Best Android Tools For Security Audit and Hacking https://n0where.

net/best-android-tools/

More
CYBERPUNK (//n0where.net)
LATEST NEWS (https://n0where.net/news/)
DISCUSSIONS (https://n0where.net/discussions/)
DIRECTORY (https://n0where.net/directory/)
TOP100 (https://n0where.net/best-cybersecurity-tools/)
CONTACT (https://n0where.net/contact/)
SUBMIT (https://n0where.net/submit-content/)

Login Register

LOGIN

REGISTER
(http://www.twitter.com/_Cyber_Punk_) (https://plus.google.com/+N0whereNet/posts) (http://facebook.com/pages
/CyberPunk/341614055887105) (https://plus.google.com/communities/112851569729258205098)
(http://feeds.feedburner.com/n0where)
(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)
(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)

1 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

Security researchers have long maintained that malware is a problem on Android, the Google operating system thats on
80% of the worlds smartphones. In extreme cases, hackers with malicious intent can do much more than send premium
text messages. In this post, we will see various apps for web application penetration testing, network penetration testing,
sniffing, networking hacking and Android apps penetration testing.

Hackode : The hackers Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber
security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
This Application contains different tools like:
Reconnaissance
Google Hacking
Google Dorks
Whois
Scanning
Ping
Traceroute
DNS lookup
IP

2 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

MX Records
DNS Dig
Exploits
Security Rss Feed

This Application is still in beta version

(https://play.google.com/store/apps/details?id=com.techfond.hackode)
Top

Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool).
Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

Get contacts (and all theirs informations)

Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Open an URL in the default browser
Do vibrate the phone

3 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

(https://github.com/DesignativeDave/androrat)
Top

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their
corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep
insight into the malicious apps:
CFG
Call Graph
Static Instrumentation
Permission Analysis
Dalvik codes
Smali codes
Java codes
APK Information

(https://github.com/honeynet/apkinspector/)
Top

DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the
results, generated when analysis is ended:
Hashes for the analyzed package
Incoming/outgoing network data
File read and write operations
Started services and loaded classes through DexClassLoader
Information leaks via the network, file and SMS

4 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

Circumvented permissions
Cryptography operations performed using Android API
Listing broadcast receivers
Sent SMS and phone calls

(http://code.google.com/p/droidbox/)
Top

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a
button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
Options include:
Network Map
Port Discovery
Packet Manipulation
Sniffer
MITM (Man in the Middle filters)
DoS (Pentest DoS vulnerabilities)
Password Complexity Audit
Penetrate CSE to check server/desktop vulnerabilty

(http://www.zimperium.com/zanti-mobile-penetration-testing)
Top

DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a
wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.

5 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks
WPA and WPA2 encrypted networks (PSK only)
DroidSheep is not intended to steal identities or endamage anybody, but to show the weak security of non-ssl
webservices

(Best Android Tools For Security Audit and Hacking droidsheep download)
Top

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most
complete and advanced professional toolkit to perform network security assessments on a mobile device.

WiFi Cracking
RouterPWN
Trace
Port Scanner
Inspector
Vulnerability finder
Login cracker
Packet forger
Man in the middle

Simple sniff
Password sniff
Session Hijacker
Kill connections
Redirect
Replace images
Replace videos
Script injector
Custom filter

6 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

(https://play.google.com/store/apps/details?id=com.anstudios.dsploit&hl=en)
Top

AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application
security testing in the android environment, and it includes unique custom-made tools.

New Application Data Section

Tree-view of the applications folder/file structure
Ability to pull files
Ability to view files
Ability to edit files
Ability to extract databases
Dynamic proxy managed via the Dashboard
New application-reversing features
Updated ReFrameworker tool
Dynamic indicator for Android device status
Bugs and functionality fixes

(https://appsec-labs.com/AppUse)
Top

7 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar
software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you
have any problems/suggestions.

(https://play.google.com/store/apps/details?id=lv.n3o.shark)
Top

The Android Device Testing Framework (dtf) is a data collection and analysis framework to help individuals answer the
question: Where are the vulnerabilities on this mobile device? Dtf provides a modular approach and built-in APIs that
allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with
multiple modules that allow testers to obtain information from their Android device, process this information into
databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you
focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level
components such as binaries, libraries, and device drivers. In addition, youll be able to analyze new functionality
implemented by the OEMs and other parties to find vulnerabilities.

