistence, intelligence gathering, and reporting into a single CLI/TUI tool.

It targets CVE-2026-0073 (TLS mutual authentication bypass on wireless ADB) and provides a full post-exploitation suite for authorized penetration testing engagements.

Two modes of operation:

• CLI — direct commands for scripting and automation
• Interactive console — menu-driven TUI similar to msfconsole

---

Installation

One-liner (recommended)

git clone https://github.com/your-username/aetherion.git
cd aetherion
bash setup.sh

The setup script handles everything: Python venv, dependencies, ADB download, and shell configuration (bash/zsh/fish/ksh/tcsh/nushell/xonsh/elvish).

Manual

git clone https://github.com/your-username/aetherion.git
cd aetherion
python3 -m venv .venv && source .venv/bin/activate
pip install -e .
aetherion --version

Docker

docker build -t aetherion .
docker run --rm -it --network host aetherion

Requirements

• Python 3.10+
• Linux (Ubuntu, Debian, Fedora, Arch) or macOS
• curl and unzip (for ADB auto-download)
• On Ubuntu/Debian: sudo apt install python3-venv (separate package)

Optional external tools (depending on which features you use):

• adb — auto-downloaded by setup script
• apktool — APK obfuscation
• msfvenom / msfconsole — Metasploit bridge
• ngrok — tunnel management

---

Quick Start

# Scan local network for ADB-enabled devices
aetherion local scan 192.168.1.0/24

# Check if a target is vulnerable
aetherion exploit check 192.168.1.100

# Exploit CVE-2026-0073
aetherion exploit cve-2026-0073 192.168.1.100 --cmd "id"

# Extract contacts
aetherion post contacts --output ./loot/

# Full device fingerprint
aetherion intel fingerprint

# Generate HTML report
aetherion report generate --format html --output ./report.html

# Show all commands
aetherion --help

---

Features

Scanning & Device Management

• Network scanner (ARP + TCP connect + ADB probe)
• Multi-device session manager with USB & WiFi support
• Subnet validation and auto-connect

CVE-2026-0073 Exploitation

• TLS mutual authentication bypass on wireless ADB
• EC P-256 + Ed25519 certificate generation
• Patch level checker (pre-May 2026 ASB)
• Retry with exponential backoff

Post-Exploitation

• Contacts & SMS extraction to CSV
• WhatsApp / Telegram / Signal database pull
• Screenshot, screen recording
• Remote tap, swipe, keyevent, text input
• File push/pull with optional AES encryption
• APK management (install, backup, list)
• Microphone toggle, logcat viewer

Obfuscation Engine

• Multi-layer string encryption (XOR + Base64 + AES-128-CBC)
• APK decompile, inject, repack, sign
• TLS SNI spoofing and WebSocket traffic camouflage
• Manifest randomization

Persistence & Stealth

• Boot persistence (init.d, Magisk, cron, AlarmManager)
• Process hiding via mount namespace
• Log wiping (logcat, dmesg, tombstones)
• App cloning as system app

Intelligence

• Device fingerprint (30+ properties)
• Credential harvester (WiFi, OAuth, cookies)
• SOCKS5 proxy through victim device

Integrations

• Shodan — search for exposed ADB devices worldwide
• Metasploit — payload generation, session management via msfrpcd
• Ngrok — TCP/HTTP tunnels for reverse shells

Reporting

• HTML/PDF security assessment reports
• JSON-lines audit log export
• Session state persistence (SQLite)

Plugin System

• Extend Aetherion with custom modules
• YAML manifest + Python class
• Scaffold generator included
• See docs/PLUGINS.md for details

---

Interactive Console

Run aetherion without arguments to enter the interactive console:

╔══════════════════════════════════════════════════════════════╗
║           A E T H E R I O N   v1.0.0                        ║
║     Android Security Assessment Framework                   ║
╚══════════════════════════════════════════════════════════════╝

 [1]     Local Device Management
 [2]     Exploitation (CVE-2026-0073)
 [3]     Post-Exploitation
 [4]     Shodan Scanner
 [5]     Ngrok Tunnels
 [6]     Metasploit Bridge
 [7]     Obfuscation Engine
 [8]     Persistence & Stealth
 [9]     Intelligence & Proxy
 [10]    Reports & Logs
 [11]    Session & Plugins

[aetherion/main] > 

Navigate by number, type CLI commands directly, or use shortcut aliases. Tab completion and persistent command history are built in.

---

CLI Reference

aetherion
├── local        scan / connect / devices / interact
├── exploit      check / cve-2026-0073 / auto-root
├── post         contacts / sms / screen / tap / swipe / key / url / push / pull / ls / packages
├── extras       chats / mic / logcat
├── shodan       search / exploit-all / config
├── ngrok        start / stop / status
├── msf          gen-payload / push-payload / run-listener / list-payloads / sessions
├── obfus        string / apk / traffic / manifest
├── persist      install / check / remove / hide-proc / wipe-logs / clone-app
├── intel        fingerprint / harvest / proxy
├── ops          save / load / history / config / plugins / cleanup
├── report       generate / export-logs
├── setup        Post-install setup wizard
├── interactive  Launch interactive console
└── uninstall    Remove Aetherion completely

Use aetherion <command> --help for detailed usage of any subcommand.

---

Configuration

Default config lives at config.yaml or ~/.aetherion/config.yaml:

shodan:
  api_key: ""
  cache_ttl: 3600
ngrok:
  auth_token: ""
  region: "us"
msf:
  msfvenom_path: /usr/bin/msfvenom
  msfconsole_path: /usr/bin/msfconsole
logging:
  level: INFO
  file: aetherion.log
  format: json
scanner:
  timeout: 2.0
  retries: 3

For full configuration reference, see docs/CONFIGURATION.md.

---

Uninstall

# Recommended — removes everything cleanly
bash uninstall.sh

# Or via CLI
aetherion uninstall

This removes ~/.aetherion/, shell RC blocks, wrapper scripts, and optionally the pip package.

---

Documentation

Document	Description
docs/CONFIGURATION.md	Full config reference, data locations, environment variables
docs/PLUGINS.md	Plugin system — concept, API, writing your own
docs/DEVELOPMENT.md	Architecture, testing, contributing

---

Platform Support

Platform	Status
Ubuntu / Debian	Fully supported
Fedora / Arch	Fully supported
macOS	Works (Homebrew Python required)
Windows	Not supported

---

Disclaimer

This tool is for authorized security testing only.

Use Aetherion only on systems you own or have explicit written permission to test. Unauthorized access to computer systems is illegal in most jurisdictions.

The authors assume no liability for misuse of this software.

---

License

MIT. See LICENSE for details.