BEST ANDROID TOOLS FOR SNIFFING,

SECURITY AUDIT AND HACKING

INTEGRANTES:
ALEJANDRA DELGADO IRIARTE
SERGIO TERAN MONASTERIOS
VLADIMIR CALLE MAYSER
Security researchers have long maintained that malware is a problem on Android, the
Google operating system thats on 80% of the worlds smartphones. In extreme cases,
hackers with malicious intent can do much more than send premium text messages. In
this post, we will see various apps for web application penetration testing, network
penetration testing, sniffing, networking hacking and Android apps penetration testing.

Hackode
Hackode : The hackers Toolbox is an application for penetration tester, Ethical hackers,
IT administrator and Cyber security professional to perform different tasks like
reconnaissance, scanning performing exploits etc.
This Application contains different tools like:
Reconnaissance
Google Hacking
Google Dorks
Whois
Scanning
Ping
Traceroute
DNS lookup
IP
MX Records
DNS Dig

 Exploits
Security Rss Feed
This Application is still in beta version

Androrat:
Remote Administration Tool for Android. The name Androrat is a mix of Android and
RAT (Remote Access Tool).
Androrat is a client/server application developed in Java Android for the client side and
in Java/Swing for the Server.

All the available functionalities are

Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Open an URL in the default browser

 Do vibrate the phone

APKInspector:
The goal of this project is to aide analysts and reverse engineers to visualize compiled
Android packages and their corresponding DEX code. APKInspector provides both
analysis functions and graphic features for the users to gain deep insight into the
malicious apps:
CFG
Call Graph
Static Instrumentation
Permission Analysis
Dalvik codes
Smali codes
Java codes
APK Information

DroidBox:
DroidBox is developed to offer dynamic analysis of Android applications. The following
information is shown in the results, generated when analysis is ended:
Hashes for the analyzed package
Incoming/outgoing network data
File read and write operations
Started services and loaded classes through DexClassLoader
Information leaks via the network, file and SMS
Circumvented permissions
Cryptography operations performed using Android API
Listing broadcast receivers

 Sent SMS and phone calls

zANTI:
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and
penetration tests at the push of a button. It provides cloud-based reporting that walks
you through simple guidelines to ensure network safety.
These various pentest options include:
Network Map
Port Discovery
Packet Manipulation
Sniffer
MITM (Man in the Middle filters)
DoS (Pentest DoS vulnerabilities)
Password Complexity Audit
Penetrate CSE to check server/desktop vulnerabilty

Droid Sheep:
DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens
for HTTP packets sent via a wireless (802.11) network connection and extracts the
session id from these packets in order to reuse them.
DroidSheep can capture sessions using the libpcap library and supports: OPEN
Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)
DroidSheep is not intended to steal identities or endamage anybody, but to show the
weak security of non-ssl webservices

dSploit:
dSploit is an Android network analysis and penetration suite which aims to offer to IT
security experts/geeks the most complete and advanced professional toolkit to perform
network security assessments on a mobile device.

Features
WiFi Cracking
RouterPWN
Trace
Port Scanner
Inspector
Vulnerability finder
Login cracker
Packet forger
Man in the middle
Simple sniff
Password sniff
Session Hijacker
Kill connections
Redirect
Replace images
Replace videos
Script injector
Custom filter

AppUse Android Pentest Platform Unified

Standalone Environment:
AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a
platform for mobile application security testing in the android environment, and it
includes unique custom-made tools.

Features

New Application Data Section

Tree-view of the applications folder/file structure

Ability to pull files

Ability to view files

Ability to edit files

Ability to extract databases

Dynamic proxy managed via the Dashboard

New application-reversing features

Updated ReFrameworker tool

Dynamic indicator for Android device status

Bugs and functionality fixes

Shark for Root:

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open
dump use WireShark or similar software, for preview dump on phone use Shark
Reader. Based on tcpdump. Please leave comments/send e-mail if you have any
problems/suggestions.

Android Device Testing Framework

The Android Device Testing Framework (dtf) is a data collection and analysis
framework to help individuals answer the question: Where are the vulnerabilities on
this mobile device? Dtf provides a modular approach and built-in APIs that allows
testers to quickly create scripts to interact with their Android devices. The default
download of dtf comes with multiple modules that allow testers to obtain information
from their Android device, process this information into databases, and then start
searching for vulnerabilities (all without requiring root privileges). These modules help
you focus on changes made to AOSP components such as applications, frameworks,
system services, as well as lower-level components such as binaries, libraries, and
device drivers. In addition, youll be able to analyze new functionality implemented by
the OEMs and other parties to find vulnerabilities.

drozer
drozer (formerly Mercury) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming
the role of an app and interacting with the Dalvik VM, other apps IPC endpoints and
the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It
helps you to deploy a drozer Agent to a device through exploitation or social
engineering. Using weasel (MWRs advanced exploitation payload) drozer is able to
maximise the permissions available to it by installing a full agent, injecting a limited
agent into a running process, or connecting a reverse shell to act as a Remote Access
Tool (RAT).