(https://github.com/jakev/dtf/tree/v1.0.3)
Top

8 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

drozer (formerly Mercury (http://n0where.net/mercury/)) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and
interacting with the Dalvik VM, other apps IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer
Agent to a device through exploitation or social engineering. Using weasel (MWRs advanced exploitation payload)
drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running
process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

(https://github.com/mwrlabs/drozer)
Top

Neopwn is an advanced penetration testing and radio frequency auditing platform designed to run on mobile phones and
tablets. We were the first to ever release a security auditing distribution for a mobile phone, and we continue to push the
envelope in supporting the latest bleeding-edge tools and hardware.
Several options exist for local and remote control of the Neopwn system, including:
Android-based control panel application for system management
Desktop interface via VNC, for full X windows programs
Shell access with native Android terminal emulation applications
Quick application access with native Android desktop icon launchers
Remote access through VPN and SSH

(http://www.neopwn.com/)
Top

9 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

Have you ever looked at your Android applications and wondered if they are watching you as well? Whether its a
bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than
what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all
your apps even hundreds of them to harvest their behavioral data, analyze their run pattern, and at the same time
provide an interface to facilitate a vast majority of evolving security tests with most practical solutions?
Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It
will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down
suspicious apps for further manual research. ASEF is an Open Source tool for scanning Android Devices for security
evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings

(https://code.google.com/p/asef/)
Top

Reverse engineering, Malware and goodware analysis of Android applications and more

Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,

Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
Access to the static analysis (http://code.google.com/p/androguard/wiki/Analysis) of the code (basic blocks,
instructions, permissions (with database from http://www.android-permissions.org/ (http://www.android-
permissions.org/)) ) and create your own static analysis tool,
Analysis a bunch of android apps,
Analysis with ipython/Sublime Text Editor,
Diffing (http://code.google.com/p/elsim/wiki/Similarity#Diffing_of_applications) of android applications,
Measure (http://code.google.com/p/elsim/wiki/Similarity#Similarity_of_applications_(aka_rip-off_indicator)) the
efficiency of obfuscators (proguard, ),
Determine (http://code.google.com/p/elsim/wiki/Similarity#Similarity_of_applications_(aka_rip-off_indicator)) if
your application has been pirated (plagiarism/similarities/rip-off indicator),
Check if an android application is present (http://code.google.com/p/androguard/wiki/DetectingApplications) in a
database (malwares, goodwares ?),
Open source database (http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) of android malware

10 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

(this opensource database is done on my free time, of course my free time is limited, so if you want to help, you
are welcome !),
Detection of ad/open source librairies (WIP),
Risk indicator of malicious application,
Reverse (http://code.google.com/p/androguard/wiki/RE) engineering of applications (goodwares, malwares),
Transform (http://code.google.com/p/androguard/wiki/Usage#Androaxml) Androids binary xml
(like AndroidManifest.xml) into classic xml,
Visualize (http://code.google.com/p/androguard/wiki/Visualization) your application with gephi
(http://www.gephi.org/) (gexf format), or with cytoscape (http://www.cytoscape.org/) (xgmml format), or PNG/DOT
output,
Integration with external decompilers (JAD+dex2jar/DED/)
.

(http://code.google.com/p/androguard/)
Top

Nicknamed as the Smartphone Version of Backtrack, Revenssis Penetration Suite is a set of all the useful types of
tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode &
Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup,
Traceroute, Port Scanner, Spam DB Lookup, Netstat etc). All these fitting in an application approx. 10MB (post
installation).

All Web Vulnerability Scanners including:

SQL injection scanner
XSS scanner
DDOS scanner
CSRF scanner
SSL misconfiguration scanner
Remote and Local File Inclusion (RFI/LFI) scanners
Useful utilities such as:
WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool,
Forensic tools (in imlementation) such as malware analyzers, hash crackers, network sniffer, ZIP/RAR password
finder, social engineering toolset, reverse engineering tool

11 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

Vulnerability research lab (sources include: Shodan vulnerability search engine, ExploitSearch, Exploit DB,
OSVDB and NVD NIST
Self scan and Defence tools for your Android phone against vulnerabilities
Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and USB in implementation)

(http://sourceforge.net/projects/revenssis/)
Top

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool,
designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote
attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.

(https://github.com/georgiaw/Smartphone-Pentest-Framework)
Top

Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more
than 200 Android and Linux tools (PRO) for pentesting and forensics through smarthphone or tablet.

12 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

(http://www.bugtraq-team.com/bugtroid#)
Top

OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development,
Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you
dont need to worry about finding tools. There are more then 60 tools and scripts and it is free.

(https://docs.google.com/file/d/0BxaBYtCO_aLyYUZaeE5qV1VpTDg/edit?pli=1)
Top

Visitors Rating
Rate Here
Overall Rating
79%
79%
Visitors Rating
157 ratings

13 of 14 5/18/2016 11:32 AM
Best Android Tools For Security Audit and Hacking https://n0where.net/best-android-tools/

You have rated this

Posted In
Mobile Security (https://n0where.net/mobile-security/)
Tags
Android (https://n0where.net/tag/android/), Editor's Pick
(https://n0where.net/tag/editor-pick/), Flash
(https://n0where.net/tag/flash/), phones
(https://n0where.net/tag/phones/)
Android (https://n0where.net/tag/android/), Editor's Pick
(https://n0where.net/tag/editor-pick/), Flash
(https://n0where.net/tag/flash/), phones
(https://n0where.net/tag/phones/)

Load Comments

(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)

(https://www.netsparker.com/online-web-application-security-scanner/?utm_source=easyauto&utm_medium=banner&
utm_campaign=n0wherenc)

Compare
Go (http://n0where.net/?page_id=26549)

14 of 14 5/18/2016 11:32 AM