The best hacking software to hack from a smartphone
- Hacking programs for hacking from a smartphone
- Web Asset Scanners for Android
- Kayra the Pentester Lite
- DroidSQLi
- Droidbug Admin Panel Finder FREE
- Harvesters for hacking from a smartphone
- cSploit
- dSploit
- zAnti
- JS-sniffers to intercept traffic on Android
- Intercepter-NG
- Packet Capture
- Auxiliary hacking tools for Android
- WPSApp
- WiFiAnalyzer
- Fing
- NetCut
- Reference books and search engines for a pentester
- Droidbug Exploiting FREE
- Pentest Cheatsheet
- Instead of conclusions
A pentest or simply penetration tests is a legal way to engage in real hacking, and even get paid for it. Advanced security audits are usually performed on a laptop with Kali Linux and specific hardware, but many security flaws are easy to spot with a regular smartphone and tablet. In this article, we will look at 14 hacking apps that will allow you to perform a pentest using Android without pulling out your laptop.
More on the topic: Making the most sophisticated hacker smartphone
From the mountains of junk, garbage and outright fakes, which in the Android world are passed off as "hacker software", we tried to dig up the most interesting, advanced and useful tools that you will learn about next, but first a disclaimer!
The article is written for research purposes. All information is for informational purposes only. Neither the author of the article, nor the administration is responsible for the illegal use of the programs mentioned in the article.
Hacking programs for hacking from a smartphone
All hacker apps for Android are divided into several groups:
Web Asset Scanners for Android
Let's start the review of smartphone hacking software with the most important thing, namely web application scanners. Here we have three applications that will allow you to find open admin panels, root the password, test the site for XSS vulnerabilities, the possibility of SQL injections, create directory listings, and much more.
Kayra the Pentester Lite
Kayra the Pentester Lite, a mobile web application vulnerability scanner, searches for typical errors in the configuration of a specified web server and tries to get a directory listing (usually successfully). Additional tools include a hash generator and an AES decryptor.
The application has simple and intuitive settings. Supports HTTPS and verifies TLS validity. Can search for XSS, brute CGI, and perform dictionary attacks. It can work in the background and in multi-threaded mode. Contains the Google Hacks database and automatically detects known vulnerabilities.
A detailed report is generated for each item marked in the scan settings. The screenshot shows only a small part of it. The free version is quite functional, but sometimes annoying with ads. The paid version has no ads and restrictions, its cost at the time of writing this article is 159 rubles.
DroidSQLi
The next hacking program for Android is DroidSQLi. The DroidSQLi application scans websites for vulnerabilities to SQL injection in four varieties:
Time-based SQL injection is the formation of additional queries that cause the DBMS to be suspended for a certain time, which makes character-by-character data extraction possible.
The DroidSQLi utility automatically selects the injection method, and also uses techniques to bypass query filtering.
To start testing the site, you need to manually find the entry point. This is usually a web page address that contains a request like ?id=X or ?p=X, where X is a positive integer. In our example, the payload for the id parameter looks like this:
There are a lot of sites on the Internet that are vulnerable to SQL injections. I think you can easily find a few of these just by looking at your browser history.
Droidbug Admin Panel Finder FREE
The next smartphone hacking tool is the Droidbug Admin Panel Finder FREE utility. The application searches for admin panels by default addresses of different CMSs. The result of its work does not always correspond to the real state of affairs, since IDS and WAF are installed on popular web servers. They block the brute-force URL or redirect it to a honeypot (trap), which responds with HTTP 200 OK to all requests, and collects information about the attacker.
However, on less popular security sites, everything is very dreary, and a valid admin panel is found in a matter of seconds. In the paid version, which costs 139 rubles, ads have been removed and the ability to search by a mixed template for sites with PHP/ASP/CGI/CFM/JS support has been unblocked.
Harvesters for hacking from a smartphone
The internet isn't just made up of web applications, and it's not just web applications that find holes. The following selection of hacker apps for Android will allow you to search for vulnerabilities (and exploits for them) in software and hardware, perform sniffing, MITM attacks, leave backdoors, and do many other interesting things.
cSploit
cSploit is one of the most powerful tools for scanning networks and finding vulnerabilities on detected hosts. Maps the network and displays information about all devices found in the network. It can identify their IP/MAC and vendor (by the first three octets of the MAC address), determine the OS installed on them, search for vulnerabilities using the Metasploit framework RPCd, and brute force passwords.