NeoPWN
Neopwn is an advanced penetration testing and radio frequency auditing platform
designed to run on mobile phones and tablets. We were the first to ever release a
security auditing distribution for a mobile phone, and we continue to push the envelope
in supporting the latest bleeding-edge tools and hardware.
Several options exist for local and remote control of the Neopwn system, including:
Android-based control panel application for system management
Desktop interface via VNC, for full X windows programs
Shell access with native Android terminal emulation applications
Quick application access with native Android desktop icon launchers
Remote access through VPN and SSH

ASEF
Have you ever looked at your Android applications and wondered if they are watching
you as well? Whether its a bandwidth-hogging app, aggressive adware or even
malware, it would be interesting to know if they are doing more than what they are
supposed to and if your personal information is exposed. Is there really a way to
automatically evaluate all your apps even hundreds of them to harvest their
behavioral data, analyze their run pattern, and at the same time provide an interface to
facilitate a vast majority of evolving security tests with most practical solutions?
Android Security Evaluation Framework (ASEF) performs this analysis while alerting
you about other possible issues. It will make you aware of unusual activities of your
apps, will expose vulnerable components and help narrow down suspicious apps for

further manual research. ASEF is an Open Source tool for scanning Android Devices
for security evaluation. Users will gain access to security aspects of android apps by
using this tool with its default settings

Androguard
Reverse engineering, Malware and goodware analysis of Android applications and
more

Features:
Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python
objects,
Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
Decompilation with the first native (directly from dalvik bytecodes to java source
codes) dalvik decompiler (DAD),
Access to the static analysis of the code (basic blocks, instructions, permissions
(with database from http://www.android-permissions.org/) ) and create your
own static analysis tool,
Analysis a bunch of android apps,
Analysis with ipython/Sublime Text Editor,
Diffing of android applications,
Measure the efficiency of obfuscators (proguard, ),
Determine if your application has been pirated (plagiarism/similarities/rip-off
indicator),
Check if an android application is present in a database (malwares,
goodwares ?),
Open source database of android malware (this opensource database is done on
my free time, of course my free time is limited, so if you want to help, you are
welcome !),
Detection of ad/open source librairies (WIP),
Risk indicator of malicious application,

 Reverse engineering of applications (goodwares, malwares),

Transform Androids binary xml (like AndroidManifest.xml) into classic xml,
Visualize your application with gephi (gexf format), or with cytoscape (xgmml
format), or PNG/DOT output,
Integration with external decompilers (JAD+dex2jar/DED/)
.

Revenssis
Nicknamed as the Smartphone Version of Backtrack, Revenssis Penetration Suite is a
set of all the useful types of tools used in Computer and Web Application security. Tools
available in it include: Web App scanners, Encode/Decode & Hashing tools,
Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH,
DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat etc). All
these fitting in an application approx. 10MB (post installation).

Features
All Web Vulnerability Scanners including:
SQL injection scanner
XSS scanner
DDOS scanner
CSRF scanner
SSL misconfiguration scanner
Remote and Local File Inclusion (RFI/LFI) scanners
Useful utilities such as:
WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool,
Forensic tools (in imlementation) such as malware analyzers, hash crackers,
network sniffer, ZIP/RAR password finder, social engineering toolset, reverse
engineering tool

 Vulnerability research lab (sources include: Shodan vulnerability search engine,

ExploitSearch, Exploit DB, OSVDB and NVD NIST
Self scan and Defence tools for your Android phone against vulnerabilities
Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and
USB in implementation)

SPF Smartphone Pentest Framework

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework
is an open source security tool, designed to aid in assessing the security posture of
smartphones in an environment. SPF Version 0.1 contains remote attacks, client side
attacks, social engineering attacks, and post exploitation, targeting smartphone
devices.

Bugtroid
Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main
features of this apk, is that it has more than 200 Android and Linux tools (PRO) for
pentesting and forensics through smarthphone or tablet.

OWASP Droid Fusion

OWASP Droid Fusion is a platform for android mobile or any other mobile for doing
Malware Analysis, Development, Application Pentesting and Forensics. You can use it
in any mobile security research, and if you have Droid Fusion, you dont need to worry
about finding tools. There are more then 60 tools and scripts and it is free.

SNIFFERS ENCONTRADOS
- ANDROID:

- IOS: