Last active
March 19, 2026 11:08
-
-
Save anonymousik/f2766b52c33f3aa0dafc5a345450fd6f to your computer and use it in GitHub Desktop.
# System Hardening, Privacy Protection, Firewall Management
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/data/data/com.termux/files/usr/bin/bash | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # QTCS SECURITY MODULE v2.0.0 | |
| # System Hardening, Privacy Protection, Firewall Management | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| security_menu() { | |
| while true; do | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ SECURITY & PRIVACY SUITE ═══${C_RESET}\n" | |
| echo -e "${C_YELLOW}【 PRIVACY 】${C_RESET}" | |
| echo -e " ${C_YELLOW}1${C_RESET}) Privacy Audit" | |
| echo -e " ${C_YELLOW}2${C_RESET}) Disable Tracking Services" | |
| echo -e " ${C_YELLOW}3${C_RESET}) Block Telemetry" | |
| echo -e " ${C_YELLOW}4${C_RESET}) DNS Privacy (DoH/DoT)" | |
| echo "" | |
| echo -e "${C_YELLOW}【 HARDENING 】${C_RESET}" | |
| echo -e " ${C_YELLOW}5${C_RESET}) System Hardening" | |
| echo -e " ${C_YELLOW}6${C_RESET}) Secure Boot Check" | |
| echo -e " ${C_YELLOW}7${C_RESET}) Permission Audit" | |
| echo "" | |
| echo -e "${C_YELLOW}【 NETWORK SECURITY 】${C_RESET}" | |
| echo -e " ${C_YELLOW}8${C_RESET}) Firewall Status" | |
| echo -e " ${C_YELLOW}9${C_RESET}) Port Scanner" | |
| echo -e " ${C_YELLOW}10${C_RESET}) ADB Security Check" | |
| echo "" | |
| echo -e " ${C_YELLOW}0${C_RESET}) Back to Main Menu" | |
| echo "" | |
| read -p "$(echo -e ${C_CYAN}Select:${C_RESET} )" choice | |
| case "$choice" in | |
| 1) security_privacy_audit ;; | |
| 2) security_disable_tracking ;; | |
| 3) security_block_telemetry ;; | |
| 4) security_dns_privacy ;; | |
| 5) security_system_hardening ;; | |
| 6) security_secure_boot ;; | |
| 7) security_permission_audit ;; | |
| 8) security_firewall_status ;; | |
| 9) security_port_scan ;; | |
| 10) security_adb_check ;; | |
| 0) return ;; | |
| *) log ERROR "Invalid option" ; sleep 1 ;; | |
| esac | |
| done | |
| } | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # PRIVACY FUNCTIONS | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| security_privacy_audit() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ PRIVACY AUDIT ═══${C_RESET}\n" | |
| local issues=0 | |
| echo -e "${C_YELLOW}Scanning privacy settings...${C_RESET}\n" | |
| # Google Analytics | |
| progress_bar "Checking analytics" 1 10 | |
| local analytics=$(adb_execute "settings get secure analytics_enabled" 2>/dev/null) | |
| if [[ "$analytics" == "1" ]]; then | |
| echo -e "${C_RED}[✗]${C_RESET} Analytics enabled" | |
| issues=$((issues + 1)) | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Analytics disabled" | |
| fi | |
| # Location services | |
| progress_bar "Checking location" 2 10 | |
| local location=$(adb_execute "settings get secure location_mode" 2>/dev/null) | |
| if [[ "$location" != "0" ]]; then | |
| echo -e "${C_YELLOW}[⚠]${C_RESET} Location services active" | |
| issues=$((issues + 1)) | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Location services off" | |
| fi | |
| # Google Play Services | |
| progress_bar "Checking Play Services" 3 10 | |
| if adb_execute "pm list packages" | grep -q "com.google.android.gms"; then | |
| local gms_status=$(adb_execute "pm list packages -d" | grep "com.google.android.gms") | |
| if [[ -z "$gms_status" ]]; then | |
| echo -e "${C_YELLOW}[⚠]${C_RESET} Google Play Services enabled (data collection)" | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Play Services disabled" | |
| fi | |
| fi | |
| # Usage stats | |
| progress_bar "Checking usage stats" 4 10 | |
| local usage=$(adb_execute "settings get secure usage_stats_enabled" 2>/dev/null) | |
| if [[ "$usage" == "1" ]]; then | |
| echo -e "${C_RED}[✗]${C_RESET} Usage statistics enabled" | |
