Repository files navigation

JAMBOREE, originally an Android Testing Suite, has expanded.Completely Portable installer for a growing collection of Information Security and administrative tools, requiring no local admin rights. Check out the screenshots and support table below!

Get a working portable Python/Git/Java environment on Windows inSECONDS without having local administrator, regardless of your broken Python or other environment variables. Our open-source script downloads directly from proper sources without any binaries. While the code may not be perfect, it includes many useful PowerShell tricks.

• Run Android apps and pentest without the adware and malware of BlueStacks or NOX.

Portable, no-admin installer that provisions a Windows environment for Android app testing (AVD + Magisk + Frida + Objection + Burp) and a growing collection of adjacent security/admin tools. JAMBOREE builds a working portable Python/Git/Java stack in seconds without requiring local administrator access.

• Small, script-driven, open-source PowerShell setup
• No bundled binaries — downloads from upstream sources
• Designed to work even when system Python/Java paths are broken

Table of contents

• Features
• Quick start
• Examples (commands + screenshots)
• Requirements
• How it works
• Usage notes
• Videos & demos
• Credits
• Contributing & License

Features

• Android AVD (Android 11 / API 30) with Magisk and root support
• Frida / Objection preconfigured for app runtime testing
• Burp Suite / ZAP integration and proxy configs
• Portable Python (nuget), PortableGit and Java provisioning
• Optional tools collection: BloodHound (portable), PyCharm Portable, AUTOMATIC1111, AutoGPT, Volatility3, yt-dlp, Postgres (no-admin), SOCFortress/Velociraptor/Wazuh (WSL)
• Simple PowerShell UI for launching tools and AVDs
• Included Burp crawl config:%USERPROFILE%\AppData\Roaming\BurpSuite\ConfigLibrary_JAMBOREE_Crawl_Level_01.json

Quick start

1. DownloadJAMBOREE.ps1 into an empty folder, or run directly from a shell.
2. Right-click the script and select Run with PowerShell — or run from CMD/PowerShell using the single-line installer below.
3. Use the JAMBOREE PowerShell UI to start Burp and the AVD, then install and test target apps.

• Temporarily resets your windows $PATH environment variable to fix any issues with existing python/java installation
• Build a working Python environment in seconds using a tiny 16 meg nuget.org Python binary and portable PortableGit. Our solution doesn't require a package manager like Anaconda.

I would like to make it even easier to use but I don't want to spend more time developing it if nobody is going to use it! Please let me know if you like it and open bugs/suggestions/feature request etc! you can contact me athttps://rmccurdy.com !

WSL or just "virtual machine platform"

OR

• Local admin just to install Android AVD Driver or :

HAXM Intel driver (https://github.com/intel/haxm )

OR

AMD (https://github.com/google/android-emulator-hypervisor-driver-for-amd-processors )

Put JAMBOREE.ps1 file in a folder
Rightclick Run with PowerShell

OR

From command prompt

powershell -ExecutionPolicy Bypass -Command "iwr -UseBasicParsing https://raw.githubusercontent.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy/refs/heads/main/JAMBOREE.ps1 | iex"

More infomation on bypass Root Detection and SafeNethttps://www.droidwin.com/how-to-hide-root-from-apps-via-magisk-denylist/

( Watch the Video Tutorial below it's a 3-5 min process. You only have to setup once. After that it's start burp then start AVD )

Update Video with 7minsec Podcast!

(Video Tutorials)

https://youtu.be/pYv4UwP3BaU

USB Rubber Ducky Scripts & Payloads Python 3 Arduino DigiSpark

Old payloads:https://github.com/hak5/usbrubberducky-payloads/tree/1d3e9be7ba3f80cdb008885fac49be2ba926649d/payloads

PhreakNIC 24: Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)

https://www.youtube.com/watch?v=R1eu2Ui1ZLU

Included%USERPROFILE%\AppData\Roaming\BurpSuite\ConfigLibrary_JAMBOREE_Crawl_Level_01.json the "Headed" Browser is no longer supported

Rogdham/python-xz#4 for xz extraction in Python!!!

https://github.com/newbit1/rootAVD RootAVD

Six Degrees of Domain Admin

https://www.youtube.com/@specterops/videos

https://posts.specterops.io/cypher-queries-in-bloodhound-enterprise-c7221a0d4bb3

The BloodHound 4.3 Release Get Global Admin More Often.mp4 20230418

https://www.google.com/search?q=%22shortestPath%22+%22bloodhound%22+site:github.com

https://github.com/drak3hft7/Cheat-Sheet---Active-Directory

https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12

https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/

https://github.com/BloodHoundAD/BloodHound/wiki/Cypher-Query-Gallery

https://risky.biz/soapbox74/

https://bloodhoundhq.slack.com ( not sure how to get invite )

BloodHound Portable for Windows (You can run this without local admin. No Administrator required)

Presentation

1. Download the .ps1 script
2. Click the SharpHound button as a normal domain user Alternatively you can useRunas.exe inside of a VM under domain user context withrunas /netonly /user:"US.COMPANY.DOMAIN.COM\UESERNAME@COMPANY.COM" cmd or try/user:"DOMAIN\USERNAME" to run SharpHound.exe
3. Click Neo4j to start the database
4. Change the default Neo4j password. Wait for Neo4j You must change password athttp://localhost:7474
5. Click Bloodhound button to start bloodhound
6. Import the .zip of JSON files from the output ofSharpHound.exe -s --CollectionMethods All --prettyprint true

Parse Sharphound OutputPretty_Bloodhound.py ( not needed they fixed it )

** You may need to whitelist or disable Bloodhound/Sharphound in your Endpoint Security Software ( Or just obfucate it if your lucky... Resource Hacker or echo '' >> Sharphound.exe etc ... ) **

** Last tested Bloodhound 4.1.0 **

Credit:https://bloodhound.readthedocs.io/en/latest/_images/SharpHoundCheatSheet.png