70 Android Hacking & Security Tools For Hackers
This is probably the best collection of Android hacking & security tools you will ever find.
Yes, you read that right. I have included 70 android hacking & security tools in this list. And I will continue to update this article as I find more android tools.
Here is the biggest collection of android hacking tools:
I2P is a very good tool for anonymizing your connections to your destination. Yes, it is just like Tor, but much better. That is, if you want to hide your IP without losing much of your connection speed, I2P is the best option. I'm not saying that the I2P can make you completely anonymous on the web. But it definitely can provide you an extra layer of protection.
Fing is a simple tool for network analysis. It can evaluate your network security levels, detect intruders and resolve network issues. It displays almost all the network details such as the number of devices connected, device MAC addresses and manufacturers, IP addresses, NetBIOS names, and Bonjour info.
Packet Sender is an open source tool for sending and receiving TCP and UDP packets. Whenever you want to test your network, you can use Packet Sender to create and send custom data packets.
ProxyDroid is an android app that allows you to set a proxy on your android device. That is, it can help you to hide your actual IP address, bypass internet censorship and prevent web monitoring. I like this app very much because of it's user-friendly interface.
AppUse is a virtual machine that you can use to test the android mobile application security. It contains a custom Android ROM loaded with hooks which were placed at the right places inside the runtime for easy application control, observation, and manipulation. It has everything a pentester needs to run and test target applications - Android emulator, development tools, the required SDKs, decompilers, disassemblers, and etc.
JADX is a decompiler that you can use to produce Java source code from Android Dex and Apk files.
Appie is a portable Android Pentesting Environment that you can use on any windows based machine without using a Virtual Machine(VM) or dualboot. It has a lot of tools such as Android Debug Bridge, Apktool, AndroBugs Framework, AndroGuard, Androwarn, Atom, ByteCodeViewer, Burp Suite, Drozer, dex2jar, Eclipse IDE with Android Developer Tools, Introspy, Analyzer, Java Debugger, jadx, Jd-Gui, Pidcat, SQLite Database Browser, SQLmap, Volatility Framework, Mozilla Firefox with some security addons, Owasp GoatDroid, and InsecureBank-v2.
Kali Linux NetHunter is the first ever Open Source Android penetration testing platform for Nexus devices. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks.
In short, Kali Linux is now at your tip of your fingers!
Nipper is an android tool for analyzing the security of CMS websites (WordPress, Drupal, Joomla, Blogger, Magento, Concrete5, VBulletin). It has a lot of than modules that you can use to gather information about a specific URL.
Here is the list of modules in Nipper:
zANTI is one of the best penetration testing toolkits for android. It can help you to uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points in seconds.
Note: This toolkit will change the SELinux configuration on your device to run certain commands, so if you are going to use this toolkit, please use it on a dedicated device. Otherwise, some apps may take advantage of lessened security setting for malicious purposes.
Radare is a portable framework for reverse engineering and analyzing binaries. The radare project started in February of 2006 aiming to provide a Free and simple command line interface for a hexadecimal editor supporting 64-bit offsets to make searches and recovering data from hard disks. Now it is one of the best open source reverse engineering frameworks that you can use to do many things including forensic analysis on filesystems, software patching, vulnerability fixing, software exploitation, and etc.
Drozer is a comprehensive security audit and attack framework for Android. It allows you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. With Drozer, you can greatly reduce the time taken for Android security assessments by automating the tedious and time-consuming tasks.
It runs both in Android emulators and on real devices. And, it does not require USB debugging or other development features to be enabled.
Passera is a simple android app that turns any entered text into a strong password. This tool is for the people who understand the need to have strong unique passwords for each website.
aNmap is the android version of the Nmap; meaning, you can use this app to identify open ports and services, operating system versions, types of packet filters/firewalls and other characteristics.
Hooker is an open source project for dynamic analyses of Android applications. It has a lot of tools and applications that you can use to automatically intercept and modify any API calls made by a targeted application.
Intercepter-NG is an android app for intercepting and analyzing the WiFi network traffic. It is very easy to use. It can intercept communications, analyze data packets. hijack sessions, SSL Strip connections, and monitor target's web activities.
Orbot is an android app developed by the Tor Project for internet freedom and privacy. It allows you to hide your real IP address by bouncing your communications around a distributed network of relays run by volunteers all around the world.
Orbot is not just Tor, it also contains LibEvent and a lightweight web proxy server -"Polipo".
And, in rooted devices, it allows you to transparently torify all of the TCP traffic on your Android device.
APKinspector is a powerful tool for android application analysts and reverse engineers. It can help you analyze the app permissions, Dalvik codes, Smali codes, Java codes, APK information and call graph.
OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users.
Smartphone Pentest Framework is an open source tool designed to aid in assessing the security posture of smartphones in an environment. Currently, it contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.
Nessus is a powerful vulnerability scanner that you can use to detect vulnerabilities in your network. It uses Nessus Attack Scripting Language to describe individual threats and potential attacks.
Find People Search is an android app that allows you to find whoever you want. Unfortunately, the search is limited to the United States only.
If you want to search the whole world, check out the article "3 Best Free Android Apps For People Search (a.k.a Social Search)".
Faceniff is a simple android app that allows you to sniff and intercept web session profiles over the WiFi network. Unlike most of the sniffer apps, it only supports some specific services. They are,
ARPSpoof is an open source tool for network auditing. It redirects the packets on the local network by broadcasting spoofed ARP messages. ARPSpoof displays the packets, but it doesn't save them.
If you want to anlayze the packets, you should install tcpdump.
Network spoofer is an android app that allows you to intercept and modify the WiFi network traffic. It is a powerful tool that can be used to perform multiple spoofs such as blue ball machine, YouTube video change, change text, custom image change, custom redirect, Man-in-the-Middle and etc.
Bluebox Security Scanner is vulnerability scanner that you can use to determine If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws. It also displays the applications that are trying to maliciously take advantage of any of the 'Master Key' security flaws.
QARK is a vulnerability scanner that is capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, and exploiting many of the vulnerabilities it finds. It is completely free and very easy to use.
MobSF is an opensource app that is capable of performing static and dynamic analysis on android or iOS apps.
That's all guys, I hope you liked this list. If you did, please share this article with your friends and followers.
Here is the biggest collection of android hacking tools:
- I2P
I2P is a very good tool for anonymizing your connections to your destination. Yes, it is just like Tor, but much better. That is, if you want to hide your IP without losing much of your connection speed, I2P is the best option. I'm not saying that the I2P can make you completely anonymous on the web. But it definitely can provide you an extra layer of protection.
- RouterCheck
RouterCheck is an android app for protecting your home router from attackers. It allows you to scan the router for vulnerabilities and dangerous configurations. RouterCheck not only helps to detect and fix router vulnerabilities but also protects (indirectly) all the devices connected to your router.
- Fing
Fing is a simple tool for network analysis. It can evaluate your network security levels, detect intruders and resolve network issues. It displays almost all the network details such as the number of devices connected, device MAC addresses and manufacturers, IP addresses, NetBIOS names, and Bonjour info.
- Packet Sender
Packet Sender is an open source tool for sending and receiving TCP and UDP packets. Whenever you want to test your network, you can use Packet Sender to create and send custom data packets.
- ProxyDroid
ProxyDroid is an android app that allows you to set a proxy on your android device. That is, it can help you to hide your actual IP address, bypass internet censorship and prevent web monitoring. I like this app very much because of it's user-friendly interface.
- AppUse
AppUse is a virtual machine that you can use to test the android mobile application security. It contains a custom Android ROM loaded with hooks which were placed at the right places inside the runtime for easy application control, observation, and manipulation. It has everything a pentester needs to run and test target applications - Android emulator, development tools, the required SDKs, decompilers, disassemblers, and etc.
- JADX
JADX is a decompiler that you can use to produce Java source code from Android Dex and Apk files.
- Appie
Appie is a portable Android Pentesting Environment that you can use on any windows based machine without using a Virtual Machine(VM) or dualboot. It has a lot of tools such as Android Debug Bridge, Apktool, AndroBugs Framework, AndroGuard, Androwarn, Atom, ByteCodeViewer, Burp Suite, Drozer, dex2jar, Eclipse IDE with Android Developer Tools, Introspy, Analyzer, Java Debugger, jadx, Jd-Gui, Pidcat, SQLite Database Browser, SQLmap, Volatility Framework, Mozilla Firefox with some security addons, Owasp GoatDroid, and InsecureBank-v2.
- Kali Linux NetHunter
Kali Linux NetHunter is the first ever Open Source Android penetration testing platform for Nexus devices. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks.
In short, Kali Linux is now at your tip of your fingers!
- Nipper
Nipper is an android tool for analyzing the security of CMS websites (WordPress, Drupal, Joomla, Blogger, Magento, Concrete5, VBulletin). It has a lot of than modules that you can use to gather information about a specific URL.
Here is the list of modules in Nipper:
- Detect & CMS Version: Detects and identifies the version and CMS system.
- DNS Lookup: Get the DNS information from a URL.
- IP ports Nmap SERVER: Scan the ports of a website.
- Users Enumeration: Enumeration WordPress user.
- Plugins Enumeration: Enumeration of WordPress Plugins.
- Find CMS Core Exploit: Search core vulnerabilities in CMS.
- Find Exploit DB: search exploit-db.com vulnerabilities.
- CloudFlare Solve: Identify the true IP address.
- Identification of Theme: detects and identifies WordPress theme of a website.
- Detection of CMS Advanced.
- Brute Force Attack (WordPress).
- zANTI
zANTI is one of the best penetration testing toolkits for android. It can help you to uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points in seconds.
Note: This toolkit will change the SELinux configuration on your device to run certain commands, so if you are going to use this toolkit, please use it on a dedicated device. Otherwise, some apps may take advantage of lessened security setting for malicious purposes.
- Radare
Radare is a portable framework for reverse engineering and analyzing binaries. The radare project started in February of 2006 aiming to provide a Free and simple command line interface for a hexadecimal editor supporting 64-bit offsets to make searches and recovering data from hard disks. Now it is one of the best open source reverse engineering frameworks that you can use to do many things including forensic analysis on filesystems, software patching, vulnerability fixing, software exploitation, and etc.
- Drozer
Drozer is a comprehensive security audit and attack framework for Android. It allows you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. With Drozer, you can greatly reduce the time taken for Android security assessments by automating the tedious and time-consuming tasks.
It runs both in Android emulators and on real devices. And, it does not require USB debugging or other development features to be enabled.
- Passera
Passera is a simple android app that turns any entered text into a strong password. This tool is for the people who understand the need to have strong unique passwords for each website.
- aNmap
aNmap is the android version of the Nmap; meaning, you can use this app to identify open ports and services, operating system versions, types of packet filters/firewalls and other characteristics.
It is one of the must-have tools for hackers!
- Hooker
Hooker is an open source project for dynamic analyses of Android applications. It has a lot of tools and applications that you can use to automatically intercept and modify any API calls made by a targeted application.
It also has a set of python scripts is also provided to automatize the execution of an analysis to collect any API calls made by a set of applications.
Note: Android-Hooker is a proof of concept relying on the Substrate framework. That means Hooker cannot work if Substrate is not correctly installed on your device.
- Intercepter-NG
Intercepter-NG is an android app for intercepting and analyzing the WiFi network traffic. It is very easy to use. It can intercept communications, analyze data packets. hijack sessions, SSL Strip connections, and monitor target's web activities.
- Orbot
Orbot is an android app developed by the Tor Project for internet freedom and privacy. It allows you to hide your real IP address by bouncing your communications around a distributed network of relays run by volunteers all around the world.
Orbot is not just Tor, it also contains LibEvent and a lightweight web proxy server -"Polipo".
And, in rooted devices, it allows you to transparently torify all of the TCP traffic on your Android device.
- APKinspector
APKinspector is a powerful tool for android application analysts and reverse engineers. It can help you analyze the app permissions, Dalvik codes, Smali codes, Java codes, APK information and call graph.
- OWASP GoatDroid
OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users.
Currently, it has two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application.
AndroRat is a remote administration tool for android (thus the name AndroRAT). This tool allows you to access target's contacts, call logs, messages, and the location details remotely.
