Security researchers have long maintained that malware is a problem on Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, häçkers with malicious intent can do much more than send ρrémíùm text messages. In this post, we will see various apps for web application penetration testing, network penetration testing, sniffing, networking ha cking and Android apps penetration testing.
H@ck code
H@ckode : The häçker’s Toolbox is an application for penetration tester, Ethical häçkers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
This Application contains different tools like:
This Application is still in beta version
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool). Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
Available functionalities:
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
Options include:
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)
DroidSheep is not intended to s†éál identities or endamage anybody, but to show the weak security of non-ssl webservices
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
Features
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools.
Features
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you have any problems/suggestions.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?” Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with multiple modules that allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
drozer (formerly You do not have permission to view the full content of this post. Log in or register now.) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Neopwn is an advanced penetration testing and radio frequency auditing platform designed to run on mobile phones and tablets. We were the first to ever release a security auditing distribution for a mobile phone, and we continue to push the envelope in supporting the latest bleeding-edge tools and hardware.
Several options exist for local and remote control of the Neopwn system, including:
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all your apps – even hundreds of them – to harvest their behavioral data, analyze their run pattern, and at the same time provide an interface to facilitate a vast majority of evolving security tests with most practical solutions?
Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Reverse engineering, Malware and goodware analysis of Android applications … and more
Features:
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Nicknamed as the “Smartphone Version of Backtrack”, Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat… etc). All these fitting in an application approx. 10MB (post installation).
Features
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through smarthphone or tablet.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don’t need to worry about finding tools. There are more then 60 tools and scripts and it is free.
--------------------------------------------------------------------------------------------------------------------------------------
a friendly note:
I'm just providing some useful info. i.e link, tools, apk, pictures, etc. and i'm not gonna give you a specific tutorial (search on your own). what i gonna do is giving some hint, or a what we say a first step and the rest is up to you. Thank you sa mga nag-fofollow, likes, mostly sa nagpapasalamat.
____________________________________________________________________________________
Godbless us always
+
:>= Grayman11=<:
H@ck code
H@ckode : The häçker’s Toolbox is an application for penetration tester, Ethical häçkers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
This Application contains different tools like:
- Reconnaissance
- Google H acking
- Google Dorks
- Whois
- Scanning
- Ping
- Traceroute
- DNS lookup
- IP
- MX Records
- DNS Dig
- Exploits
- Security Rss Feed
This Application is still in beta version
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool). Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
Available functionalities:
- Get contacts (and all theirs informations)
- Get call logs
- Get all messages
- Location by GPS/Network
- Monitoring received messages in live
- Monitoring phone state in live (call received, call sent, call missed..)
- Take a picture from the camera
- Stream sound from microphone (or other sources..)
- Streaming video (for activity based client only)
- Do a toast
- Send a text message
- Give call
- Open an URL in the default browser
- Do vibrate the phone
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:
- CFG
- Call Graph
- Static Instrumentation
- Permission Analysis
- Dalvik codes
- Smali codes
- Java codes
- APK Information
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:
- Hashes for the analyzed package
- Incoming/outgoing network data
- File read and write operations
- Started services and loaded classes through DexClassLoader
- Information leaks via the network, file and SMS
- Circumvented permissions
- Cryptography operations performed using Android API
- Listing broadcast receivers
- Sent SMS and phone calls
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
Options include:
- Network Map
- Port Discovery
- Packet Manipulation
- Sniffer
- MITM (Man in the Middle filters)
- DoS (Pentest DoS vulnerabilities)
- Password Complexity Audit
- Penetrate CSE to check server/desktop vulnerabilty
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)
DroidSheep is not intended to s†éál identities or endamage anybody, but to show the weak security of non-ssl webservices
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
Features
- WiFi *****ing
- RouterPWN
- Trace
- Port Scanner
- Inspector
- Vulnerability finder
- Login *****er
- Packet forger
- Man in the middle
- Simple sniff
- Password sniff
- Session Hijacker
- Kill connections
- Redirect
- Replace images
- Replace videos
- Script injector
- Custom filter
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools.
