Today ( courtesy of this blog )we see about some top Android Apps for hacking. That’s right, you can hack stuff right from your phone… if you know how.The world is changing and now you can bring some of your hack skills wherever you go. Of course, this list is provided for purposes of education and awareness only.
Program Name : The Android Network Toolkit
Official Site : http://www.zimperium.com/
Program’s Goal : Make a multi-featured well-rounded penetration testing tool.
Google Play : N/A
Demonstration :
Features – Click to Enlarge
ZImperium LTD is proud to annonce Android Network Toolkit – Anti.
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti
Using Anti is very intuitive – on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an ‘Active device’, Yellow led signals “Available ports”, and Red led signals “Vulnerability found”. Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them.
Program Name : Pamn IP Scanner
Official Site : http://nmap.wjholden.com/
Program’s Goal : Make an IP and Port Scanner like Nmap
Google Play : https://play.google.com/store/apps/details?id=com.wjholden.nmap
Demonstration :
Pamn IP Scanner (or PIPS) was formerly titled “Nmap for Android.” Fyodor, the inventor of Nmap, asked the creator to change the name and icon to reduce user confusion.
This app is simply a wrapper around a cross-compiled Nmap binary built for your Android phone.
FAQ
This app is simply a wrapper around a cross-compiled Nmap binary built for your Android phone.
FAQ
- Q: I want to run Nmap myself from a terminal. Where are the binaries?
A: The binaries are (usually) saved in /data/data/com.wjholden.nmap/bin/. - Q: Is this a GPL violation?
A: I’m not a lawyer, but I don’t think so. My sources are freely available and also licensed by the GPL. You are free to modify and redistribute my code provided you share those changes back, IAW the GPL. Free software is not always zero cost. - Q: Where is the source code?
A: Distributing source code along with Android applications is a bit impractical. Download the source code from http://nmap.wjholden.com/src/. - Q: Wait, you’re not Fyodor!
A: This is NOT an official release from http://nmap.org, this is simply a front-end that calls to a precompiled Nmap binary. - Q: Do I need root?
A: No! You can use this program with or without root, although there are a few advantages to having root. I’ve seen a few problems with -O for Operating System fingerprinting (this would happen on desktop Linux as well). Non-root users will usually need to use the –system-dns argument. - Q: What’s up with Atrix?
A: I don’t know why, but this program has never worked with the Motorola Atrix, despite extensive efforts toward compatibility. - Q: Is NSE supported?
A: No, NSE/LUA are not supported for now, but it’s definitely on the radar for a future revision. Some command-line arguments will not be available until then.
Program Name : FaceNiff
Official Site : http://faceniff.ponury.net/
Program’s Goal : Session Hijacker for Android
Google Play : N/A
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK) It’s kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!). *** ROOTED PHONE *** is required. Please note that if webuser uses SSL, this application won’t work.
Use with stock browser (might not work with other)
Legal notice: this application is for educational purposes only. Do not try to use it if it’s not legal in your country.
Legal notice: this application is for educational purposes only. Do not try to use it if it’s not legal in your country.
Program Name : AnDOSid
Official Site :https://code.google.com/p/rootandroidphones/downloads/detail?name=AnDOSid_chichan47.apk&can=2&q=
Program’s Goal : Denial of Service Tool for Android
Google Play Store : N/A
Demonstration :
A Denial of Service attack is when you flood a site or service with so many packets it can’t keep up.
AnDOSid is designed for security professionals only! AnDOSid tag’s posts with two unique numbers which relate to the Android device that sent the request. AnDOSid allows security professionals to simulate a DOS attack (A http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.
Program Name : dSploit
Official Site : http://www.dsploit.net/
Program’s Goal : Network analysis and Penetration Suite on Android
Demonstration:
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, performman in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behavior until then, in any case, feel free to submit an issue on GitHub.(from: Official site)
Program’s Name : Droid Sheep
Official Site : http://droidsheep.de/
Program’s Goal : Session hijacking (generally Facebook Hacking)
DroidSheep‘s main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep, any user – even without technical experience – can check if his/her websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
Program’s Name : Network Spoofer
Official Site : http://digitalsquid.co.uk/netspoof/
Program’s Goal : Network Analysis and Penetration Suite Platform
Network Spoofer lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start. Please note that there is no intention for Network Spoofer to include any malicious features. This application is a fun demonstration of how vulnerable home networks are to simple attacks, with permission of the network owner – DO NOT attempt to use Network Spoofer on any corporate or other non-residential networks (eg. at school, university). It becomes very obvious when Network Spoofer is being used on a Network, and use of Network Spoofer will be considered malicious hacking by network administrators.(from: Official site)
