+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Hacking Tools (https://sinister.ly/Forum-Hacking-Tools)
+--- Thread: [Mobile] Android Pentesting Tool List (/Thread-Mobile-Android-Pentesting-Tool-List)
[Mobile] Android Pentesting Tool List - Syst3m32 - 06-28-2014
Note: Most to All of these Tool's Require a Rooted Device.
ANTI - The Android Network Toolkit
In the last Defcon conference a new tool has been released by a security researcher and the tool is called “The Android network toolkit”. The has been developed for penetration tester and ethical hackers to test any network and vulnerabilities by using their mobile phones. This toolkit contain different apps that will help any hacker to find vulnerabilities and possibly exploit it. The company behind the app is an Israeli security firm called Zimperium.
ANTI Download: http://apps.opera.com/us_opx/download_0/3rht0b83cditts50oeig6a50f0/0/xx/53033141051e4d4a4e19583_35280238/anti_android_network_toolkit.apk
NMAP - For Android
Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good.
NMAP Download: https://code.google.com/p/anmap/downloads/detail?name=anmap.apk
FaceNiff - Facebook Session Hijacker
Your Facebook account is at risk, just like a Firesheep (for firefox hacking) there is a FaceNiff for hijacking the session of famous social networking websites includes facebook and twitter. FaceNiff is developed by Bartosz Ponurkiewicz who created Firesheep before but faceniff is for android OS.
FaceNiff Download: http://www.tusfiles.net/yektcp0faqsq
SSHDroid - Android Secure Shell
Secure shell or SSH is the best protocol that provides an extra layer of security while you are connecting with your remote machine.SSHDroid is a SSH server implementation for Android.
This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell").
SSHDroid Download: https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en
AndroRAT - The Unique Remote Admin Tool for Android
AndroRat is a remote administration Android tool.
you can bind this spyware tool with the other android application and ask the victim to download this app. It can read all messages, contacts, records and acall without knowing of the user.
Andro RAT Download: https://github.com/DesignativeDave/androrat
dSploit - Penetration Suite
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behavior until then, in any case, feel free to submit an issue on GitHub.(from: Official site)
dSploit Download: http://www.dsploit.net/download/
Droid Sheep - The Session Hijacker
DroidSheep‘s main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep, any user – even without technical experience – can check if his/her websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
Droid-Sheep Download: droidsheep.de
LOIC - Low Orbit Ion Canon
An unofficial port of the Low Orbit Ion Cannon (LOIC) software used for flooding packets; Now on mobile! Simply lock on to a target IP and FIRE!
LOIC Download: https://play.google.com/store/apps/details?id=genius.mohammad.loic
ANTI - The Android Network Toolkit
In the last Defcon conference a new tool has been released by a security researcher and the tool is called “The Android network toolkit”. The has been developed for penetration tester and ethical hackers to test any network and vulnerabilities by using their mobile phones. This toolkit contain different apps that will help any hacker to find vulnerabilities and possibly exploit it. The company behind the app is an Israeli security firm called Zimperium.
ANTI Download: http://apps.opera.com/us_opx/download_0/3rht0b83cditts50oeig6a50f0/0/xx/53033141051e4d4a4e19583_35280238/anti_android_network_toolkit.apk
NMAP - For Android
Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good.
NMAP Download: https://code.google.com/p/anmap/downloads/detail?name=anmap.apk
FaceNiff - Facebook Session Hijacker
Your Facebook account is at risk, just like a Firesheep (for firefox hacking) there is a FaceNiff for hijacking the session of famous social networking websites includes facebook and twitter. FaceNiff is developed by Bartosz Ponurkiewicz who created Firesheep before but faceniff is for android OS.
FaceNiff Download: http://www.tusfiles.net/yektcp0faqsq
SSHDroid - Android Secure Shell
Secure shell or SSH is the best protocol that provides an extra layer of security while you are connecting with your remote machine.SSHDroid is a SSH server implementation for Android.
This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell").
SSHDroid Download: https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en
AndroRAT - The Unique Remote Admin Tool for Android
AndroRat is a remote administration Android tool.
you can bind this spyware tool with the other android application and ask the victim to download this app. It can read all messages, contacts, records and acall without knowing of the user.
Andro RAT Download: https://github.com/DesignativeDave/androrat
dSploit - Penetration Suite
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behavior until then, in any case, feel free to submit an issue on GitHub.(from: Official site)
dSploit Download: http://www.dsploit.net/download/
Droid Sheep - The Session Hijacker
DroidSheep‘s main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep, any user – even without technical experience – can check if his/her websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
Droid-Sheep Download: droidsheep.de
LOIC - Low Orbit Ion Canon
An unofficial port of the Low Orbit Ion Cannon (LOIC) software used for flooding packets; Now on mobile! Simply lock on to a target IP and FIRE!
LOIC Download: https://play.google.com/store/apps/details?id=genius.mohammad.loic
RE: [Mobile] Android Pentesting Tool List - loading... - 07-03-2014
Zanti fails. Kali linux is way better and free
LOIC is useless unless you have 100 people with you.
Droidsheep has too many defenses against it now its useless
DSploit is decent but again useless if you put kalu linux on your device
AndroRat is too unstable but is somewhat decent
SSH droid is decent enough.
Nmap for droid is pointless as it costs money, and there's better ad free free scanners
Decent list though.
RE: [Mobile] Android Pentesting Tool List - Fiber - 07-06-2014
Nice list thanks for sharing it!