Performs MITM attacks of various types through DNS spoofing (it is possible to replace media files in traffic on the fly, JS injections, session hijacking, and cookie capture for authorization without entering a password). It can also connect individual devices (or disconnect them en masse from the access point). Intercepts traffic and stores it in .pcap format or redirects it wherever you want.
cSploit contains a tool for creating and sending any TCP/UDP packet to the selected host. Following the link, hacking a router redirects to an online service for selecting and exploiting vulnerabilities for a specific model. The database stopped being updated in 2015, but it is still relevant. In my brief test on an ASUS router that has been released since late 2016, a vulnerability first described in 2009 was found in the latest firmware (April 2018).
In addition, cSploit helps you create a remote shell on a compromised security audited host and gain full control over it. In general, this is an unequivocal must-have for pentesters, and not only for them.
cSploit, Intercepter-NG, and other powerful utilities deserve a more detailed discussion in separate articles. We suggest that you first get used to the basic principles of pentest using simple applications as an example, and only then move on to hardcore.
dSploit
A fork of cSploit by Simone Margaritelli, which was ordered to live long in 2014. The project remained in beta with very raw code. While cSpoit worked flawlessly for me, the last three versions of dSploit crashed almost immediately after launching.
Since Margaritelli joined Zimperium, dSploit's work has been part of zAnti's proprietary utility.
zAnti
Mobile pentest app from Zimperium. A more modern, stable and visual analogue of dSploit.
The zAnti interface is divided into two parts: scanning and MITM. In the first section, it, like dSploit and the original cSploit, maps the network, identifies all hosts, their parameters and vulnerabilities.
A separate function is the identification of vulnerabilities on the smartphone itself. According to the program's report, our test Nexus 5 contains 263 holes that will not be closed because the device has expired.
zAnti helps you hack routers and get full access to them (with the ability to change the admin password, set a different SSID, PSK, and so on). Using MITM attacks, zAnti identifies insecure elements at three levels: in the OS, applications, and device settings.
The key feature is the formation of a detailed report on all scanned elements. The report contains explanations and tips for eliminating the shortcomings found.
JS-sniffers to intercept traffic on Android
No pentester can do without a good sniffer. This is as ordinary a tool as a knife on the cook's table. Therefore, the next section of the article is dedicated to applications for intercepting and analyzing traffic.
Intercepter-NG
Intercepter-NG is an advanced sniffer focused on performing MITM attacks. Captures traffic and analyzes it on the fly, automatically identifying authorization data in it. It can save intercepted traffic in the .pcap format and analyze it later.
Among the automatically detected data formats there are passwords and hashes for the following protocols: AIM, BNC, CVS, DC++, FTP, HTTP, ICQ, IMAP, IRC, KRB5, LDAP, MRA, MYSQL, NTLM, ORACLE, POP3, RADIUS, SMTP, SOCKS, Telnet, VNC.
Intercepter-NG collects files from intercepted packets that are transferred via FTP, IMAP, POP3, SMB, SMTP, and HTTP.Like cSploit and its counterparts, Intercepter-NG uses ARP spoofing to perform MITM. It supports SSLstrip, which allows you to perform MITM attacks even with HTTPS traffic, replacing the HTTPS requests of attacked hosts with their HTTP variants on the fly through a built-in DNS proxy.
In addition, it can detect ARP spoofing against itself (useful when connecting to public hotspots) and protect against it. When you click the umbrella icon, the ARP cache is checked.
Packet Capture
A simpler and more "legal" TCP/UDP packet analyzer with the ability to intercept HTTPS sessions via MITM. It does not require root privileges because it uses Android's built-in VPN proxy and SSL certificate spoofing.
In Android 6.0.1 and later, you need to manually add the CA certificate through the app settings.
Packet Capture runs locally. It does not perform ARP spoofing, session hijacking, or other attacks on external hosts. The application is positioned as a proxy for debugging and is downloaded from the official market. It can decode packets as Text/Hex/Urlencoded, but does not yet support gzip HTTP requests.
Packet Capture makes it easy to monitor the network activity of installed applications. It shows not just the amount of traffic transmitted, but what exactly and where each program or built-in Android component sends, what packets and from which servers it receives in response. A great utility for finding Trojan bookmarks and annoying ads.
Auxiliary hacking tools for Android
If advanced pentest utilities require root and BusyBox, then simpler applications are available on the Play Store and work on any smartphone without tricks. They can't perform ARP spoofing and MITM attacks, but they are enough for scanning a wireless network, detecting hosts, and obvious security issues.
WPSApp
This program scans the air for access points with the WPS feature enabled. Having found these, she tries to try out default pins on them. There are not many of them, and they are known from the manuals of router manufacturers.
