Now days, smartphones and tablets are most the popular gadgets. If we
see recent stats, global PC sale has also been decreasing for the past
few months. The reason behind this is that people utilize tablets for
most of their work. And there is no need to explain that Android is
ruling global smartphone and tablet markets. Android is most popular
mobile OS with more than 60% market share.
So, companies are now focusing on bringing their software as a mobile
app for Android. These apps include office apps, photo editing apps,
instant messaging apps and penetration testing apps. If you have an
Android smartphone, you can start your next penetration testing project
from your Android phone. There are few android apps that can turn your
Android device into a hacking device. Although, these apps have so many
limitations and can only be used for few specific tasks. You can never
get the same experience as you get with your PC. But smaller jobs can be
performed. Apps for penetration testers are not available widely, but
hackers can enjoy this platform in a better way. There are many Wi-Fi
hacking and sniffing apps available.
As we already said that Android is ruling smartphone and tablet markets,
developers are also creating more apps for Android devices. This is the
reason why the Android market has millions of apps. Like websites, apps
also need penetration testing to check for various vulnerabilities.
Security testing for Android apps will need to have a penetration
testing environment on your Android device.
- Most of the apps work on Rooted Android devices. So root your
Android device first. If you are not sure how to do it, learn how to by,
reading one of the many sites available to help with this process.
- You will lose your device’s warranty if you root it, so think twice before proceeding.
- These apps can also harm your Android device. So please try these apps at your own risk.
Android apps for Penetration testing :
1. dSploit
dSploit is a nice Android network penetration testing suit. It comes
with all-in-one network analysis capabilities. Like most of the other
penetration testing tools, it also comes for free. So, you can download
and use this app on your Android device and perform network security
testing. It has various pre-complied modules to use. The app is designed
to be very fast, handy and easy to use, it’s just point and click.
dSploit supports all Android devices running on Android 2.3
Gingerbread or higher, and you also need to root your device. If you are
newbie, we will never recommend you to use the app if you don’t know
how to root your Android device. After rooting your device, you need to
install BusyBox Installer.
Download BusyBox from Google Play Store
Then download the app from the link given below.
dSploit source code is available on github
These are the available modules in the app.
- RouterPWN
- Trace
- Port Scanner
- Inspector
- Vulnerability Finder
- Login Cracker
- Packet Forger
- Man In The Middle (MITM)
Network Spoofer is another nice app that lets you change the website
on other people’s computer from your Android phone. Download the Network
Spoofer app and then log onto the Wi-Fi network. Choose a spoof to use
with the app then tap on start. This app is considered as a malicious
hacking tool by network administrators. So, don’t try on unauthorized
networks. This is not a penetration testing app. It’s just to
demonstrate how vulnerable the home network is. Download this app from sourceforge
Network Discovery is a free app for the Android device. The good
thing is that the app doesn’t need a rooted device. This app has a
simple and easy to use interface. It views all the networks and devices
connected to your Wi-Fi network. The application identifies the OS and
manufacturer of the device. Thus the app helps in information gathering
on the connected Wi-Fi network. Download app from Google Play
DroidSheep is a session hijacking tool for Android devices. This is
an app for security analysis in wireless networks. It can capture
Facebook, Twitter, and LinkedIn, Gmail or other website accounts easily.
You can hijack any active web account on your network with just a tap
by using the DroidSheep app. It can hijack any web account. This app demonstrates the harm of using any public Wi-Fi.
Download this app from here
5. DroidSheep Guard
DroidSheep Guard is another Android app that also developed
Droidsheep. This app does not require a rooted device. This app monitors
Android devices’ ARP-table and tries to detect ARP-Spoofing attack on
the network performed by DroidSheep, FaceNiff and other software.
Download DroidSheep Guard from Google Play
6. WPScan
WpScan is the WordPress vulnerability scanner for Android devices.
This nice app is used to scan a WordPress based website and find all the
security vulnerabilities it has. WPScan also has a desktop version of
the app that is much powerful than the Android app. We know that
WordPress is one of the most popular CMS and is being used by millions
of websites. The Android version of the app comes with few nice features. The app
was released on Google Play but Google removed the app. The full source
code of the app is available from Github. One thing to note that WPScan
Android app is not related to the desktop version of WPScan. So, never
think it as an official WPScan app.
WebSecurify is a powerful web vulnerability scanner. It’s available
for all popular desktops and mobile platforms. It has a powerful crawler
to crawl websites and then attack it using pre-defined patterns. We
have already covered it in detail in our previous article. You can read
the older article for better understanding.
8. Network Mapper
Network Mapper is a fast scanner for network admins. It can easily scan
your network and export the report as CVS to your Gmail. It lists all
devices in your LAN along with details. Generally, the app is used to
find Open ports of various servers like FTP servers, SSH servers, SMB
servers etc. on your network. The tool works really fast and gives
effective results.
Download Network Mapper from Google Play Store
If you are connected to a wi-Fi network and you want to access the
router of the network, you can use Router Bruteforce ADS 2 app. This app
performs Bruteforce attack to get the valid password of the router. It
has a list of default passwords that it tries on the router. Most of the
time, the app cracks the password. But you cannot be 100% sure in
Bruteforce attack. It comes with a sample txt file which contains 398 default passwords
used in different routers. You can add more passwords in the list. But
there is one limitation. This app only works with dictionary file of
less than 5 MB. And try it only when you have good Wi-Fi signal. This is
an experiment app and the developer also warns users to try at own
risk.
Download Router Bruteforce ADS 2 from Google Play
AppUse Virtual Machine is developed by AppSec Labs. It’s a freely
available mobile application security testing platform for Android apps.
This android penetration testing platform contains custom made tools by
AppSec Labs. This penetration testing platform is for those who are going to start
penetration testing of Android applications. All you need is to
download the AppUse Virtual Machine and then load the app for testing.
The app comes with most of the configuration. So, you do not need to
install simulators, testing tools, no need for SSL certifications of
Proxy. Thus, the tool gives ideal user experience. In other words, you
can say that AppUse Virtual Machine is Backtrack for Android apps. As we
know that world is moving towards apps, AppUse VM has a good scope in
future. We see how Android users face attacks and these cyber-attacks
are growing. So, it is important for all Android app developers to test
their apps for various kinds of vulnerabilities. Download AppUse Virtual machine
Source : http://resources.infosecinstitute.com
Thanks for visit my blog
Regards,
Eko A. Anggriawan
