The best hacking software to hack from your smartphone

DeepNet Intelligence
14 minute read

 

Hacker programs for hacking from a smartphone

Web resource scanners for Android

Kayra the pentester lite


Kayra Report and About Screen

A detailed report is generated for each item selected in the scan settings. The screenshot shows only a small part of it. The free version is pretty functional, but sometimes annoying with ads. The paid version has no advertising and restrictions, its cost at the time of this writing is 159 rubles.

  • Website
  • Tested version: 1.4.0
  • Size: 4.7 MB
  • Android version: 4.1 and up
  • Root Required: No

DroidSQLi

The next hacking program for Android is DroidSQLi. DroidSQLi is used to check websites for SQL injection vulnerabilities in four flavors:

  • Normal SQL injection — the classic version with the UNION ALL SELECT parameter passing;
  • Error based SQL injection — knowingly using incorrect syntax in queries to receive an error message that reveals additional database parameters;
  • Blind SQL injection — a series of queries analyzing true / false responses from the DBMS, which allows you to restore the database structure;

Time based SQL injection — the formation of additional queries that cause the suspension of the DBMS for a certain time, which makes it possible to retrieve data character by character.


Demonstration of error based SQL injection

The DroidSQLi utility automatically selects the injection method and also uses techniques to bypass query filtering.

To start testing the site, you need to manually find the entry point. Typically, this is a web page address containing a query like? Id = X or? P = X, where X is a positive integer. In our example, the payload for the id parameter looks like this:

id = (SELECT 4777 FROM (SELECT COUNT (*), CONCAT (0x71626b6a71, (SELECT (ELT (4777 = 4777,1))), 0x7170767871, FLOOR (RAND (0) * 2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x) a)

There are many sites on the web that are vulnerable to SQL injection. I think you can easily find a few of these just by looking at your browser history.

  • Website
  • Tested version: 1.1
  • Size: 705 Kbytes
  • Android version: 4.2 and up
  • Root Required: No

Droidbug Admin Panel Finder FREE

The next smartphone jailbreak tool is Droidbug Admin Panel Finder FREE. The application searches for admin panels by default addresses of different CMS. The result of its work does not always correspond to the real state of affairs, since IDS and WAF are installed on popular web servers. They block the brute-force URL or redirect it to a honeypot (trap), which responds with HTTP 200 OK to all requests, and collects information about the attacker itself.

However, on less popular sites with security, everything is very dreary, and a valid admin panel is found in a matter of seconds. The paid version, which costs 139 rubles, removes ads and unlocks the ability to brute force a mixed pattern for sites with PHP / ASP / CGI / CFM / JS support.

Search for the admin panel on the site

  • Website
  • Tested version: 1.4
  • Size: 6.3 MB
  • Android version: 2.1 and up
  • Root Required: No

Combines for hacking from a smartphone

The Internet is not only made up of web applications, and holes are not found only in them. The following collection of hacker applications for Android will allow you to search for vulnerabilities (and exploits for them) in software and hardware, perform sniffing, MITM attacks, leave backdoors and do many other interesting things.

cSploit

cSploit is one of the most powerful tools for scanning networks and finding vulnerabilities on detected hosts. Draws up a network map and displays information about all devices found in it. Knows how to determine their IP / MAC and vendor (by the first three octets of the MAC address), determine the OS installed on them, look for vulnerabilities using the Metasploit framework RPCd and brute-force passwords.

Client search and MITM attack

Performs various types of MITM attacks through DNS spoofing (it is possible to replace media files in traffic on the fly, JS injections, session hijacking and cookie hijacking for authorization without entering a password). It also knows how to disconnect individual devices (or disconnect them in bulk from the access point). Intercepts traffic and saves it in .pcap format or redirects it wherever you want.

cSploit contains a tool to create and send any TCP / UDP packet to a selected host. Following the link, hacking the router redirects to an online service for selecting and exploiting vulnerabilities for a specific model. The database stopped updating in 2015, but it is still relevant. In my short test on an ASUS router, which has been released since the end of 2016, a vulnerability was discovered in the latest firmware (April 2018), first described in 2009.

dSploit

Fork of cSploit by Simone Margaritelli, ordered to live long in 2014. The project remained in beta with a very crude code. If cSpoit worked for me flawlessly, then the last three versions of dSploit crashed almost immediately after launch.

The same cSploit, side view

Since Margaritelli got a job at Zimperium, dSploit’s developments have become part of the zAnti proprietary utility.

Scan wireless network and discover hosts

  • Website
  • Tested (not quite successful) version: 1.1.3c
  • Size: 11.4 MB
  • Android version: 2.3 and up
  • Root required: YES!
  • Additional requirements: install BusyBox in / system / bin, show a penchant for masochism

zAnti

Mobile application for pentest from Zimperium. A more modern, stable and visual analogue of dSploit.