Some other interesting functionalities of AndroRat:
DroidSQLi is an android app that you can use to launch SQL injection attacks on a target URL. This is fully automated tool, you don't need to know any complex technical information to use this app, anybody can use it, it's that simple.
- AndroRat
AndroRat is a remote administration tool for android (thus the name AndroRAT). This tool allows you to access target's contacts, call logs, messages, and the location details remotely.
Some other interesting functionalities of AndroRat:
- Live monitoring of received messages.
- Live monitoring of the device state (call received, call sent, call missed.).
- Take pictures using the camera.
- Stream sound.
- Stream video.
- Do a toast.
- Send text messages.
- Give call.
- Open a URL in the default browser.
- Vibrate the phone.
- DroidSQLi
DroidSQLi is an android app that you can use to launch SQL injection attacks on a target URL. This is fully automated tool, you don't need to know any complex technical information to use this app, anybody can use it, it's that simple.
It supports the following injection techniques:
- Normal injection.
- Blind injection.
- Time-based injection.
- Error based injection.
- Smartphone Pentest Framework (SPF)
Smartphone Pentest Framework is an open source tool designed to aid in assessing the security posture of smartphones in an environment. Currently, it contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.
- Android Data Extractor Lite (ADEL)
ADEL is a forensic tool that allows you to dump selected SQLite database files from Android devices and extract the contents stored within the dumped files. The first version requires a modification of the kernel and the adb daemon. But now, you do not need to modify those things, because now the ADEL makes use of a custom recovery image based on the Clockworkmod-Recovery.
DNSChef is a highly configurable DNS proxy (a.k.a Fake DNS) for Penetration Testers and Malware Analysts. This tool is mainly used for application network traffic analysis.
It can be used to fake requests for "somecrappysite.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
Unlike most of the DNS proxies, DNSChef is capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6, and many other things.
- Dexter
Dexter is a free tool for malware analysis and code auditing. It allows you to extract as much information as possible from android applications and display them in various different views.
Here are some of its key features:
- Free and interactive environment.
- Flexible tagging system - Annotate and tag everything in your analysis
- Collaboration - share your analysis results easily with your co-workers.
- An API for automated processing or extending.
- aWPVSCAN
aWPVSCAN is a free android tool for finding security weaknesses within Wordpress installations. It is very easy to use, no technical knowledge is necessary.
It can also help you to enumerate plugins, themes, authors, and Timthumbs file.
- DNSChef
DNSChef is a highly configurable DNS proxy (a.k.a Fake DNS) for Penetration Testers and Malware Analysts. This tool is mainly used for application network traffic analysis.
It can be used to fake requests for "somecrappysite.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
Unlike most of the DNS proxies, DNSChef is capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6, and many other things.
- Revenssis
Revenssis is a fully featured network, wireless and web app pentesting suite. It is also called as the "Smartphone Version of Backtrack" because it has almost all the useful tools in the Backtrack distributions.
It has almost all the web app vulnerability scanners, forensic tools, vulnerability research tools, self-scan and defense tools. And, some useful utilities such as WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool and etc.
PenTBox is a multiplatform security framework written in Ruby. It has a lot of tools such as Base64 & Decoder, Multi-Digest, Hash Password Cracker, Secure Password Generator, Net DoS Tester, TCP port scanner, Honeypot, Fuzzer, DNS and Host gathering tool, MAC address geolocation tool, and a HTTP Bruteforce tool.
WifiKill Pro is a lightweight android application that allows you to disable internet connection for any device on a WiFi network. It doesn't termiate the internet connection, it just blocks the packet data to the device.
DroidSheep is a session hijacking tool developed by Andreas Koch for hackers. It can capture session cookies over a WiFi network. That means this tool can help you to hijack any unencrypted web sessions!
Android Privacy Guard is an open source security tool that you can use to encrypt, decrypt and sign files and email messages by using a public/private key pair. It also allows you to encrypt individual files without a public/private key pair by relying on symmetric encryption and a strong passphrase.
- PenTBox
PenTBox is a multiplatform security framework written in Ruby. It has a lot of tools such as Base64 & Decoder, Multi-Digest, Hash Password Cracker, Secure Password Generator, Net DoS Tester, TCP port scanner, Honeypot, Fuzzer, DNS and Host gathering tool, MAC address geolocation tool, and a HTTP Bruteforce tool.
- WiFi Kill Pro
WifiKill Pro is a lightweight android application that allows you to disable internet connection for any device on a WiFi network. It doesn't termiate the internet connection, it just blocks the packet data to the device.
- DroidSheep
DroidSheep is a session hijacking tool developed by Andreas Koch for hackers. It can capture session cookies over a WiFi network. That means this tool can help you to hijack any unencrypted web sessions!
- Android Privacy Guard
Android Privacy Guard is an open source security tool that you can use to encrypt, decrypt and sign files and email messages by using a public/private key pair. It also allows you to encrypt individual files without a public/private key pair by relying on symmetric encryption and a strong passphrase.
- Totally Free VPN
Totally Free VPN is a wonderful proxy app with a lot of high-speed proxy servers. It's totally free and super fast. Totally Free VPN is very efficient at hiding your IP address from unwanted websites and services. so I would say it is a must-have security tool for an android device.
Note: If you are looking for a best free proxy or VPN app for your android device, check out this article: 10 Best Free Proxy/VPN Apps For Android.
- Mock Locations
Mock Locations is a free android app that allows you to spoof the device location in seconds. It can simulate GPS route, set breakpoints, set variable speed and simulate closed route. In short, it is one of the best GPS spoofer apps in the play store.
Here is the list of best free GPS spoofer android apps: 10 Best Free GPS Spoofer Apps For Android
- SDelete
You probably know that the deleted files can be recovered, so don't just delete files, destroy them. SDelete is such a tool that you can use to destroy files beyond recovery. It supports two different wiping algorithms: US DoD 5220.22-M, NIST 800–88.
It also allows you to create your own shredding patterns!
If you care about your privacy, you should not use normal browsers, you should use the Tor Browser to browse the web. Because it can give you more protection and security.
Servers Ultimate is a powerful app that can turn your android device into a multipurpose server. It allows you to run Caddy, CVS, DC Hub, DHCP, UPnP, DNS, DDNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, FTPES, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, Lighttpd, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, Node.js, NTP, NZB Client, Napster, Nginx, PHP, PXE, Port Forwarder, RTMP, Remote Control, Rsync, SIP, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Styx, Syslog, TFTP, Telnet, Time, Torrent Client, Torrent Tracker, Trigger, USB/IP, Unison, UPnP Port Mapper, VNC, VPN, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server on your android device.
pulWiFi is an android app that shows the default passwords for wireless networks of some routers. It supports the following networks.
Penetrate pro is an excellent app for decoding WEP/WPA WiFi keys. It supports the following routers.
Let's assume, you have free WiFi, and you want to take control of that wireless network. What do you do?
Obviously you need router login credentials. If you can't steal those from the admin, you should use the Router Brute Force app. Because it can crack the router passwords very efficiently.
It also allows you to create your own shredding patterns!
- ChameleMAC
ChameleMAC is an android app that you can use to change your MAC address. You know, this app can be used to get free WiFi (from your neighbor or public WiFi spot).
If this app is not working for you, read How To Change (spoof) MAC Address on Android. That article contains 3 different methods to change your MAC address.
- Tor Browser
Tor Browser has the ability to block trackers and it's multi-layered encryption ensures real anonymity for the users.
- Servers Ultimate
Servers Ultimate is a powerful app that can turn your android device into a multipurpose server. It allows you to run Caddy, CVS, DC Hub, DHCP, UPnP, DNS, DDNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, FTPES, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, Lighttpd, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, Node.js, NTP, NZB Client, Napster, Nginx, PHP, PXE, Port Forwarder, RTMP, Remote Control, Rsync, SIP, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Styx, Syslog, TFTP, Telnet, Time, Torrent Client, Torrent Tracker, Trigger, USB/IP, Unison, UPnP Port Mapper, VNC, VPN, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server on your android device.
- WIBR
WIBR is an android app that you can use to break into a password protected (weak) WiFi network. It is actually a brute forcer that allows you to perform a dictionary attack on the target.
- pulWiFi
pulWiFi is an android app that shows the default passwords for wireless networks of some routers. It supports the following networks.
- WLAN_XXXX
- JAZZTEL
- WLANXXXXXX
- YACOMXXXXXX
- WIFIXXXXXX
- Some D-Link routers
- Some Huawei routers
- Some InfoStrada routers
- Penetrate Pro
Penetrate pro is an excellent app for decoding WEP/WPA WiFi keys. It supports the following routers.
- Routers based on Thomson: Thomson, Infinitum, BBox, DMax, Orange, SpeedTouch, BigPond, O2Wireless, Otenet.
- DLink
- Eircom
- Pirelli Discus
- Verizon FiOS (only some routers)
- Fastweb (Pirelli & Telsey)
- Jazztel_XXXX and WLAN_XXXX
- Tecom
- Infostrada
- SkyV1
- Router Brute Force
Let's assume, you have free WiFi, and you want to take control of that wireless network. What do you do?
Obviously you need router login credentials. If you can't steal those from the admin, you should use the Router Brute Force app. Because it can crack the router passwords very efficiently.
- RouterPWN
RouterPWN is a router security audit tool for penetration testers. This is actually a web based tool that contains a compilation of ready to run local and remote exploits. You can use it offline for local exploitation without the internet connection.
AnDOSid is a powerful denial of service attack tool for pentesters and security researchers. Please don't use it to attack servers that you don't own, otherwise, you might end up in jail.
OFS Doser is also a denial of service attack tool, but this one works in a different way. It can only crash a PHP or Java server that has the "HashDoS" vulnerability.
GT Recovery is an android app that you can use to recover any deleted file you want on android. This app supports mainstream volume formats such as FAT, EXT3, and EXT4.
WiFinspect is a security audit tool that allows you to monitor the networks you own or have permission. It has the following functions:
- AnDOSid
AnDOSid is a powerful denial of service attack tool for pentesters and security researchers. Please don't use it to attack servers that you don't own, otherwise, you might end up in jail.
- OFS Doser
OFS Doser is also a denial of service attack tool, but this one works in a different way. It can only crash a PHP or Java server that has the "HashDoS" vulnerability.
- Hash Decrypt
Hash Decrypt is a powerful tool that allows you to crack/decrypt a hash. It uses the dictionary attack to crack hashes. This tool supports 10 different hash functions such as MD2, MD4, MD5, SHA1, SHA-256, SHA-384, SHA-512, Tiger, RIPEMD-128 and RIPEMD-160.
- Cryptonite
Cryptonite is an open source application for file encryption. It is fully compatible with all EncFS features. The app works on both rooted and non-rooted devices.
- CrypticSMS
CrypticSMS can encrypt / decrypt SMS messages. It supports AES cipher, Backwards cipher, Caesar cipher, DES cipher, Hill cipher, Monoalphabetic cipher, Morse Code cipher, Playfair cipher, Reverse Alphabet cipher, Triple DES cipher, and Vignere cipher.
- GT Recovery
GT Recovery is an android app that you can use to recover any deleted file you want on android. This app supports mainstream volume formats such as FAT, EXT3, and EXT4.
- WiFinspect
WiFinspect is a security audit tool that allows you to monitor the networks you own or have permission. It has the following functions:
- Network Information
- UPnP Device Scanner
- Host Discovery
- Network Sniffer
- Pcap Analyzer (three options)
- PCI DSS (Version 2) Menu
- Access Point Default Password Test
- Access Point Security Test
- Access Point Scanner
- Internal Network Vulnerability Scanner
- External Network Vulnerability Scanner
- Host Information
- Port Scan
- Host Vulnerability Scan
- Traceroute
- Ping
- Nessus
Nessus is a powerful vulnerability scanner that you can use to detect vulnerabilities in your network. It uses Nessus Attack Scripting Language to describe individual threats and potential attacks.
- Find People Search
Find People Search is an android app that allows you to find whoever you want. Unfortunately, the search is limited to the United States only.
If you want to search the whole world, check out the article "3 Best Free Android Apps For People Search (a.k.a Social Search)".
- AppLock
AppLock is one of the best android apps to protect your files, calls, apps, and settings from unauthorized access. It is one of the must have security tool for an android device.
