"BY
INSTALLING THESE APP'S ON YOUR ANDROID SMART PHONE & YOU CAN TURN IT
INTO A SUPER HACKING DEVICE"
According to Wikipedia-
"A penetration test, or sometimes pentest, is a software attack on a computer system that looks for security weaknesses, potentially gaining access to the computer's features and data."
.
.
.
There are various app for the pen-testing..for android platform.
1. dSploit (Free)
dSploit is Android
network penetration testing suit. It comes with all-in-one network analysis
capabilities. So, you can use this app on your Android device and perform
network security testing. It has various pre-complied modules to use.
dSploit
supports all Android devices and it needs rooted device. If you are newbie, we
will never recommend you to use the app if you don’t know how to root your
Android device. After rooting your device, you need to install BusyBox
Installer. Download BusyBox from Google Play
Then
download the app from the link given below.
These are the
available modules in the app.
1. RouterPWN
2. Trace
3. Port Scanner
4. Inspector
5. Vulnerability
Finder
6. Login Cracker
7. Packet Forger
8. MITM
2. Network Spoofer
Network Spoofer is
another nice app that lets you change the website on other people’s computer
from your Android phone. Open Network Spoofer app and then log onto the Wi-Fi
network. Choose a spoof to use with the app then tap on start. This app is
considered as a malicious hacking tool by network administrators. So, don’t try
on unauthorized networks. This is not a penetration testing app. It’s just to
demonstrate how vulnerable the home network is.
Download
this app from sourceforge http://sourceforge.net/projects/netspoof/
3. Network Discovery
Network Discovery doesn’t
need a rooted device. This app has a simple and easy to use interface. It views
all the networks and devices connected to your Wi-Fi network. The application
identifies the OS and manufacturer of the device. Thus the app helps in
information gathering on the connected Wi-Fi network.
Download
app from Google Play: https://play.google.com/store/apps/details?id=info.lamatricexiste.network
4. Shark for Root
Shark for Root is a traffic
sniffer app. It works fine on 3G and Wi-Fi: both network connectivity options.
You can see the dump on phone by using Shark Reader that comes with the app.
You can also use Wireshark a similar tool to open the dump on the system. So,
start sniffing data on your Android device and see what others are doing.
5. Penetrate Pro
Penetrate Pro is for
Wi-Fi decoding. It can calculate the WEP/WAP keys for some wireless routers. If
you have installed an Antivirus app, it may detect Penetrate Pro app as virus.
But this app is a security tool and it will not affect or harm your device.
6. DroidSheep [Root]
DroidSheep is a
session hijacking tool for Android devices. This is an app for security
analysis in wireless networks. It can capture Facebook, Twitter, and LinkedIn,
Gmail or other website accounts easily. You can hijack any active web account
on your network with just a tap by using the DroidSheep app. It can hijack any
web account.
This app demonstrates
the harm of using any public Wi-Fi.
Download
this app from here: http://droidsheep.de/?page_id=23
7. DroidSheep Guard
DroidSheep Guard does
not require a rooted device. This app monitors Android devices’ ARP-table and
tries to detect ARP-Spoofing attack on the network performed by DroidSheep,
FaceNiff and other software.
Download
DroidSheep Guard from Google Play:https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&feature=search_result
8. WPScan
WpScan is the
WordPress vulnerability scanner for Android devices. It is used to scan a
WordPress based website and find all the security vulnerabilities it has.
WPScan also has a desktop version of the app that is much powerful than the
Android app. We know that WordPress is one of the most popular CMS and is being
used by millions of websites.
The app was released
on Google Play but Google removed the app. The full source code of the app is
available from Github. One thing to note that WPScan Android app is not related
to the desktop version of WPScan. So, never think it as an official WPScan app.
Download
app and source code: https://github.com/clshack/WPScan
9. Nessus
Nessus is a popular
penetration testing tool that is used to perform vulnerability scans with its
client/server architecture. It also released its mobile app to bring its power
on mobile devices. Nessus Android app can perform following tasks.
·
Connect to a Nessus server (4.2 or greater)
·
Launch existing scans on the server
·
Start, stop or pause running scans
·
Create and execute new scans and scan templates
·
View and filter reports
This app was released
on Google Play store almost 2 years back by Tenable Network Security. Later
Google removed the app from Play store. Now the official link has been removed.
So you can try downloading links available on third party websites. But be
careful and check the app first.
10. FaceNiff
FaceNiff requires a rooted Android device. It can sniff
and intercept the web sessions over the Wi-Fi. This app is similar to
DroidSheep, added earlier in the post. You can also say Firesheep for Android
devices. Use of this app may be illegal in your area. So, use it wisely.
11. Network Mapper
Network Mapper is a
fast scanner for network admins. It can easily scan your network and export the
report as CVS to your Gmail. It lists all devices in your LAN along with
details. Generally, the app is used to find Open ports of various servers like
FTP servers, SSH servers, SMB servers etc. on your network. The tool works
really fast and gives effective results.
Download
Network Mapper for Google Play Store:https://play.google.com/store/apps/details?id=org.prowl.networkmapper&hl=en
12. Router Bruteforce ADS 2
If you are connected
to a wi-Fi network and you want to access the router of the network, you can
use Router Bruteforce ADS 2 app. This app performs Bruteforce attack to get the
valid password of the router. It has a list of default passwords that it tries
on the router. Most of the time, the app cracks the password. But you cannot be
100% sure in Bruteforce attack.
It comes with a sample
txt file which contains 398 default passwords used in different routers. You
can add more passwords in the list. But there is one limitation. This app only
works with dictionary file of less than 5 MB. And try it only when you have
good Wi-Fi signal. This is an experiment app and the developer also warns users
to try at own risk.
Download
Router Bruteforce ADS 2 from Google Play:https://play.google.com/store/apps/details?id=evz.android.rbf_ads&hl=en
13. Andosid
AnDOSid is another
nice application that can be used to perform DOS attacks from Android mobile
phones. It is like LOIC tool for desktop. In the app, you can set target URL,
payload size and time difference between two requests. After that click on big
GO button to launch DOS attack on a website. It will start flooding target URL
with fake request. Use this app if you have a powerful device. Avoid if you
have low cost entry level device.
No comments:
Post a Comment