Security Testing & Hacking Apps For Android

 Hacking ဆိုတာကေတာ့ ထင္သေလာက္လြယ္ကူမွာမပာုတ္ပါဘူး
အခုေအာက္ကပာာေလးေတြက Android ဖုန္းကေန Security Testing လုပ္ခ်င္သူေတြအတြက္ပါ


 

• WPScan

 WpScan ဆိုတာကေတာ့ WordPress vulnerability ကို Android ဖုန္းကေန Scan ဖတ္ဖုိ ့အတြက္ပါ
Download app and source code: https://github.com/clshack/WPScan

• WebSecurify
  

 WebSecurify ကေတာ့  web vulnerability scan လုပ္တဲ့ေနရာမွာအေကာင္းဆံုးပါပဲ
Download it here: https://code.google.com/p/websecurify/

• Network Mapper

Network Mapper is a fast scanner for network admins. It can easily scan your network and export the report as CVS to your Gmail. It lists all devices in your LAN along with details. Generally, the app is used to find Open ports of various servers like FTP servers, SSH servers, SMB servers etc. on your network. The tool works really fast and gives effective results.
Download Network Mapper for Google Play Store: https://play.google.com/store/apps/details?id=org.prowl.networkmapper&hl=en 

• Router Bruteforce ADS 2

If you are connected to a wi-Fi network and you want to access the router of the network, you can use Router Bruteforce ADS 2 app. This app performs Bruteforce attack to get the valid password of the router. It has a list of default passwords that it tries on the router. Most of the time, the app cracks the password. But you cannot be 100% sure in Bruteforce attack.
It comes with a sample txt file which contains 398 default passwords used in different routers. You can add more passwords in the list. But there is one limitation. This app only works with dictionary file of less than 5 MB. And try it only when you have good Wi-Fi signal. This is an experiment app and the developer also warns users to try at own risk.

Download Router Bruteforce ADS 2 from Google Play: https://play.google.com/store/apps/details?id=evz.android.rbf_ads&hl=en

•  AppUse – Android Pentest Platform Unified Standalone Environment
  

AppUse Virtual Machine is developed by AppSec Labs. It’s a freely available mobile application security testing platform for Android apps. This android penetration testing platform contains custom made tools by AppSec Labs.
This penetration testing platform is for those who are going to start penetration testing of Android applications. All you need is to download the AppUse Virtual Machine and then load the app for testing. The app comes with most of the configuration. So, you do not need to install simulators, testing tools, no need for SSL certifications of Proxy. Thus, the tool gives ideal user experience. In other words, you can say that AppUse Virtual Machine is Backtrack for Android apps. As we know that world is moving towards apps, AppUse VM has a good scope in future. We see how Android users face attacks and these cyber-attacks are growing. So, it is important for all Android app developers to test their apps for various kinds of vulnerabilities.

Download AppUse Virtual machine Here http://sourceforge.net/projects/appuse-android-pentest/files/AppUse%201.6_release.rar/download

• Network Spoofer
  

Network Spoofer is another nice app that lets you change the website on other people’s computer from your Android phone. Download the Network Spoofer app and then log onto the Wi-Fi network. Choose a spoof to use with the app then tap on start. This app is considered as a malicious hacking tool by network administrators. So, don’t try on unauthorized networks. This is not a penetration testing app. It’s just to demonstrate how vulnerable the home network is.

Download this app from sourceforge http://sourceforge.net/projects/netspoof/

• Network Discovery
  

Network Discovery is a free app for the Android device. The good thing is that the app doesn’t need a rooted device. This app has a simple and easy to use interface. It views all the networks and devices connected to your Wi-Fi network. The application identifies the OS and manufacturer of the device. Thus the app helps in information gathering on the connected Wi-Fi network.

Download app from Google Play: https://play.google.com/store/apps/details?id=info.lamatricexiste.network

• DroidSheep [Root]
  

DroidSheep is a session hijacking tool for Android devices. This is an app for security analysis in wireless networks. It can capture Facebook, Twitter, and LinkedIn, Gmail or other website accounts easily. You can hijack any active web account on your network with just a tap by using the DroidSheep app. It can hijack any web account.
This app demonstrates the harm of using any public Wi-Fi.

Download this app from here: http://droidsheep.de/?page_id=23

• DroidSheep Guard
  

DroidSheep Guard is another Android app that also developed Droidsheep. This app does not require a rooted device. This app monitors Android devices’ ARP-table and tries to detect ARP-Spoofing attack on the network performed by DroidSheep, FaceNiff and other software.
Download DroidSheep Guard from Google Play: https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&feature=search_result

•  Penetrate Pro

Penetrate Pro is a nice Android app for Wi-Fi decoding. The latest version of the app has added many nice features. It can calculate the WEP/WAP keys for some wireless routers. If you have installed an Antivirus app, it may detect Penetrate Pro app as virus. But this app is a security tool and it will not affect or harm your device.
Penetrate gives you the wireless keys of Discus, Thomson, Infinitum, BBox, Orange, DMax, SpeedTouch, DLink, BigPond, O2Wireless and Eircom routers.

Want to learn more?? The InfoSec Institute Web Application Penetration Testing Boot Camp focuses on preparing you for the real world of Web App Pen Testing through extensive lab exercises, thought provoking lectures led by an expert instructor. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach.

The Web Application Penetration Testing course from InfoSec Institute is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Benefits to you are:

• Get CWAPT Certified
• Learn the Secrets of Web App Pen Testing in a totally hands-on classroom environment
• Learn how to exploit and defend real-world web apps: not just silly sample code
• Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
• Learn how perform OWASP Top 10 Assessments: for PCI DSS compliance

VIEW WEB APP PEN TEST

 (Share From INFOSECINSTITUTE.COM)