Seth Roberts Jersey  Android – Apisylux
I-8 Markaz, Islamabad, Pakistan +92-313-1523538
Android, Linux

Android is most commonly used operating system in mobile devices and tablets and rarely in PC Computers. Android development has been on top since long. That gave it a power to do nearly as many of task as a computer can do. Where development was never ended for Android OS, large variety of tools are available. Following are some of Android Penetration Testing Tools.

Android Penetration Testing Tools:

Most of the tools need rooted device to be fully functional.

1. AndroRAT

By successfully running the tool one can get the following details of the victim.

  • Get contacts (and all theirs informations)

  • Do vibrate the phone

  • Get call logs

  • Open an URL in the default browser

  • Get all messages

  • Send a text message

  • Location by GPS/Network

  • Do a toast

  • Monitoring received messages in live

  • Streaming video (for activity based client only)

  • Monitoring phone state in live (call received, call sent, call missed..)

  • Stream sound from microphone (or other sources..)

  • Take a picture from the camera

2. Hackode

Hackode is the hacker’s Toolbox that is used for penetration testing, Ethical hacking, IT administration and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

This Application contains different tools like:

  • Reconnaissance

  • Google Hacking

  • Google Dorks

  • Whois

  • Scanning

  • Ping

  • Traceroute

  • DNS lookup

  • IP

  • MX Records

  • DNS Dig

  • Exploits

  • Security Rss Feed

This Application is still in beta version. Full version will be releasing soon with some more better tools and utilities.

3. APKInspector

APKinspector is a powerful GUI tool for analysts to analyze the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:

  • CFG
  • Call Graph
  • Static Instrumentation
  • Permission Analysis
  • Dalvik codes
  • Smali codes
  • Java codes
  • APK Information

4. zANTI

zANTI is a mobile penetration testing toolkit and Ultimate hackers tool that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network. Uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans. 

zANTI enables Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and metasploit.

It highlights security gaps in your existing network and mobile defenses and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.

5. Droid Sheep

DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts. It Requires root.

6. Dsploit

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack log on procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . It’s still in beta stage, so unexpected behavior could happen.

7. AppUse

AppUse is a VM (Virtual Machine) developed by AppSec Labs. It is a unique platform for mobile application security testing in the Android environment, and includes exclusive custom-made tools created by AppSec Labs. As pentesters, we all know that there are a lot of commands, scripts, and tools that we use during Android penetration testing. It can be tedious to navigate from the OS to the Android shell, pull and push files, and perform our tests via CLI. This is exactly why built the AppUse dashboard! It will allow you work faster, be more effective, get higher quality results and save precious time!


Tips & Tweaks
Whatsapp is becoming the most popular messenger in today’s era. It is attracting people attention because of so many reasons. That includes Performance, Media transfer, Data optimization and Disk space optimization. One of the main reason is its security. Whatsapp is securing its data on the network and data on device on daily basis. Where many of humans still want to decrypt the database stored on device for some own purposes. This guide will show how to decrypt Whatsapp database on non-rooted devices.

Decrypt whatsapp database:

Whatsapp database is encrypted using an encryption key that is stored on Android system folder. Where that folder is not accessible to normal users. To get that key, you need to root your android device. That can also violate security of device and can also void warranty. Most of the guides will tell you to root your phone. Hence you still got a way to get that key for decryption. First of all, you need to download Whatsapp Key DB Extractor. Once downloaded, Extract package. Extracted folder contains some folders and files that contains following files too. WhatsAppKeyDBExtract.bat WhatsAppKeyDBExtract.ps1 If you’re running windows on your computer, you need to run “WhatsAppKeyDBExtract.bat”. I’m using Linux platform, so i’ll continue it that way. Hence the process is same after android connectivity. Extract package and open it. Open terminal in current directory by right clicking in folder and select “Open in Terminal”. Type ‘./’ in the terminal. Because of permissions, you might get permission denial error. But you can change permission by the following command: chmod 777’ After executing this command, type ‘./’. It will run the program as following: How to decrypt Whatsapp Database on Non-Rooted Devices After it, connect android device to your computer and enable USB Debugging on device. On connectivity, Mobile phone will prompt ask permission for your Computer MAC debugging option. By allowing it, you’ll see Following steps being performed in your terminal: How to decrypt Whatsapp Database on Non-Rooted Devices After performing steps, you’ll see on mobile. There will be a prompt for “Full Backup”, that will actually backup your whatsapp data from your mobile phone to your computer. How to decrypt Whatsapp Database on Non-Rooted Devices Enter some password for encryption of Backup and Press “Backup My Data”. Wait for few seconds to few minutes because backing up is in process. Once completed, you’ll get prompt on mobile screen and backup screen will disappear. In terminal, insert the passwordthat you used for backup in mobile phone. After inserting password, Program will start decryption of database. You need to wait for few seconds, until the decryption is in processing. How to decrypt Whatsapp Database on Non-Rooted Devices When decryption is done, there you’ll see following notification on Terminal: How to decrypt Whatsapp Database on Non-Rooted Devices Press enter and open WhatsApp Key DB Extract folder. You’ll see “Extracted” Folder. Following files will be in that folder.
  1. axolotl.db
  2. chatsettings.db
  3. msgstore.db
  4. wa.db
  5. whatsapp.cryptkey
In these files, “msgstore.db” is your decrypted database containing your chats and media tracks and “whatsapp.cryptkey” is your database encryption key. You can save key file for future use.

Cameron Jordan Authentic Jersey