Friday, 23 October 2015

ANDROID APPS FOR PENETRATION TESTING


"BY INSTALLING THESE APP'S ON YOUR ANDROID SMART PHONE &  YOU CAN TURN IT INTO A SUPER HACKING DEVICE"


According to Wikipedia-

"A penetration test, or sometimes pentest, is a software attack on a computer system that looks for security weaknesses, potentially gaining access to the computer's features and data."

.
.
.
There are various app for the pen-testing..for android platform. 


1. dSploit (Free)

dSploit is Android network penetration testing suit. It comes with all-in-one network analysis capabilities. So, you can use this app on your Android device and perform network security testing. It has various pre-complied modules to use.
dSploit supports all Android devices and it needs rooted device. If you are newbie, we will never recommend you to use the app if you don’t know how to root your Android device. After rooting your device, you need to install BusyBox Installer. Download BusyBox from Google Play
 Then download the app from the link given below.
 App is available on github: https://github.com/evilsocket/dsploit/downloads
 These are the available modules in the app.
1.       RouterPWN
2.       Trace
3.       Port Scanner
4.       Inspector
5.       Vulnerability Finder
6.       Login Cracker
7.       Packet Forger
8.       MITM


2. Network Spoofer

Network Spoofer is another nice app that lets you change the website on other people’s computer from your Android phone. Open Network Spoofer app and then log onto the Wi-Fi network. Choose a spoof to use with the app then tap on start. This app is considered as a malicious hacking tool by network administrators. So, don’t try on unauthorized networks. This is not a penetration testing app. It’s just to demonstrate how vulnerable the home network is.
Download this app from sourceforge http://sourceforge.net/projects/netspoof/


3. Network Discovery

Network Discovery doesn’t need a rooted device. This app has a simple and easy to use interface. It views all the networks and devices connected to your Wi-Fi network. The application identifies the OS and manufacturer of the device. Thus the app helps in information gathering on the connected Wi-Fi network.


4. Shark for Root

Shark for Root is a traffic sniffer app. It works fine on 3G and Wi-Fi: both network connectivity options. You can see the dump on phone by using Shark Reader that comes with the app. You can also use Wireshark a similar tool to open the dump on the system. So, start sniffing data on your Android device and see what others are doing.

5. Penetrate Pro

Penetrate Pro is for Wi-Fi decoding. It can calculate the WEP/WAP keys for some wireless routers. If you have installed an Antivirus app, it may detect Penetrate Pro app as virus. But this app is a security tool and it will not affect or harm your device.
6. DroidSheep [Root]

DroidSheep is a session hijacking tool for Android devices. This is an app for security analysis in wireless networks. It can capture Facebook, Twitter, and LinkedIn, Gmail or other website accounts easily. You can hijack any active web account on your network with just a tap by using the DroidSheep app. It can hijack any web account.
This app demonstrates the harm of using any public Wi-Fi.
Download this app from here: http://droidsheep.de/?page_id=23


7. DroidSheep Guard

DroidSheep Guard does not require a rooted device. This app monitors Android devices’ ARP-table and tries to detect ARP-Spoofing attack on the network performed by DroidSheep, FaceNiff and other software.


8. WPScan

WpScan is the WordPress vulnerability scanner for Android devices. It is used to scan a WordPress based website and find all the security vulnerabilities it has. WPScan also has a desktop version of the app that is much powerful than the Android app. We know that WordPress is one of the most popular CMS and is being used by millions of websites.
The app was released on Google Play but Google removed the app. The full source code of the app is available from Github. One thing to note that WPScan Android app is not related to the desktop version of WPScan. So, never think it as an official WPScan app.
Download app and source code: https://github.com/clshack/WPScan


9. Nessus

Nessus is a popular penetration testing tool that is used to perform vulnerability scans with its client/server architecture. It also released its mobile app to bring its power on mobile devices. Nessus Android app can perform following tasks.
·         Connect to a Nessus server (4.2 or greater)
·         Launch existing scans on the server
·         Start, stop or pause running scans
·         Create and execute new scans and scan templates
·         View and filter reports
This app was released on Google Play store almost 2 years back by Tenable Network Security. Later Google removed the app from Play store. Now the official link has been removed. So you can try downloading links available on third party websites. But be careful and check the app first.

10. FaceNiff

FaceNiff  requires a rooted Android device. It can sniff and intercept the web sessions over the Wi-Fi. This app is similar to DroidSheep, added earlier in the post. You can also say Firesheep for Android devices. Use of this app may be illegal in your area. So, use it wisely.


11. Network Mapper

Network Mapper is a fast scanner for network admins. It can easily scan your network and export the report as CVS to your Gmail. It lists all devices in your LAN along with details. Generally, the app is used to find Open ports of various servers like FTP servers, SSH servers, SMB servers etc. on your network. The tool works really fast and gives effective results.


12. Router Bruteforce ADS 2

If you are connected to a wi-Fi network and you want to access the router of the network, you can use Router Bruteforce ADS 2 app. This app performs Bruteforce attack to get the valid password of the router. It has a list of default passwords that it tries on the router. Most of the time, the app cracks the password. But you cannot be 100% sure in Bruteforce attack.
It comes with a sample txt file which contains 398 default passwords used in different routers. You can add more passwords in the list. But there is one limitation. This app only works with dictionary file of less than 5 MB. And try it only when you have good Wi-Fi signal. This is an experiment app and the developer also warns users to try at own risk.
Download Router Bruteforce ADS 2 from Google Play:https://play.google.com/store/apps/details?id=evz.android.rbf_ads&hl=en


13. Andosid

AnDOSid is another nice application that can be used to perform DOS attacks from Android mobile phones. It is like LOIC tool for desktop. In the app, you can set target URL, payload size and time difference between two requests. After that click on big GO button to launch DOS attack on a website. It will start flooding target URL with fake request. Use this app if you have a powerful device. Avoid if you have low cost entry level device.

No comments:

WINDOWS SUBSYSTEM FOR LINUX

Microsoft partnered with Canonical (creator of Ubuntu) to bring Linux environment experience in Windows 10. Through Windows Subsystem F...