If the user has not changed the default pin and disabled WPS, then the utility at most iterates through all known values in five minutes and gets WPA(2)-PSK, no matter how long and complex it is. The wireless password is displayed on the screen and is automatically saved in the smartphone's Wi-Fi settings.
Note that some routers do not allow you to change the default Pin. Moreover, sometimes it remains enabled even if the WPS: OFF status is shown in the router's web interface. The Wifi Analyzer utility will help you find out the real state of WPS. Read more about it and WPSApp in the article "Hacking Wi-Fi from a smartphone".
Since that article came out, WPSApp has been updated and improved in every way. She knows more pins from different vendors, iterates through them faster, and has learned how to brute force in new modes. The utility works on both rooted and rootless smartphones. It has many analogues, but all of them are much less effective.
WiFiAnalyzer
Open source and free Wi-Fi scanner. A very convenient utility for detecting access points (including hidden ones), finding out their parameters (MAC, vendor, channel, encryption type), estimating the signal strength and distance to them. Distance from the router is calculated using the line-of-sight formula, so it is not always accurate enough.
WiFiAnalyzer allows you to visualize the situation on the air, filter targets by signal strength, SSID, frequency used (2.4/5 GHz) and type of encryption. You can also manually determine the least noisy channel using two types of graphs: regular and time-consuming.
In short, WiFiAnalyzer is the place to start your wireless network reconnaissance. Searching for targets with certain parameters will save a lot of time when working with advanced utilities.
Fing
Often, the functionality of hacking tools overlaps with the capabilities of quite legal tools that system administrators use to set up networks.
is one such tool. It quickly scans the Wi-Fi network you've managed to connect to (e.g. using WPSApp) and identifies all hosts. This can be used to check your own wireless network for unauthorized access, but you must admit that it is much more interesting to explore unfamiliar networks.
performs advanced analysis of NetBIOS, UPNP, and Bonjour names, so it can more accurately identify device types and show more device properties. The ping and tracerout utilities are integrated into. It can also send WOL (Wake on LAN) requests, remotely waking up "sleeping" devices that support this function.
automatically detects open ports and their associated services. When it detects SMB, SSH, FTP and other things, offers to connect to them by calling external programs from its menu. If the corresponding utility (for example, AndSMB) is not installed, opens a link to download it.
Additional features of the program are unlocked after registering a Burning account. With it, you can perform an inventory of devices and networks. Even more features are unlocked with the purchase of a hardware Fingbox. It can monitor the connection of uninvited guests and selectively block their devices, as well as check the Internet connection for typical problems and automatically fix them.
NetCut
The app detects all client devices on the wireless network, and then uses ARP spoofing to selectively disable them or cut off communication for everyone but itself. And then you can download files at full speed somewhere in a café, watching how other visitors suffer.
Joke! It's uncivilized to do this, but why shouldn't you quickly kick an intruder without getting into the router settings? Not only can you cut off the connection for any host, but you can constantly block its attempts to connect to the access point until it changes its MAC address (see the Jail tab).
If someone tries to make such a feint on your device, NetCut will detect ARP cache poisoning and clear it (see NetCut Defender). For a dollar per month, you can get a Pro account, remove ads and restrictions.
Reference books and search engines for a pentester
Finally, let's talk about a couple of useful utilities that are not directly related to hacking, but rather perform an auxiliary and informational function.
Droidbug Exploiting FREE
App from Bugtraq Team. It is designed to search for and download exploits of various types. All of them are grouped by OS type in two main sections: local and remote execution. A separate group includes hardware and web exploits, as well as those used in DoS attacks.
You can find and download the desired exploit from the free version of the program, and to quickly view the description, you will need a paid version that costs 279 rubles.
Pentest Cheatsheet
Pocket guide of the pentester. Contains recommendations for performing tests from OWASP (The Open Web Application Security Project), experts in the Open Web Application Security Project.
In addition, it includes a selection of links to proven hacking tools, grouped based on the task at hand: online scanners, vulnerability analyzers, reverse tools, fuzzers, crawlers, and so on. All information is well systematized and looks up-to-date at the time of writing.
Don't let technological challenges hold you back. Take advantage of Redfish-IA VEN expertise and reliable support to keep your business thriving. Contact us today to schedule a consultation and experience the difference that top-notch IT services can make!
Website:
https://redfishiaven.tech/
Phone: [+233-541-625-812]
Email: redfishiaven@proton.me
Don't let your computers "sink" - let Redfish-IA VEN keep you afloat!
Comments
Post a Comment