Access & Manage Android Phone Remotely – L3MON Tutorial

There is software available, like Metasploit, to gain remote access to any android phone. But other than that, we have the L3MON tool (A Cloud-based Remote Android Management Suite) for the same purpose.

Let’s discover how to install, set up, and utilize L3MON on the Kali Linux system.

L3MON gives a web-based interface to interact with the victim’s smartphone. The process is to create an APK payload, deliver it to the victim’s phone, and boom attacker got the victim’s phone session.

The features with L3MON deals are:

L3MON Tutorial

Install and Configure L3MON on Kali Linux

Update your system once before starting installation. As per the Prerequisites, the first thing we need to install is Java Runtime Environment

sudo apt-get install openjdk-8-jre

Once installed, you can issue the “java –version” command to check the JRE version.

After that, we need to install NodeJs , and for that, first, we will download the NodeJs package into our system.

curl -sL https://deb.nodesource.com/setup_13.x | sudo bash –

Now, we will install the NodeJs.

sudo apt-get install -y nodejs


Lastly, we need to install the pm2 process manager. If you don’t have “npm” installed in Kali Linux, you can install it with “apt-get install npm.”

sudo npm install pm2 -g

After installing all prerequisites, git clone the L3MON tool from Github.

wget https://github.com/D3VL/L3MON/releases/download/1.1.2/L3MON-v1.1.2.zip

Once the L3MON zip file downloads in Kali Linux, move and extract it to another folder created on Desktop.

Right-click on the extracted folder and open the terminal from there.

Install dependencies for L3MON.

npm install

Start the server with the following command and go to the localhost to check if the L3MON is loading up fine.

pm2 start index.js

To set up the password for login, first, stop the server.

pm2 stop index.js

Open the “JSON” file in any editor and set the login password.

The tool uses the MD5 hash of the password instead of plain text. For that, generate the hash of your desired password from any website.


Save the MD5 hash in the password field of the “maindb.json” file.

L3MON Tutorial

Again, start the server with the following command.

pm2 start index.js

Navigate to localhost in a browser with 22533 port.

Android Management Dashboard & APK builder

After successfully logging, go to the APK builder tab and set your system’s local IP address as we are trying this tutorial over LAN.

But if you want to use this tool over the WAN, you can use your public IP with port forwarding.

Once the APK builds, download and transfer it to the target’s android phone.

When the victim installs the malicious payload and gives all permissions to the application, the device will show up on the “Device tab.” Click on the manage button, and bang, you can control the targets device from there.

We can easily spy on the victim’s Android phones from this manager, like seeing contacts.

In Nutshell

L3MON is a cloud-based remote android management suite where we can spy on any android phone over LAN or WAN. We can install and configure the tool on Kali Linux, create a payload, transfer it to the target’s phone, and spy on the android phone.

Sana Qazi
Sana Qazi is a technical writer specialized in Information Security. She enjoys writing about technology and reading multiple genres like suspense. When not writing, she can be found traveling, dinning out, watching series etc. She manages her medium blog as well.

Most Popular

Android Tips and Tricks for Getting the Most from Your Phone

Gone are the days when phones were only used to make phone calls and send text messages; nowadays, smartphones are more akin to a...

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand...

Mobile Device Safety: Keeping your phone safe from intrusion

You might have heard that the iPhone is almost completely impossible to hack or that Samsung devices have some of the best firewalls in...

How to Detect Phishing Mails and Websites

Not long ago, phishing websites and mails looked quite unprofessional, they were peppered with spelling mistakes and had a distrustful design. Nowadays the digital...