The zAnti interface is split into two parts: scanning and MITM. In the first section, like dSploit and the original cSploit, it maps the network, identifies all hosts, their parameters and vulnerabilities.

Nmap network

A separate function is to identify vulnerabilities on the smartphone itself. According to the program’s report, our test Nexus 5 contains 263 holes that will not be closed since the device has expired.

Vulnerability detection

zAnti helps to hack routers and gain full access to them (with the ability to change the admin password, set a different SSID, PSK, and so on). Using MITM attacks, zAnti detects insecure elements at three levels: in the OS, applications, and device settings.

The key feature is the formation of a detailed report on all scanned items. The report contains explanations and tips for eliminating the deficiencies found.

ZAnti Report

  • Website
  • Tested version: 3.18
  • Size: 24 MB
  • Android version: 2.3 and up
  • Root required: YES!
  • Notes: zAnti does not work on x86 and x86_64 devices

Sniffers to intercept traffic on Android

No pentester can do without a good sniffer . This is the same everyday tool, like a knife on a chef’s table. Therefore, the next section of the article is devoted to applications for intercepting and analyzing traffic.

Intercepter-NG

Intercepter-NG is an advanced sniffer targeting MITM attacks. Captures traffic and analyzes it on the fly, automatically detecting authorization data in it. Can save the intercepted traffic in the .pcap format and analyze it later.

Automatically detected data formats include passwords and hashes for the following protocols: AIM, BNC, CVS, DC ++, FTP, HTTP, ICQ, IMAP, IRC, KRB5, LDAP, MRA, MYSQL, NTLM, ORACLE, POP3, RADIUS, SMTP , SOCKS, Telnet, VNC.

Scanning and ARP spoofing

Intercepter-NG collects files transmitted over FTP, IMAP, POP3, SMB, SMTP and HTTP from captured packets. Like cSploit and its analogs, Intercepter-NG uses ARP spoofing to perform MITM. It supports SSLstrip, which allows you to perform MITM attacks even with HTTPS traffic, replacing HTTPS requests of the attacked hosts on the fly with their HTTP variants through the built-in DNS proxy.

In addition, it can detect ARP spoofing in relation to itself (useful when connecting to public hotspots) and protect against it. When you click the umbrella icon, the ARP cache is checked.

  • Website
  • Tested version: 2.1 (console — 0.8)
  • Size: 5.2 MB
  • Android version: 2.3 and up
  • Root required: YES!
  • Additional requirements: install BusyBox in / system / bin

Packet Capture

A simpler and more “legal” TCP / UDP packet analyzer with the ability to intercept HTTPS sessions using MITM. Does not require root rights , as it uses the built-in Android function of proxying traffic through VPN and spoofing an SSL certificate.

On Android 6.0.1 and later, you need to manually add a CA certificate through the app settings.

Capture traffic

Packet Capture works locally. It does not perform ARP spoofing, session hijacking, or other attacks on external hosts. The application is positioned as a proxy for debugging and is downloaded from the official market. Can decode packets as Text / Hex / Urlencoded, but does not yet support compressed (gzip) HTTP requests.

Packet Capture makes it easy to monitor the network activity of installed applications. It shows not just the volume of transmitted traffic, but what exactly and where each program or built-in Android component sends, what packets and from which servers it receives in response. An excellent utility for finding Trojan bookmarks and annoying ads.

  • Website
  • Tested version: 1.4.7
  • Size: 4.5 MB
  • Android version: 2.3 and up
  • Root Required: No

Helper hacking utilities for Android

While advanced pentesting utilities require root and BusyBox, simpler applications are available in the Play Store and work on any smartphone without any tweaks. They cannot perform ARP spoofing and MITM attacks, but they are enough for scanning a wireless network, discovering hosts and obvious security problems.

WPSApp

This program scans the air for WPS enabled access points. Having found such, she tries to test default pins on them. There are few of them, and they are known from the manuals of the router manufacturers.

If the user did not change the default pin and did not disable WPS, then the utility, at most in five minutes, goes over all known values ​​and gets WPA (2) -PSK, no matter how long and complex it is. The wireless password is displayed on the screen and is automatically saved in the smartphone’s Wi-Fi settings.

Detecting hotspots with WPS

Note that some routers do not allow changing the default pin. Moreover, sometimes it remains on, even if the WPS: OFF status is shown in the router’s web interface. The Wifi Analyzer utility will help you find out the real state of WPS. Read more about it and WPSApp in the article “ Hacking Wi-Fi from a Smartphone “.

Since the release of that article, WPSApp has been updated and improved in every way. She knows more pins from different vendors, goes through them faster and learned how to brute force in new modes. The utility works both on rooted smartphones and without root rights. She has many analogs, but all of them are much less effective.

  • Website
  • Tested version: 1.6.20
  • Size: 3.0 MB
  • Android version: 4.1. Works much better on Android 5.1 and newer
  • Required as root: desirable but not required

WiFi Analyzer

Open source and free Wi-Fi network scanner. A very convenient utility for detecting access points (including hidden ones), finding out their parameters (MAC, vendor, channel, encryption type), estimating the signal strength and distance to them. The distance from the router is calculated using the line-of-sight formula, so it is not always indicated accurately enough.

Display of hidden networks and assessment of channel noise

WiFiAnalyzer allows you to visually see the situation on the air, filter targets by signal strength, SSID, used frequency (2.4 / 5 GHz) and type of encryption. You can also manually determine the least noisy channel using two types of charts: regular and time-accumulated.

In short, WiFiAnalyzer is where you should start your exploration in wireless networks. Searching for targets with specific parameters will save a lot of time when working with advanced utilities.

  • Website
  • Tested version: 1.8.11
  • Size: 1.6 MB
  • Android version: 4.1 and up
  • Root Required: No

Fing

Often, the functionality of hacking utilities overlaps with the capabilities of completely legal tools used by system administrators to set up networks.

Fing is one such tool. It quickly scans the Wi-Fi network that you managed to connect to (for example, using WPSApp) and identifies all hosts. This can be useful for checking your own wireless network for tampering, but, you must admit, it is much more interesting to explore unfamiliar networks.

Defining ports and services on selected hosts

Fing performs advanced parsing of NetBIOS, UPNP, and Bonjour names, so it better identifies device types and shows more properties. Fing has integrated ping and tracerout utilities. He also knows how to send WOL (Wake on LAN) requests, remotely waking up sleeping devices that support this function.

Fing automatically detects open ports and the services associated with them. When it detects SMB, SSH, FTP and other things, Fing offers to connect to them, calling for this external programs from its menu. If the corresponding utility (for example, AndSMB) is not installed, then Fing opens a link to download it.

Additional features of the program open after registering a Fing account. With it, you can carry out an inventory of devices and networks. Even more functions are unlocked with the purchase of the hardware Fingbox. He knows how to monitor the connection of uninvited guests and selectively block their devices, as well as check the Internet connection for typical problems and automatically fix them.

  • Website
  • Tested version: 6.7.1
  • Size: 10 MB
  • Android version: 4.1 and up
  • Root Required: No

NetCut

The application detects all client devices on the wireless network, and then uses ARP spoofing to selectively disable them or cut off communications for everyone but itself. And then you can download files at full speed somewhere in a cafe, watching other visitors suffer.

NetCut — Find and Kick!

Joke! It is uncivilized to do this, but to quickly kick an attacker without getting into the settings of the router — why not? You can not just cut off the connection for any host one-time, but constantly block its attempts to connect to the access point until it changes its MAC address (see the Jail tab).

If someone tries to do such a trick on your device, NetCut will detect ARP cache poisoning and clear it (see NetCut Defender). For a dollar a month, you can get a Pro account, remove ads and restrictions.

  • Website
  • Tested version: 1.4.9
  • Size: 12 MB
  • Android version: 4.0 and up
  • Root required: YES!

References and search engines for the pentester

Finally, let’s talk about a couple of useful utilities that are not directly related to hacking, but rather perform an auxiliary and informational function.

Droidbug Exploiting FREE

App from the Bugtraq Team . Designed for searching and downloading various types of exploits. They are all grouped by OS type in two main sections: local and remote execution. A separate group includes hardware and web exploits, as well as those used in DoS attacks.

Pocket exploit manager

You can find and download the required exploit from the free version of the program, and to quickly view the description, you will need a paid version that costs 279 rubles.

  • Website
  • Tested version: 2.0.3
  • Size: 5.6 MB
  • Android version: 4.0.3 and above
  • Root Required: No

Pentest Cheatsheet

Pentester’s Pocket Guide. Contains guidelines for test execution from The Open Web Application Security Project (OWASP), experts in the open source web application security project.

Pentest Cheatsheet — Pentester reference

Additionally, it includes a selection of links to proven hacker utilities, grouped based on the task at hand: online scanners, vulnerability analyzers, reverse tools, fuzzers, crawlers, and so on. All information is well organized and looks relevant at the time of this writing.

  • Website
  • Tested version: 1.02
  • Size: 2.2 MB
  • Android version: 4.1 and up
  • Root required: no


Thank you all for your attention!

This article is presented for informational purposes only and does not carry a call to action. All information is aimed at protecting readers from illegal actions

▪️ This Article was written by DeepNet Intelligence. And copyright or brought to you by The DeepNet. Thanks for your huge support.▪️

DeepNet Intelligence