Android Penetration Testing Tools
Android is most commonly used operating system in mobile devices and tablets and rarely in PC Computers. Android development has been on top since long. That gave it a power to do nearly as many of task as a computer can do. Where development was never ended for Android OS, large variety of tools are available. Following are some of Android Penetration Testing Tools.
Android Penetration Testing Tools:
Most of the tools need rooted device to be fully functional.
1. AndroRAT
By successfully running the tool one can get the following details of the victim.
Get contacts (and all theirs informations)
Do vibrate the phone
Get call logs
Open an URL in the default browser
Get all messages
Send a text message
Location by GPS/Network
Do a toast
Monitoring received messages in live
Streaming video (for activity based client only)
Monitoring phone state in live (call received, call sent, call missed..)
Stream sound from microphone (or other sources..)
Take a picture from the camera
2. Hackode
Hackode is the hacker’s Toolbox that is used for penetration testing, Ethical hacking, IT administration and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
This Application contains different tools like:
Reconnaissance
Google Hacking
Google Dorks
Whois
Scanning
Ping
Traceroute
DNS lookup
IP
MX Records
DNS Dig
Exploits
Security Rss Feed
This Application is still in beta version. Full version will be releasing soon with some more better tools and utilities.
3. APKInspector
APKinspector is a powerful GUI tool for analysts to analyze the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:
- CFG
- Call Graph
- Static Instrumentation
- Permission Analysis
- Dalvik codes
- Smali codes
- Java codes
- APK Information
4. zANTI
zANTI is a mobile penetration testing toolkit and Ultimate hackers tool that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
Uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans.
zANTI enables Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and metasploit.
It highlights security gaps in your existing network and mobile defenses and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.
5. Droid Sheep
DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts. It Requires root.
6. Dsploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack log on procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .
It’s still in beta stage, so unexpected behavior could happen.
7. AppUse
AppUse is a VM (Virtual Machine) developed by AppSec Labs. It is a unique platform for mobile application security testing in the Android environment, and includes exclusive custom-made tools created by AppSec Labs. As pentesters, we all know that there are a lot of commands, scripts, and tools that we use during Android penetration testing. It can be tedious to navigate from the OS to the Android shell, pull and push files, and perform our tests via CLI. This is exactly why built the AppUse dashboard! It will allow you work faster, be more effective, get higher quality results and save precious time!