If you want to see the best android apps for locking apps and files, check out this article: Best Free Lock Android Apps.
- NoRoot Firewall
NoRoot Firewall is good firewall app that has many useful features.Unlike most of the firewall apps, it doesn't require root access. It allows you to create filter rules based on IP address, host name or domain name. That is, you can allow or deny only specific connections of an app.
- Bleep
Bleep is a secure messaging app from BitTorrent Inc. It is a peer-to-peer chat client; meaning it doesn't have a server to store your conversations, all messages are stored locally on your device. And, the Bleep's end-to-end encryption makes sure that the messages are completely private.
If you want to know more about Bleep, read 4 Best Secure Messaging Apps Android.
- DroidSheep Guard
DroidSheep Guard is a tool to protect your android device from all ARP-Based attacks. It runs silently on the device and monitors the ARP-Table. When it detects a suspicious entry in your device's ARP-Table, it will pop up and warn you.
- DroidSniff
DroidSniff does the exact same thing as the "DroidSheep" app. Both apps can sniff and hijack http traffic! Consider DroidSniff as an alternative.
- Shark For Root
It is an android version of Wireshark, an open source packet analyzer. This app is purely based on tcpdump, so you can use tcpdump commands on this app.
- Faceniff
Faceniff is a simple android app that allows you to sniff and intercept web session profiles over the WiFi network. Unlike most of the sniffer apps, it only supports some specific services. They are,
- Youtube
- Amazon
- VKontakte
- Tumblr
- MySpace
- Tuenti
- MeinVZ/StudiVZ
- blogger
- Nasza-Klasa
- ARPSpoof
ARPSpoof is an open source tool for network auditing. It redirects the packets on the local network by broadcasting spoofed ARP messages. ARPSpoof displays the packets, but it doesn't save them.
If you want to anlayze the packets, you should install tcpdump.
- Network Spoofer
Network spoofer is an android app that allows you to intercept and modify the WiFi network traffic. It is a powerful tool that can be used to perform multiple spoofs such as blue ball machine, YouTube video change, change text, custom image change, custom redirect, Man-in-the-Middle and etc.
- Piik
Piik is an android app that can extract and display images from unencrypted network traffic. It works by performing a man in the middle attack against the target network. You already knew that, right? But you probably don't know how PiiK exactly works, so now I'm going to tell you that.
First, PiiK poisons the ARP cache on the router to redirect all the network traffic through your android device. Then it analyzes the network traffic in real time for img tags and then displays the images.
Got it?
- ConnectBot
ConnectBot is an open source Secure Shell (SSH) client that can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications.
- CSploit
CSploit is a new and improved version of dSploit. It can map your local network, fingerprint hosts' operating systems and open ports, forge TCP/UDP packets, perform all kinds of man in the middle attacks, and many other things. You can say it is one of the best penetration testing suites available for free.
- Malwarebytes Anti-Malware
It is one of the best anti-malware apps you can get. It's behavior based scanning can detect malwares that are not in the malware database. If you are not using Galaxy y or something, install an antivirus app on your device, it will protect your device from malwares.
- Bluebox Security Scanner
Bluebox Security Scanner is vulnerability scanner that you can use to determine If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws. It also displays the applications that are trying to maliciously take advantage of any of the 'Master Key' security flaws.
- QARK (Quick Android Review Kit)
QARK is a vulnerability scanner that is capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, and exploiting many of the vulnerabilities it finds. It is completely free and very easy to use.
- Photo Exif Editor
Photo Exif Editor is a forensic-cum-privacy tool. This tool can extract, edit, or remove the Exif data of image files.
- LiME (Linux Memory Extractor)
LiME is a is a Loadable Kernel Module that can capture memory of Linux-based devices, such as Android. It supports acquiring memory either to the file system of the device or over the network. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
- MobSF (Mobile Security Framework)
That's all guys, I hope you liked this list. If you did, please share this article with your friends and followers.
Source: www.effecthacking.com
70 Android Hacking & Security Tools For Hackers
Reviewed by Anonymous
on
5:57 AM
Rating:
Reviewed by Anonymous
on
5:57 AM
Rating:
