Android Penetration Testing Tools

Android is most commonly used operating system in mobile devices and tablets and rarely in PC Computers. Android development has been on top since long. That gave it a power to do nearly as many of task as a computer can do. Where development was never ended for Android OS, large variety of tools are available. Following are some of Android Penetration Testing Tools.

Android Penetration Testing Tools:

Most of the tools need rooted device to be fully functional.

1. AndroRAT

By successfully running the tool one can get the following details of the victim.

  • Get contacts (and all theirs informations)

  • Do vibrate the phone

  • Get call logs

  • Open an URL in the default browser

  • Get all messages

  • Send a text message

  • Location by GPS/Network

  • Do a toast

  • Monitoring received messages in live

  • Streaming video (for activity based client only)

  • Monitoring phone state in live (call received, call sent, call missed..)

  • Stream sound from microphone (or other sources..)

  • Take a picture from the camera

2. Hackode

Hackode is the hacker’s Toolbox that is used for penetration testing, Ethical hacking, IT administration and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

This Application contains different tools like:

  • Reconnaissance

  • Google Hacking

  • Google Dorks

  • Whois

  • Scanning

  • Ping

  • Traceroute

  • DNS lookup

  • IP

  • MX Records

  • DNS Dig

  • Exploits

  • Security Rss Feed

This Application is still in beta version. Full version will be releasing soon with some more better tools and utilities.

3. APKInspector

APKinspector is a powerful GUI tool for analysts to analyze the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:

  • CFG
  • Call Graph
  • Static Instrumentation
  • Permission Analysis
  • Dalvik codes
  • Smali codes
  • Java codes
  • APK Information

4. zANTI

zANTI is a mobile penetration testing toolkit and Ultimate hackers tool that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
Uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans. 

zANTI enables Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and metasploit.

It highlights security gaps in your existing network and mobile defenses and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.

5. Droid Sheep

DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts. It Requires root.

6. Dsploit

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack log on procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .

It’s still in beta stage, so unexpected behavior could happen.

7. AppUse

AppUse is a VM (Virtual Machine) developed by AppSec Labs. It is a unique platform for mobile application security testing in the Android environment, and includes exclusive custom-made tools created by AppSec Labs. As pentesters, we all know that there are a lot of commands, scripts, and tools that we use during Android penetration testing. It can be tedious to navigate from the OS to the Android shell, pull and push files, and perform our tests via CLI. This is exactly why built the AppUse dashboard! It will allow you work faster, be more effective, get higher quality results and save precious time!

Leave a Reply

Your email address will not be published. Required fields are marked *