Penetration testing

Top 5 android hacking tools for penetration testers

Android hacking tool is a loosely defined term in cybersecurity circles. For example, an information security specialist tasked with forensically investigating an Android device may need to hack the device to gain access to the OS, or hack a database within the device to access vital information.

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

In another scenario, a cybersecurity expert may use Android “hacking tools” to pentest his or her own network environment. In this instance, Android hacking tools are launched from an Android device and not from a workstation or PC, unless the penetration tester was running the hacking tools using an Android emulator on a PC.

Some tools are better suited to specific tasks than others, and some may fall short of the forensics standards of your organization’s requirements. This is not to say the following tools are necessarily fit for the purposes of forensics investigations, or up to a forensics standard, but it is always good to see what the latest examples of hacking tools for Android mobile devices are.

With this in mind, this article will review five of the most widely used Android hacking tools for forensics professionals and Android enthusiasts alike. This way, you can determine the circumstances under which you might find them to be useful, or be alerted by their presence. This list is by no means exhaustive, but will definitely give you a basic idea of what applications are currently available.

1. Hackode

Hackode is a favourite application suite among security specialists who need to perform penetration tests on a regular basis. The app runs easily from Android devices and consists of four different toolsets: scanning, security feed, reconnaissance and exploit. Each one is specifically designed to help in different situations.

Hackode’s main features are:

• Reconnaissance: Information gathering tools include Google Hacking, featuring six specific tools via Google Dorks. These give functionality to PhpMyAdmin, PhpConfig, SQL Injection, MySQL Server, login portals and passwords. There is also a fully functional WhoIs tool that allows you to look up domain names and IP addresses.
• Scanning: Target scanning tools include Ping, Traceroute, MX Record and DNS Dig.
• Exploits: Not yet implemented
• Security feed: Displays the latest security news

Having all of these tools on a smartphone makes this tool very convenient for people who need to travel to multiple sites and do basic testing. All that is required is an Android device, which many people already carry anyway. This is a good application to carry around with you if you find you have a lot of network testing to do quite often and don’t want to take a full-sized laptop with you.

2. Andriller

This is a multiplatform application with installers for Ubuntu Linux and Microsoft Windows. It uses ADB as its main connectivity protocol, and as such is able to connect to Android phones via USB in a read-only state. As you well know, any forensics work being done with evidentiary collection in mind must not interact with the original source of data or impart any changes to it.

Tools such as Andriller must also perform non-destructive acquisitions, meaning when they are employed the likelihood of the target device’s data being compromised during your investigation is virtually zero.

Andriller has some really useful features such as lockscreen pattern cracking, PIN code deciphering, password cracking, database decoding and much more. These data stores can then be exported into report formats that will be easy to read and submit as evidence during your investigation (assuming you don’t have specific formats and standards that need to be adhered to).

Andriller’s main features are:

• Automated extraction of data as well as decoding
• Data extraction from non-rooted Android devices by Android Backup (Android versions 4.x)
• Data extraction with root permissions via the root ADDV daemon, CWM recovery mode or SU binary
• Data parsing and decoding, which gives folder structure. It can also use Tarball files from NANDroid backups and backup.ab files from Android Backup
• Ability to select individual database decoders for specific tasks
• Whatsapp archived database decryption (msgstore.db.crypt to *.crypt12)
• Lockscreen pattern, password cracking and PIN discovery
• Screen capture of device display for evidence collection

Andriller is a capable, no-nonsense application with power users and perhaps even forensic investigators in mind. It offers a basic interface with easy-to-use features, giving the program a tool-like feel. Pricing starts at around $99 USD per workstation, per year. Government and law enforcement agencies are eligible for a 50% discount, which is great news for budget-conscious heads of department. Those wishing to sample some of these features are able to install the program for a 14-day free trial.

3. AndroRAT

AndroRAT is a remote access tool that allows device information on an Android unit to be remotely accessed by a third party. This tool is more likely to be used as a diagnostic tool or a remote monitor for troubleshooting and log keeping than it would be as a forensic or recovery tool. The general way it operates is in a client/server configuration, with the server housing the main application and connection information. The application also allows for remote execution of functions, which could be useful for testing purposes.

AndroRAT’s main features are:

• Access contacts remotely
• Retrieve call logs and messages
• Live system monitoring
• Location service mapping and monitoring
• Camera services
• Microphone monitoring
• All basic phone functions such as messaging, calling and Internet browsing

As you can probably tell by this point, AndroRAT is a powerful tool, and could be problematic if it were installed on a user’s Android device without their knowledge. Its presence, if detected, should always be treated as suspicious if the owner of the device did not intentionally install it themselves.

Setting up the server application will require a basic understanding of network configuration, with things such as port forwarding and host creation. IP address accessibility is handled by dynamic IP address providers like No-IP.

In a lab environment it is quite easy to setup and configure, making experimentation easy and convenient. The application is freely available as an APK download and can be easily installed on a target device and PC.  

4. zANTI 

zANTI is a penetration testing suite of applications that installs locally to your Android smartphone. From here, users are able to use malicious software to attack a network and check for any loopholes in the network system’s security. These vulnerabilities are then fixed or repaired, if used for penetration testing.

Users who want to test redirect and SSL stripping attacks can also use zANTI, as the application can create malicious Wi-Fi hotspots. Any user that connects to your Wi-Fi hotspots will now be subject to whatever attacks you have in store for them. You can edit request and response messages from webservers, host fake versions of websites from your smartphone and much more.

zANTI is a good practice tool for people that are wanting to reverse engineer a malicious attack, and will provide a lot of data and valuable information about how such attempts can be avoided.

zANTI’s main features are:

• Scanning tools: These allow for the discovery of backdoor, authentication and brute-force attacks, DNS attacks, rogue access point detection and a whole host of reconnaissance scans.
• Diagnostic features: These features help you find vulnerabilities such as man-in-the-middle attacks, password cracking and metasploit activity.
• Reporting tools: zANTI has a Cloud-based reporting system that helps you to identify threats quickly and easily. This is all thanks to the dashboard-style reporting console which has corrective action suggestions built into it.

As a penetration testing application, zANTI is really effective. It provides many features that will come in handy, especially for security professionals. Having all of these applications on your smartphone is also really convenient, meaning that investigating or simulating a threat requires only a smartphone. Best of all, this product is free for community users.

5. FaceNiff

FaceNiff rose to prominence when it was released because of its social media-centric applications. It can be used to sniff out cookies from popular social media sites such as Twitter and Facebook. With this information in hand, would-be hackers are then able to login to your accounts and wreak havoc with your social media presence, or keep an eye on your activities without your knowledge.

FaceNiff is able to do all of this without requiring the user to have any technical knowledge at all, which is an alarming prospect if you consider how important the security of your social media passwords are.

Become a Certified Ethical Hacker, guaranteed!

Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.

Learn More

Services that FaceNiff can currently hijack are:

• Facebook
• Twitter
• Youtube
• Amazon
• VKontakte
• Tumblr
• MySpace
• Tuenti
• MeinVZ/StudiVZ
• Blogger
• Nasza-Klasa

The dangers and benefits of hacking apps

Learning how these types of hacking applications work can help you to find any weaknesses in your network’s current defences. If you have a shared Wi-Fi network, or even a guest Wi-Fi network, then you are potentially at risk to some of the applications that we have just looked at. For testing purposes, these apps are just fine. In the case of Android hacking suites like Andriller, there is added forensic functionality built into them as well. We hope that this list was helpful in some way and that you have been able to learn a thing or two about Android Hacking Tools.