Introduction

According to recent research, the amount of mobile phone users is larger than PC users. At the same time, the number of people who own Android phones is increasing rapidly. Android phones bring people a lot of convenience, in that it helps people do as much work as they can do on a computer, with no limitation by the location.

Android has become a need rather than luxury these days, and its popularity has increased rapidly among available smart phones. There are lots of OS which are available these days, but among all of them, Android is the best one, as it can be handled easily and also it is very easy to implement because of its open source nature.

Android App Development has become an important tool for developing mobile applications. The Software Development Kit facilitated by Android assists developers to start developing and working on the applications instantaneously, so the app can be implemented faster.

Now that penetration testing is possible by using the Android platform, there will be no need to carry your system to various locations to carry out your pen test. As we all know, penetration testing involves much involvement of the person into their system, but by using your Android phone, you can perform it at any location in the best way you can.

The following are the Android applications that you can use for penetration testing.

1. Networking Tools

Port Scanner: this tool lets you scan ports on a remote host via its IP or domain name so you can know which ports are open on the host. It supports 3G, protocol recognition, and many other features.

Fing: Fing is a professional App for network analysis. A simple and intuitive interface helps you evaluate security levels, detect intruders and resolve network issues. It helps you to find out which devices are connected to your Wi-Fi network, in just a few seconds.

Network Discovery: Network Discovery is similar to Fing. It is used for device discovery and works as a port scanner for a local area network.

tPacketCapture: tPacketCapture does packet capturing without using any root permissions. tPacketCapture uses VpnService provided by Android OS. Captured data are saved as a PCAP file format in the external storage.

Droidsheep: Droidsheep is written by Andrew Koch. It works as a session hijacker for non-encrypted sites and allows you to save cookies files/sessions for later analysis. It is no longer available from the developer’s site i.e. droidsheep.de.

FaceNiff: FaceNiff is an app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private network.

2. DOS

LOIC: LOIC is a tool for network stress testing a denial-of-service attack application. LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host.

AnDOSid: AnDOSid allows security professionals to simulate a DOS attack. AnDOSid app launched a HTTP POST flood attack, where the number of HTTP requests becomes so huge, a victim’s server has trouble responding to them all. When the server begins to rely too heavily on its system resources, it crashes.

3. Packet sniffer

Intercepter-NG: Intercepter-NG is a multifunctional network toolkit. It has functionality of several famous separate tools and moreover offers a good and unique alternative of Wireshark for Android.

The main features are:

  • network discovery with OS detection
  • network traffic analysis
  • password recovery
  • file recovery

Shark for Root: Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump, use WireShark or similar software, to preview dump on phone, use Shark Reader.

PacketShark: This is a packet sniffer application. Features include friendly capture options interface, filter support, live capture view, and Dropbox upload of captured files. It allows viewing of the captured packets — no need to install other application as a viewer.

4. Scanners

WPScan: WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. This app was developed by Alessio Dalla Piazza. Its intended use is to be for security professionals or WordPress administrators to assess the security posture of their WordPress installations. WPScan includes user enumeration and will detect timthumb file, theme and WordPress version.

Nessus: Nessus is a popular penetration testing tool that is used to perform vulnerability scans with its client/server architecture. Nessus Android app can perform following tasks.

Want to learn more?? The InfoSec Institute Web Application Penetration Testing Boot Camp focuses on preparing you for the real world of Web App Pen Testing through extensive lab exercises, thought provoking lectures led by an expert instructor. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach.

The Web Application Penetration Testing course from InfoSec Institute is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Benefits to you are:

  • Get CWAPT Certified
  • Learn the Secrets of Web App Pen Testing in a totally hands-on classroom environment
  • Learn how to exploit and defend real-world web apps: not just silly sample code
  • Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
  • Learn how perform OWASP Top 10 Assessments: for PCI DSS compliance
  • Connect to a Nessus server (4.2 or greater)
  • Launch existing scans on the server
  • Start, stop or pause running scans
  • Create and execute new scans and scan templates
  • View and filter reports

Network Mapper:

  • A very fast net scanner for network admins that can scan your network in the office and export as CSV via Gmail to give you a map of what devices are on your LAN.
  • Includes a port scanner for security audit scans and a MAC vendor database to identify NIC manufacturers.
  • Can detect firewalled and stealthed computers, quite useful if you are looking for a Windows/firewall box that you can’t see on your network.
  • Useful if you want to find FTP servers, SSH servers, SMB servers, etc. on your network and would help you to diagnose faults.
  • You can save the scan results as a CSV file, which can be imported into Excel/Google Spreadsheet/LibreOffice.
5. Webattack

DroidSQLi: DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.

