Installation on Heroku
First, you must create a Heroku account.
Create a Heroku account

Once your account is confirmed by email; click on Create a New App in the Heroku panel. Enter the name of the application and click Create App.

Now install Heroku CLI on your PC, with the instructions here. Alternatively, if you have Node and NPM installed, you can run the following command to install Heroku:
npm install -g heroku

Now open your terminal and run the command git clone. This will download the latest version of XploitSPY to your PC
git clone
https://github.com/XploitWizer/XploitSPYAfter successfully cloning change the directory to XploitSPY using the command cd XploitSPY
Cd XploitSPY
Now login to Heroku CLI using the following command.
heroku login -i
After giving heroku login -i command enter the credential that you provided on the Heroku website at the time of signup. After entering your credential press enter.
After successful login, you will see the following things mentioned in the below image.

Now we can access the remote app that we have created. Run the following command in a terminal, where it appName will be the name of your application that you chose when creating the application.
heroku git:remote -a appName
Now run the below command to install packages:
heroku buildpacks:add heroku/jvm
then,run:
heroku buildpacks:add heroku/nodejs
Now run this command in your terminal git push heroku master, if you update the existing application or face any error, run this command git push -f heroku master.
git push heroku master
If you follow my every step correctly then you will see the following screen:

Now Everything is ready and complete, now you can visit your domain displayed in the terminal.
Default username: admin and default password : password
3. Installation in VPS or Server
Connect to your server via SSH
Install JRE 9+
In Debian, Ubuntu, etc you can use the following command:
sudo apt install openjdk-11-jre-headless
Fedora, Oracle, Red Hat, etc.
sudo yum install java-11-openjdk-devel
Install the NodeJS instructions (if you can't solve this you really shouldn't be using this)
Install pm2
sudo npm install pm2 -g
Clone this repository:
git clone
https://github.com/XploitWizer/XploitSPY.gitNow you need to change to the server directory and run these commands
#install dependencies
npm install
# Start the script
sudo pm2 start index.js
# start XploitSPY
sudo pm2 startup
Default username: admin and default password: password
XploitSPY now only works on port 80 for web and client. It is recommended to run XploitSPY behind a reverse proxy like NGINX
4. Spy/Hack Android
First, we will log in to the URL that we had generated in section 2. The default login credentials are admin and password.

Next, the administration panel will be presented there. At the moment, there is no device “hacked”.
So, we must create the APK ( APK Builder) and install it on the victim's smartphone.

After building and downloading the app on your pc send this app to your victim with some social engineering techniques. Or you can send the app to your victim via file upload or on WhatsApp.
Once the victim has installed the APK, we will have remote access to the device.

From the button Manage, we can manage different settings of the phone. such as Messages, Calls, Applications, Microphone, Contacts, File manager, GPS, etc.

Note: This is for educational purpose only don't use this method of hacking on anyone until you have written permission to do this. The purpose of this article is to make you safe from these kinds of attacks. If you hack anyone without the knowledge of the victim then you can be in trouble.
Now you can browse approx each and everything that is present in the victim device. If you like our article show your love by sharing the article on social media.
If you face any problem then feel free to ask in the comment section.
