Android Hacking Apps
Here is an app that spies at heart could use – SpoofApp. It allows you to use a fake Caller ID – a number that you are free to specify yourself, in order to protect your privacy or to pull a prank on someone. Sounds like fun, doesn’t it? Well, Apple didn’t think so, which is why it never allowed the app to enter its App Store. Google, however, didn’t mind, which is why SpoofApp was available on the Android Market for about two and a half years. However, it was banned from there last year as it allegedly was in conflict with The Truth in Caller ID Act of 2009.This can be useful in social engineering.
Must Read: Top 10 Windows Antivirus Software of 2013
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It’s kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!). Please note that if webuser uses SSL this application won’t work.
Legal notice: This application is for educational purposes only. Do not try to use it if it’s not legal in your country. I do not take any responsibility for anything you do using this application. Use at your own risk.
3. Penetrate Pro
Root is required.
The most of the times you scan the Wi-Fi networks available around, they’re protected with key. Penetrate is an app that help you out with that. If the routers of that Wi-Fi networks are encrypted with WEP/WPA it will bring you the keys to access them. This seems a sort of cracking, but the developers says it isn’t, because it’s supposed to get the keys for penetration testing and you should use it only with permission from network owners. Well, apart from those regardings, it does what it says. Check the developer description to know which routers are supported.
Take in account that if you have an antivirus installed in your device, it will warn you about this app. The developer says it’s normal because it’s a security-related tool. Penetrate isn’t a danger for your phone.
This is the paid version (€1.99) that contains no ads, some more features and sponsors further development. What’s more, it allows you to use 3G to get the password instead of using dictionaries that you will have to download in the free version.
Penetrate works properly with the range of routers supported. We’re missing more though. Despite the apparent use for which it was developed this application, we all know the “regular” use. And if you’re looking for it, give it a chance. It’s a great app.
4. Anti-Android Network Toolkit
Anti-Android Network Toolkit is an app that uses WiFi scanning tools to scan networks. You can scan a network you have the phone connected to or you can scan any other nearby open networks. Security admins can use Anti to test network host vulnerabilities to DoS attacks and other threats.
Working with ANTI-Android Network Toolkit
Upon opening the app, users are required to enter the username and password used for registering. Once logged in, a message pops up indicating how many Anti credits you have and gives you the option to purchase more.
The next screen shows you the local network targets. I had my phone connected to my WLAN and Anti automatically mapped my network. You can only connect to networks you can authenticate into or of course, unsecured, open ones.
I could see my subnet information as well as all connected hosts on the network. It also showed an icon of what the various hosts were on my network; for instance, a connected Windows 7 laptop was displayed with the Window icon and my Android phone with the Droid bot logo.
From this screen, additional networks can be added simply by entering their subnet information. Clicking the bottom of the screen on the WiFi logo brings up all WLANs in the proximity, so Anti also performs wireless network discovery.
When first displaying the local target screen where you can view your network, Anti asks to run an intrusive scan. This scan checks for open ports and other vulnerabilities on the network. The app scanned 256 possible IP addresses in my test network (which only has four connected devices) in 11.07 seconds. In that time, the app discovered a connected machine with 8 open ports.
There are several other tasks the app can do. Users can run a password cracker against hosts using various crack protocols. A password crack on my test network revealed the username and password to an unsecured network switch—the username and password displayed was correct, as I was able to use the credentials Anti found to Telnet into the command line interface of the switch.
With Anti, you can also connect to network devices legitimately, with proper credentials. The report feature will list all of the vulnerabilities found, giving network admins a way to perform a threat assessment
Author: Pankaj Basumatry.