Professional Documents
Culture Documents
net/best-android-tools/
More
CYBERPUNK (//n0where.net)
LATEST NEWS (https://n0where.net/news/)
DISCUSSIONS (https://n0where.net/discussions/)
DIRECTORY (https://n0where.net/directory/)
TOP100 (https://n0where.net/best-cybersecurity-tools/)
CONTACT (https://n0where.net/contact/)
SUBMIT (https://n0where.net/submit-content/)
Login Register
LOGIN
REGISTER
(http://www.twitter.com/_Cyber_Punk_) (https://plus.google.com/+N0whereNet/posts) (http://facebook.com/pages
/CyberPunk/341614055887105) (https://plus.google.com/communities/112851569729258205098)
(http://feeds.feedburner.com/n0where)
(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)
(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)
1 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
Security researchers have long maintained that malware is a problem on Android, the Google operating system thats on
80% of the worlds smartphones. In extreme cases, hackers with malicious intent can do much more than send premium
text messages. In this post, we will see various apps for web application penetration testing, network penetration testing,
sniffing, networking hacking and Android apps penetration testing.
Hackode : The hackers Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber
security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
This Application contains different tools like:
Reconnaissance
Google Hacking
Google Dorks
Whois
Scanning
Ping
Traceroute
DNS lookup
IP
2 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
MX Records
DNS Dig
Exploits
Security Rss Feed
(https://play.google.com/store/apps/details?id=com.techfond.hackode)
Top
Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool).
Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
3 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
(https://github.com/DesignativeDave/androrat)
Top
The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their
corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep
insight into the malicious apps:
CFG
Call Graph
Static Instrumentation
Permission Analysis
Dalvik codes
Smali codes
Java codes
APK Information
(https://github.com/honeynet/apkinspector/)
Top
DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the
results, generated when analysis is ended:
Hashes for the analyzed package
Incoming/outgoing network data
File read and write operations
Started services and loaded classes through DexClassLoader
Information leaks via the network, file and SMS
4 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
Circumvented permissions
Cryptography operations performed using Android API
Listing broadcast receivers
Sent SMS and phone calls
(http://code.google.com/p/droidbox/)
Top
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a
button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
Options include:
Network Map
Port Discovery
Packet Manipulation
Sniffer
MITM (Man in the Middle filters)
DoS (Pentest DoS vulnerabilities)
Password Complexity Audit
Penetrate CSE to check server/desktop vulnerabilty
(http://www.zimperium.com/zanti-mobile-penetration-testing)
Top
DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a
wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.
5 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks
WPA and WPA2 encrypted networks (PSK only)
DroidSheep is not intended to steal identities or endamage anybody, but to show the weak security of non-ssl
webservices
(Best Android Tools For Security Audit and Hacking droidsheep download)
Top
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most
complete and advanced professional toolkit to perform network security assessments on a mobile device.
WiFi Cracking
RouterPWN
Trace
Port Scanner
Inspector
Vulnerability finder
Login cracker
Packet forger
Man in the middle
Simple sniff
Password sniff
Session Hijacker
Kill connections
Redirect
Replace images
Replace videos
Script injector
Custom filter
6 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
(https://play.google.com/store/apps/details?id=com.anstudios.dsploit&hl=en)
Top
AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application
security testing in the android environment, and it includes unique custom-made tools.
(https://appsec-labs.com/AppUse)
Top
7 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar
software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you
have any problems/suggestions.
(https://play.google.com/store/apps/details?id=lv.n3o.shark)
Top
The Android Device Testing Framework (dtf) is a data collection and analysis framework to help individuals answer the
question: Where are the vulnerabilities on this mobile device? Dtf provides a modular approach and built-in APIs that
allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with
multiple modules that allow testers to obtain information from their Android device, process this information into
databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you
focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level
components such as binaries, libraries, and device drivers. In addition, youll be able to analyze new functionality
implemented by the OEMs and other parties to find vulnerabilities.
(https://github.com/jakev/dtf/tree/v1.0.3)
Top
8 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
drozer (formerly Mercury (http://n0where.net/mercury/)) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and
interacting with the Dalvik VM, other apps IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer
Agent to a device through exploitation or social engineering. Using weasel (MWRs advanced exploitation payload)
drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running
process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
(https://github.com/mwrlabs/drozer)
Top
Neopwn is an advanced penetration testing and radio frequency auditing platform designed to run on mobile phones and
tablets. We were the first to ever release a security auditing distribution for a mobile phone, and we continue to push the
envelope in supporting the latest bleeding-edge tools and hardware.
Several options exist for local and remote control of the Neopwn system, including:
Android-based control panel application for system management
Desktop interface via VNC, for full X windows programs
Shell access with native Android terminal emulation applications
Quick application access with native Android desktop icon launchers
Remote access through VPN and SSH
(http://www.neopwn.com/)
Top
9 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
Have you ever looked at your Android applications and wondered if they are watching you as well? Whether its a
bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than
what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all
your apps even hundreds of them to harvest their behavioral data, analyze their run pattern, and at the same time
provide an interface to facilitate a vast majority of evolving security tests with most practical solutions?
Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It
will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down
suspicious apps for further manual research. ASEF is an Open Source tool for scanning Android Devices for security
evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings
(https://code.google.com/p/asef/)
Top
Reverse engineering, Malware and goodware analysis of Android applications and more
10 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
(this opensource database is done on my free time, of course my free time is limited, so if you want to help, you
are welcome !),
Detection of ad/open source librairies (WIP),
Risk indicator of malicious application,
Reverse (http://code.google.com/p/androguard/wiki/RE) engineering of applications (goodwares, malwares),
Transform (http://code.google.com/p/androguard/wiki/Usage#Androaxml) Androids binary xml
(like AndroidManifest.xml) into classic xml,
Visualize (http://code.google.com/p/androguard/wiki/Visualization) your application with gephi
(http://www.gephi.org/) (gexf format), or with cytoscape (http://www.cytoscape.org/) (xgmml format), or PNG/DOT
output,
Integration with external decompilers (JAD+dex2jar/DED/)
.
(http://code.google.com/p/androguard/)
Top
Nicknamed as the Smartphone Version of Backtrack, Revenssis Penetration Suite is a set of all the useful types of
tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode &
Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup,
Traceroute, Port Scanner, Spam DB Lookup, Netstat etc). All these fitting in an application approx. 10MB (post
installation).
11 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
Vulnerability research lab (sources include: Shodan vulnerability search engine, ExploitSearch, Exploit DB,
OSVDB and NVD NIST
Self scan and Defence tools for your Android phone against vulnerabilities
Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and USB in implementation)
(http://sourceforge.net/projects/revenssis/)
Top
The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool,
designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote
attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.
(https://github.com/georgiaw/Smartphone-Pentest-Framework)
Top
Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more
than 200 Android and Linux tools (PRO) for pentesting and forensics through smarthphone or tablet.
12 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
(http://www.bugtraq-team.com/bugtroid#)
Top
OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development,
Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you
dont need to worry about finding tools. There are more then 60 tools and scripts and it is free.
(https://docs.google.com/file/d/0BxaBYtCO_aLyYUZaeE5qV1VpTDg/edit?pli=1)
Top
Visitors Rating
Rate Here
Overall Rating
79%
79%
Visitors Rating
157 ratings
13 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/
Load Comments
(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)
(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)
Compare
Go (http://n0where.net/?page_id=26549)
14 of 14 5/18/2016 11:32 AM