| issues=$((issues + 1)) | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Usage stats disabled" | |
| fi | |
| # Ad ID | |
| progress_bar "Checking advertising ID" 5 10 | |
| local adid=$(adb_execute "settings get secure advertising_id" 2>/dev/null) | |
| if [[ -n "$adid" && "$adid" != "null" ]]; then | |
| echo -e "${C_YELLOW}[⚠]${C_RESET} Advertising ID present: ${adid:0:8}..." | |
| issues=$((issues + 1)) | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Advertising ID disabled" | |
| fi | |
| # WebView tracking | |
| progress_bar "Checking WebView" 6 10 | |
| local webview=$(adb_execute "pm list packages" | grep "com.google.android.webview") | |
| if [[ -n "$webview" ]]; then | |
| echo -e "${C_YELLOW}[⚠]${C_RESET} Google WebView present (may track)" | |
| fi | |
| # DNS leaks | |
| progress_bar "Checking DNS privacy" 7 10 | |
| local dns_mode=$(adb_execute "settings get global private_dns_mode" 2>/dev/null) | |
| if [[ "$dns_mode" == "off" ]]; then | |
| echo -e "${C_RED}[✗]${C_RESET} DNS not encrypted (privacy risk)" | |
| issues=$((issues + 1)) | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Private DNS enabled: $dns_mode" | |
| fi | |
| # Backup to cloud | |
| progress_bar "Checking cloud backup" 8 10 | |
| local backup=$(adb_execute "bmgr enabled" 2>/dev/null) | |
| if echo "$backup" | grep -q "currently enabled"; then | |
| echo -e "${C_YELLOW}[⚠]${C_RESET} Cloud backup enabled (data uploaded to Google)" | |
| issues=$((issues + 1)) | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} Cloud backup disabled" | |
| fi | |
| # Package installer | |
| progress_bar "Checking installers" 9 10 | |
| local installer=$(adb_execute "pm list packages | grep packageinstaller") | |
| echo -e "${C_GRAY}Package installer: $(echo $installer | wc -l) variant(s)${C_RESET}" | |
| # Summary | |
| progress_bar "Generating report" 10 10 | |
| echo "" | |
| echo -e "${C_CYAN}╔════════════════════════════════════════════════════════╗${C_RESET}" | |
| if [[ $issues -eq 0 ]]; then | |
| echo -e "${C_GREEN}║ ✓ PRIVACY STATUS: GOOD ║${C_RESET}" | |
| else | |
| echo -e "${C_YELLOW}║ ⚠ PRIVACY ISSUES FOUND: $issues ║${C_RESET}" | |
| fi | |
| echo -e "${C_CYAN}╚════════════════════════════════════════════════════════╝${C_RESET}" | |
| if [[ $issues -gt 0 ]]; then | |
| echo "" | |
| read -p "Apply privacy fixes? (y/N): " fix | |
| [[ "$fix" =~ ^[Yy]$ ]] && security_apply_privacy_fixes | |
| fi | |
| press_any_key | |
| } | |
| security_apply_privacy_fixes() { | |
| echo -e "\n${C_YELLOW}Applying privacy fixes...${C_RESET}\n" | |
| # Disable analytics | |
| adb_execute "settings put secure analytics_enabled 0" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Analytics disabled" | |
| # Disable usage stats | |
| adb_execute "settings put secure usage_stats_enabled 0" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Usage stats disabled" | |
| # Reset advertising ID | |
| adb_execute "settings put secure advertising_id '00000000-0000-0000-0000-000000000000'" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Advertising ID reset" | |
| # Disable cloud backup | |
| adb_execute "bmgr enable false" 2>/dev/null | |
| echo -e "${C_GREEN}[✓]${C_RESET} Cloud backup disabled" | |
| log SUCCESS "Privacy fixes applied" | |
| } | |
| security_disable_tracking() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ DISABLE TRACKING SERVICES ═══${C_RESET}\n" | |
| local tracking_services=( | |
| "com.google.android.gms.analytics:Google Analytics" | |
| "com.google.android.gms.measurement:Firebase Analytics" | |
| "com.android.vending:Play Store Tracking" | |
| ) | |
| echo -e "${C_YELLOW}Disabling tracking services...${C_RESET}\n" | |
| for service_info in "${tracking_services[@]}"; do | |
| local package="${service_info%%:*}" | |
| local name="${service_info#*:}" | |
| if adb_execute "pm list packages" | grep -q "$package"; then | |
| adb_execute "pm disable-user --user 0 $package" 2>/dev/null && { | |
| echo -e "${C_GREEN}[✓]${C_RESET} Disabled: $name" | |
| } || { | |
| echo -e "${C_YELLOW}[SKIP]${C_RESET} $name" | |
| } | |
| fi | |
| done | |
| log SUCCESS "Tracking services disabled" | |
| press_any_key | |
| } | |
| security_block_telemetry() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ BLOCK TELEMETRY ═══${C_RESET}\n" | |
| echo -e "${C_YELLOW}Blocking telemetry endpoints...${C_RESET}\n" | |
| # Disable Google telemetry | |
| adb_execute "settings put global send_action_app_error 0" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Error reporting disabled" | |
| adb_execute "settings put global wifi_scan_always_enabled 0" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Wi-Fi scanning disabled" | |
| adb_execute "settings put global network_recommendations_enabled 0" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Network recommendations disabled" | |
| # Block via hosts (if ROOT) | |
| if adb_execute "su -c 'id'" 2>&1 | grep -q "uid=0"; then | |
| echo -e "${C_YELLOW}[ROOT] Blocking via hosts file...${C_RESET}" | |
| local telemetry_domains=( | |
| "google-analytics.com" | |
| "analytics.google.com" | |
| "googletagmanager.com" | |
| "doubleclick.net" | |
| "crashlytics.com" | |
| ) | |
| for domain in "${telemetry_domains[@]}"; do | |
| adb_execute "su -c 'echo \"127.0.0.1 $domain\" >> /system/etc/hosts'" | |
| done | |
| echo -e "${C_GREEN}[✓]${C_RESET} Hosts file updated" | |
| fi | |
| log SUCCESS "Telemetry blocked" | |
| press_any_key | |
| } | |
| security_dns_privacy() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ DNS PRIVACY ═══${C_RESET}\n" | |
| echo "Select DNS provider:" | |
| echo " 1) Cloudflare (privacy-focused)" | |
| echo " 2) Quad9 (blocks malware)" | |
| echo " 3) AdGuard (blocks ads + tracking)" | |
| echo " 4) NextDNS (custom filters)" | |
| echo " 5) Disable private DNS" | |
| read -p "Choice: " dns_choice | |
| case "$dns_choice" in | |
| 1) | |
| adb_execute "settings put global private_dns_mode hostname" | |
| adb_execute "settings put global private_dns_specifier one.one.one.one" | |
| log SUCCESS "Cloudflare DNS configured" | |
| ;; | |
| 2) | |
| adb_execute "settings put global private_dns_mode hostname" | |
| adb_execute "settings put global private_dns_specifier dns.quad9.net" | |
| log SUCCESS "Quad9 DNS configured" | |
| ;; | |
| 3) | |
| adb_execute "settings put global private_dns_mode hostname" | |
| adb_execute "settings put global private_dns_specifier dns.adguard.com" | |
| log SUCCESS "AdGuard DNS configured" | |
| ;; | |
| 4) | |
| read -p "Enter NextDNS profile ID: " nextdns_id | |
| adb_execute "settings put global private_dns_mode hostname" | |
| adb_execute "settings put global private_dns_specifier ${nextdns_id}.dns.nextdns.io" | |
| log SUCCESS "NextDNS configured" | |
| ;; | |
| 5) | |
| adb_execute "settings put global private_dns_mode off" | |
| log WARN "Private DNS disabled" | |
| ;; | |
| esac | |
| press_any_key | |
| } | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # HARDENING FUNCTIONS | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| security_system_hardening() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ SYSTEM HARDENING ═══${C_RESET}\n" | |
| echo -e "${C_RED}${C_BOLD}WARNING:${C_RESET} Some changes may affect functionality\n" | |
| read -p "Continue? (y/N): " confirm | |
| [[ ! "$confirm" =~ ^[Yy]$ ]] && return | |
| echo -e "\n${C_YELLOW}Applying hardening...${C_RESET}\n" | |
| # Disable USB debugging when screen off | |
| adb_execute "settings put global adb_enabled 0" 2>/dev/null | |
| echo -e "${C_GREEN}[✓]${C_RESET} ADB auto-disable enabled" | |
| # Disable unknown sources | |
| adb_execute "settings put secure install_non_market_apps 0" 2>/dev/null | |
| echo -e "${C_GREEN}[✓]${C_RESET} Unknown sources blocked" | |
| # Enable screen lock timeout | |
| adb_execute "settings put system screen_off_timeout 60000" | |
| echo -e "${C_GREEN}[✓]${C_RESET} Screen timeout: 1 minute" | |
| # Disable developer options display | |
| adb_execute "settings put global development_settings_enabled 0" 2>/dev/null | |
| echo -e "${C_GREEN}[✓]${C_RESET} Developer options hidden" | |
| log SUCCESS "System hardening complete" | |
| press_any_key | |
| } | |
| security_secure_boot() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ SECURE BOOT CHECK ═══${C_RESET}\n" | |
| # Check bootloader status | |
| local bootloader=$(adb_execute "getprop ro.boot.verifiedbootstate" 2>/dev/null) | |
| echo -e "${C_WHITE}Verified Boot:${C_RESET} ${bootloader:-unknown}" | |
| # Check SELinux | |
| local selinux=$(adb_execute "getenforce" 2>/dev/null) | |
| if [[ "$selinux" == "Enforcing" ]]; then | |
| echo -e "${C_WHITE}SELinux:${C_RESET} ${C_GREEN}Enforcing (secure)${C_RESET}" | |
| else | |
| echo -e "${C_WHITE}SELinux:${C_RESET} ${C_RED}$selinux (insecure)${C_RESET}" | |
| fi | |
| # Check encryption | |
| local encrypted=$(adb_execute "getprop ro.crypto.state" 2>/dev/null) | |
| echo -e "${C_WHITE}Encryption:${C_RESET} ${encrypted:-unknown}" | |
| press_any_key | |
| } | |
| security_permission_audit() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ PERMISSION AUDIT ═══${C_RESET}\n" | |
| echo -e "${C_YELLOW}Scanning dangerous permissions...${C_RESET}\n" | |
| local dangerous_perms=( | |
| "android.permission.READ_CONTACTS" | |
| "android.permission.READ_SMS" | |
| "android.permission.ACCESS_FINE_LOCATION" | |
| "android.permission.CAMERA" | |
| "android.permission.RECORD_AUDIO" | |
| ) | |
| for perm in "${dangerous_perms[@]}"; do | |
| local apps=$(adb_execute "pm list packages -g | grep $perm" 2>/dev/null | wc -l) | |
| echo -e "${C_GRAY}$perm:${C_RESET} $apps apps" | |
| done | |
| press_any_key | |
| } | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| # NETWORK SECURITY | |
| # ═══════════════════════════════════════════════════════════════════════════ | |
| security_firewall_status() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ FIREWALL STATUS ═══${C_RESET}\n" | |
| # Check iptables (requires ROOT) | |
| if adb_execute "su -c 'id'" 2>&1 | grep -q "uid=0"; then | |
| echo -e "${C_YELLOW}Checking iptables rules...${C_RESET}\n" | |
| adb_execute "su -c 'iptables -L -n'" | head -20 | |
| else | |
| echo -e "${C_RED}ROOT required for firewall management${C_RESET}" | |
| fi | |
| press_any_key | |
| } | |
| security_port_scan() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ PORT SCANNER ═══${C_RESET}\n" | |
| echo -e "${C_YELLOW}Scanning common ports...${C_RESET}\n" | |
| local ports=(22 23 80 443 5555 8080) | |
| for port in "${ports[@]}"; do | |
| if adb_execute "netstat -an | grep LISTEN | grep :$port" | grep -q "$port"; then | |
| echo -e "${C_RED}[OPEN]${C_RESET} Port $port" | |
| else | |
| echo -e "${C_GREEN}[CLOSED]${C_RESET} Port $port" | |
| fi | |
| done | |
| press_any_key | |
| } | |
| security_adb_check() { | |
| show_header | |
| echo -e "${C_CYAN}${C_BOLD}═══ ADB SECURITY CHECK ═══${C_RESET}\n" | |
| # Check ADB state | |
| local adb_tcp=$(adb_execute "getprop service.adb.tcp.port" 2>/dev/null) | |
| if [[ "$adb_tcp" == "5555" ]]; then | |
| echo -e "${C_RED}[⚠]${C_RESET} ADB over network enabled (security risk)" | |
| else | |
| echo -e "${C_GREEN}[✓]${C_RESET} ADB network disabled" | |
| fi | |
| # Check authorized keys | |
| echo -e "\n${C_WHITE}ADB Key Status:${C_RESET}" | |
| local keys=$(adb_execute "ls -la /data/misc/adb/adb_keys" 2>/dev/null) | |
| if [[ -n "$keys" ]]; then | |
| echo -e "${C_YELLOW}Authorized keys present${C_RESET}" | |
| else | |
| echo -e "${C_GREEN}No saved keys${C_RESET}" | |
| fi | |
| press_any_key | |
| } | |
| # Export for module loader | |
| export -f security_menu |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment