For any IT Security Enthusiastic , Android Penetration Testing has always been a topic of intrest . The number of Android Users is ever increasing and has crossed the number of Computer users far back . Android supports many penetration testing tools within itself for the IT security reseach analysts to perform the penetration tests from the mobile devices themselves . Well if penetration testing is possible by using the Android Smartphones , then who would care to carry bulky system to various locations to carry out your penetration testing. Penetration testing requiers the involvement of the person into their system, but by using your Android Smartphone, you can perform it at any location in the best way you can at any time.
List of Penetration testing Applications for the Android OS
Networking Testing Applications for Android
Reading: Best pen testing apps for android
Port Scanner: This Application allows the penetration tester to scan ports on a remote host via its IP or domain name (in case of a website) so you can know which ports are open on the host. The Application supports 3G network , protocol recognition among other features .
Fing: Fing is a professional App for network analysis. A simple and intuitive interface helps you evaluate security levels, detect intruders and resolve network issues. It helps you to find out which devices are connected to your Wi-Fi network, in just a few seconds.
Network Discovery: Network Discovery Application is quiet similar to Fing. This Application is used for the Live host discovery and works as a port scanner for a local area network as well.
tPacketCapture: tPacketCapture does packet capturing without using any root permissions. tPacketCapture uses VpnService provided by Android OS. Captured data are saved as a PCAP file format in the external storage.
Droidsheep: Droidsheep Android application is written by Andrew Koch. It works as a session hijacker for non-encrypted sites and allows you to save cookies files/sessions for later analysis. It is no longer available from the developer’s site i.e. droidsheep.de , however you can still find it on freeweb hosting sites uploaded in the groups . Download and Install at your own risk .
FaceNiff: FaceNiff is an app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private network.
These applications gives the Penetration Tester the liberty to do major network security analysis with just the Android phone .
Nessus: Nessus the most popular penetration testing tool that is used to perform vulnerability scans with its client/server architecture. Nessus Android app can perform following tasks.
Shark for Root: Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump, use WireShark or similar software, to preview dump on phone, use Shark Reader.
PacketShark: This is a packet sniffer application. Features include friendly capture options interface, filter support, live capture view, and Dropbox upload of captured files. It allows viewing of the captured packets — no need to install other application as a viewer.
DroidSQLi: DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.
DroidSQLi supports the following injection techniques:
It automatically selects the best technique to use and employs some simple filter evasion methods.
Sqlmapchik: sqlmapchik is a cross-platform sqlmap GUI for the popular sqlmap tool. It is primarily aimed to be used on mobile devices. The easiest way to install sqlmapchik on an Android device is to download it from Google Play.
dSploit: dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive host’s operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing, real time traffic manipulation, etc.
These are the available modules in the app:
Revenssis Penetration Suite: Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security.
zANTI: zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.
OpenVPN: OpenVPN Connect is the official full-featured Android VPN client for the OpenVPN Access Server, Private Tunnel VPN and OpenVPN Community, developed by OpenVPN Technologies, Inc.
Orweb: Orweb is the most privacy-enhancing web browser on Android for visiting any website, even if it’s normally censored, monitored, or on the hidden web. Orweb is the safest browser on Android. Orweb evades tracking and censorship by bouncing your encrypted traffic several times through computers around the world, instead of connecting you directly like VPNs and proxies. This process takes a little longer, but the strongest privacy and identity protection available is worth the wait.
- Orweb bypasses almost every kind of network restriction.
- Orweb does not store any information about the websites you visit.
- You can prevent sites you visit from installing any cookies (which could track your web activities), allow them selectively, or allow any site to create cookies.
- Orweb is opensource.
- Orweb attempts to prevent Flash from loading on sites you visit, blocking many common security threats.
- Orweb is available in: Arabic, Chinese, Dutch, English, Esperanto, Farsi, French, German, Hungarian, Italian, Norwegian, Russian, Spanish, Swedish and Tibetan.
Due to the rapid increase in the Android Operating System , these tools and applications come quiet in handy while penetration testing . Achieve anonimity and perform web application Assessments on a Palm size Androis Smart Phone, a dream come true for the penetration testers .
Discalimer : Penetration testing without authorisation is punshable offence in Law . This artical is meant for the educational purposes only .