DroidSQLi supports the following injection techniques:

  • Time based injection
  • Blind injection
  • Error based injection
  • Normal injection

It automatically selects the best technique to use and employs some simple filter evasion methods.

Sqlmapchik: sqlmapchik is a cross-platform sqlmap GUI for the popular sqlmap tool. It is primarily aimed to be used on mobile devices. The easiest way to install sqlmapchik on an Android device is to download it from Google Play.

6. Pentesting Suites

dSploit: dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive host’s operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing, real time traffic manipulation, etc.

These are the available modules in the app:

  • RouterPWN
  • Trace
  • Port Scanner
  • Inspector
  • Vulnerability Finder
  • Login Cracker
  • Packet Forger
  • MITM

Revenssis Penetration Suite: Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security.

  • Web Vulnerability Scanners including:
  • SQL injection scanner
  • XSS scanner
  • DDOS scanner
  • CSRF scanner
  • SSL misconfiguration scanner
  • Remote and Local File Inclusion (RFI/LFI) scanners
  • Useful utilities such as:
  • WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool
  • Forensic tools (in implementation) such as malware analyzers, hash crackers, network sniffer, ZIP/RAR password finder, social engineering toolset, reverse engineering tool.
  • Vulnerability research lab (sources include: Shodan vulnerability search engine, ExploitSearch, Exploit DB, OSVDB and NVD NIST)
  • Self scan and defense tools for your Android phone against vulnerabilities
  • Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and USB in implementation)

zANTI: zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.

7. Anonymity

Orbot: Orbot is a free proxy app that empowers other apps to use the Internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

  • Orbot is the safest way to use the Internet on Android. Period. Orbot bounces your encrypted traffic several times through computers around the world, instead of connecting you directly like VPNs and proxies. This process takes a little longer, but the strongest privacy and identity protection available is worth the wait.
  • Use with Orweb, the most anonymous way to access any website, even if it’s normally blocked, monitored, or on the hidden web.
  • Use Gibberbot with Orbot to chat confidentially with anyone, anywhere for free.
  • Any installed app can use Tor if it has a proxy feature, using the settings. You can use private web searching with DuckDuckGo.
  • Orbot can be configured to transparently proxy all of your Internet traffic through Tor. You can also choose which specific apps you want to use through Tor.
  • Orbot is free software.

OpenVPN: OpenVPN Connect is the official full-featured Android VPN client for the OpenVPN Access Server, Private Tunnel VPN and OpenVPN Community, developed by OpenVPN Technologies, Inc.

  • Does not require a rooted device.
  • Easily import .ovpn profiles from SD card, OpenVPN Access Server, Private Tunnel or via a browser link.
  • Improved power management – preferences setting allows VPN to pause in a low-power state whenever screen is blanked or network is unavailable.
  • Android Keychain integration – OpenVPN profiles may reference a cert/key pair in the Android keychain.
  • Supports hardware-backed keystores
  • Support for multi-factor authentication using OpenVPN static and dynamic challenge/response protocols.
  • Full IPv6 support (at both the tunnel and transport layer).

Orweb: Orweb is the most privacy-enhancing web browser on Android for visiting any website, even if it’s normally censored, monitored, or on the hidden web. Orweb is the safest browser on Android. Orweb evades tracking and censorship by bouncing your encrypted traffic several times through computers around the world, instead of connecting you directly like VPNs and proxies. This process takes a little longer, but the strongest privacy and identity protection available is worth the wait.

  • Orweb bypasses almost every kind of network restriction.
  • Orweb does not store any information about the websites you visit.
  • You can prevent sites you visit from installing any cookies (which could track your web activities), allow them selectively, or allow any site to create cookies.
  • JavaScript, a common attack method for malicious software, is disabled by default.
  • Orweb is opensource.
  • Orweb attempts to prevent Flash from loading on sites you visit, blocking many common security threats.
  • Orweb is available in: Arabic, Chinese, Dutch, English, Esperanto, Farsi, French, German, Hungarian, Italian, Norwegian, Russian, Spanish, Swedish and Tibetan.

Conclusion

Android Operating System has been progressing quite rapidly. An innovative and open platform, Android is most popular mobile OS. It is well positioned to address the growing needs of the mobile marketplace. Due to rapid growth of Android, developers are now focusing on developing their tools in the Android environment. The above mentioned Android applications are the proof of that. The Software Development Kit facilitated by Android helps developers to achieve the same.

The above applications discussed are ways to perform penetration testing from your Android mobile. We can achieve anonymity and can perform web attacks by using an Android phone. It also provides us with penetration suites and other networking tools.

References

  • http://www.irongeek.com/i.php?page=videos/notacon11/nindroid-pentesting-apps-for-your-android-device-michael-palumbo