Android

The Best Android Apps for Ethical Hacking

Just like our computer programs, there are so many Android applications used for many different tasks, and here we will discussing the best Android applications meant to do Penetration Testing or Ethical Hacking.The best Android apps below was chosen by comparing users experience, and my personal experience with the apps (I use most of these tools for daily use). Some of the tools require root access of your Android phone, and absolutely, the best applications below are all in active development.

8. Orbot: Proxy with Tor

Anonymity is the first thing you need to concern before doing Penetration Testing. Among many others apps which provide privacy connection like VPN, Orbot is the best at hiding your identity. Orbot is free and open source project (which you can take a look at the source code in Github or join their community) to provide anonymity on the internet for Android users. Orbot uses Tor to encrypt the internet traffic by bouncing through available server around the world. Orbot can help you to defend against personal and privacy threatens, hidden from monitoring internet traffic third parties app.

TOR – bouncing connections

TOR – live log

7. Wifi Master Key – by wifi.com

Wifi Master Key is the biggest peer-to-peer Wi-Fi key sharing for free Wi-Fi access developed by LinkSure Network (wifi.com). This is my favorite apps when i need Wi-Fi connection around. This app will shorten my tasks to break the locked (password-ed) Wi-Fi. The concept is sharing Wi-Fi key (password) to provide free internet access. Whether the user knows the password or not, they will be able to connect to any nearby Wi-Fi hotspots that are listed with “connect button” without input any login details. Another interesting feature of Wifi Master Key is the Wifi Map to help users find free and open hotspots Wi-Fi available in location.

Wifi Key Master – Display available Free connect hotspots

Wifi Master Key – MAP display available Free and Open Hotspots

6. Fing – Network Tools

Fing is a network discovery tool to do information gathering about devices connected in wireless network connection. Fing also offers several networking utilities including Ping, Traceroute, DNS Lookup, and Service scanning.

5. Netcut (free, requires root)

Netcut is popular desktop network discovery tool which also available on Android. Netcut helps discover device connected on wireless network and display the information including IP address, MAC address, and device name. The difference between Fing and Netcut is, Netcut has feature to change MAC address of your device, and the main feature is to cut connections of others clients connected in your wireless network using ARP spoofing attack. Netcut also can protects users from ARP spoofing attack, using built-in feature Netcut Defender.

4. Packet Capture

Packet Capture is a network traffic sniffer with SSL decryption. Packet Capture has the same main function as Wireshark program on desktop. It is very powerful Android app to debugging, or to monitor the network communication in and out going internet connection. Packet Capture use local VPN to capture and record the traffic. The good news is it doesn’t need any root permission. Not only capturing all packets, Packet Capture is able to decrypt SSL communication using MITM method.

Packet Capture – Sniffing “Mobile Legends” game connections

3. Network Spoofer (requires root)

Network Spoofer is Android app project to perform ARP Spoofing attack to mess the network and clients. Network Spoofer let you prank clients connected on your wireless network, the attack feature Network Spoofer provides are: Flip picture and text upside down, website page redirect, delete and replace words from website and change all pictures on website to trollface meme image.

2. Termux

Termux is terminal emulator for Android with bash linux environment. If you are familiar with Terminal Linux environment than you will not find any difficult on using Termux. Termux using the APT package manager to automate installing any packages. The reason why i exclude “Nmap for Android” on the list is, you can actually install popular Penetration Testing program directly in your Android using Termux “pkg install” command, such NMAP, Metasploit, Traceroute, and much more.

Termux – running NMAP on Termux Android

Termux – Running Metasploit Framework on Termux Android

1. zANTI (requires root)

zANTI is very powerful full-fledged penetration testing toolkit. zANTI has so many features, it is a collection of tools, including network discovery using NMAP, MITM Attack, MAC Address spoofing, password auditing, vulnerability scanning and much more. In the MITM Attack itself has so much features which mostly has the main feature like “Network Spoofer” does, with HTTP sessions hijacking, HTTP requests and responses modifying, capture download files, router exploit and able to check device for shellshock and SSL poodle vulnerability.

CONCLUSION

Nowadays, hacking is much easier to do in line with the advances of technology, even by using your “handy-computer” a.k.a smartphone you can perform Penetration Testing tasks. The applications available above are just tools and require your own responsibility. Be wise (and wild sometimes :-D).

About the author

BIMA FAJAR RAMADHAN

BIMA FAJAR RAMADHAN

Hy, I am Bima, i am a Freelance Writer and Penetration Tester. Do you have any questions or sharable opportunities? Contact me personally on : dk3ferdiandoo [AT] gmail.com