Features
- New Application Data Section
- Tree-view of the application’s folder/file structure
- Ability to pull files
- Ability to view files
- Ability to edit files
- Ability to extract databases
- Dynamic proxy managed via the Dashboard
- New application-reversing features
- Updated ReFrameworker tool
- Dynamic indicator for Android device status
- Bugs and functionality fixes
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.:
Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you have any problems/suggestions.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?” Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with multiple modules that allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
drozer (formerly You do not have permission to view the full content of this post. Log in or register now.) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Neopwn is an advanced penetration testing and radio frequency auditing platform designed to run on mobile phones and tablets. We were the first to ever release a security auditing distribution for a mobile phone, and we continue to push the envelope in supporting the latest bleeding-edge tools and hardware.
Several options exist for local and remote control of the Neopwn system, including:
- Android-based control panel application for system management
- Desktop interface via VNC, for full X windows programs
- Shell access with native Android terminal emulation applications
- Quick application access with native Android desktop icon launchers
- Remote access through VPN and SSH
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all your apps – even hundreds of them – to harvest their behavioral data, analyze their run pattern, and at the same time provide an interface to facilitate a vast majority of evolving security tests with most practical solutions?
Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Reverse engineering, Malware and goodware analysis of Android applications … and more
Features:
- Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
- Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
- Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
- Access to the static You do not have permission to view the full content of this post. Log in or register now. of the code (basic blocks, instructions, permissions (with database from You do not have permission to view the full content of this post. Log in or register now.) …) and create your own static analysis tool,
- Analysis a bunch of android apps,
- Analysis with ipython/Sublime Text Editor,
- You do not have permission to view the full content of this post. Log in or register now. of android applications,
- You do not have permission to view the full content of this post. Log in or register now. the efficiency of obfuscators (proguard, …),
- You do not have permission to view the full content of this post. Log in or register now. if your application has been pirated (plagiarism/similarities/rip-off indicator),
- Check if an android application is You do not have permission to view the full content of this post. Log in or register now. in a database (malwares, goodwares ?),
- Open source You do not have permission to view the full content of this post. Log in or register now. of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
- Detection of ad/open source librairies (WIP),
- Risk indicator of malicious application,
- You do not have permission to view the full content of this post. Log in or register now. engineering of applications (goodwares, malwares),
- You do not have permission to view the full content of this post. Log in or register now. Android’s binary xml (like AndroidManifest.xml) into classic xml,
- You do not have permission to view the full content of this post. Log in or register now. your application with You do not have permission to view the full content of this post. Log in or register now. (gexf format), or with You do not have permission to view the full content of this post. Log in or register now. (xgmml format), or PNG/DOT output,
- Integration with external decompilers (JAD+dex2jar/DED/…)
- ….
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Nicknamed as the “Smartphone Version of Backtrack”, Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat… etc). All these fitting in an application approx. 10MB (post installation).
Features
- All Web Vulnerability Scanners including:
- SQL injection scanner
- XSS scanner
- DDOS scanner
- CSRF scanner
- SSL misconfiguration scanner
- Remote and Local File Inclusion (RFI/LFI) scanners
- Useful utilities such as:
- WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool,
- Forensic tools (in imlementation) such as malware analyzers, hash *****ers, network sniffer, ZIP/RAR password finder, social engineering toolset, reverse engineering tool
- Vulnerability research lab (sources include: Shodan vulnerability search engine, ExploitSearch, Exploit DB, OSVDB and NVD NIST
- Self scan and Defence tools for your Android phone against vulnerabilities
- Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and USB in implementation)
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through smarthphone or tablet.
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don’t need to worry about finding tools. There are more then 60 tools and scripts and it is free.
--------------------------------------------------------------------------------------------------------------------------------------
a friendly note:
I'm just providing some useful info. i.e link, tools, apk, pictures, etc. and i'm not gonna give you a specific tutorial (search on your own). what i gonna do is giving some hint, or a what we say a first step and the rest is up to you. Thank you sa mga nag-fofollow, likes, mostly sa nagpapasalamat.
____________________________________________________________________________________
Godbless us always
+
:>= Grayman11=<:
Attachments
-
You do not have permission to view the full content of this post. Log in or register now.