Android pen-testing apps.

Hello HBH.   I have a brand new Samsung phone that I want to install lots of awesome hacking apps onto, but the trouble is most of the ones I've already tried are either rubbish, or have endless adverts every time you click anything, and I'm too afraid to install anything that hasn't come from the official Play Store as I don't want to infect my phone with some virus or a malware.

So what apps do you guys use and consider to be so essential, that you couldn't do without them, and would instantly reinstall them if you got a new phone or your old one was broken.

Any suggestions are welcomed.   Thanks.

T0pspin wrote: Hello HBH.   I have a brand new Samsung phone that I want to install lots of awesome hacking apps onto, but the trouble is most of the ones I've already tried are either rubbish, or have endless adverts every time you click anything, and I'm too afraid to install anything that hasn't come from the official Play Store as I don't want to infect my phone with some virus or a malware.

So what apps do you guys use and consider to be so essential, that you couldn't do without them, and would instantly reinstall them if you got a new phone or your old one was broken.

Any suggestions are welcomed.   Thanks. Sort of tangential - sorry in advance - but why are you trying to install "hacking tools" on your phone in the first place? The idea of a mobile "Kali in your pocket" might seem cool, you've got to remember that having a keyboard and screen larger than 6 inches or whatever is actually pretty necessary for getting anything done.

That being said, I do enjoy having an SSH client on my device so if I ever have to restart some service on the fly I totally can.

If anyone has a different opinion, I'd love to hear it too!

For me the phone screen size is just fine, as all the apps I have now you just press buttons like on any other app, so they're all easy to work with.

Kayra the Pentester Lite HTTP Shortcuts GetHTTPHeaders Nipper Toolkit

Is what I have installed right now.

The apps I mainly use are these:

ExpressVPN:  No logs VPN provider.

G-Mon:  a wardriving scanner that finds all WiFi networks in range and saves the results into a .klm file with GPS coordinates, that can be loaded into Google Earth.

Fing: a network scanner to find connected devices and open ports on those Wi-Fi networks.

Routerpwn:  a whole fuckload of exploits, advisories, and key generators for use with those SSID's and MAC addresses.

AndFTP,  AndSMB and JuiceSSH as they connect automatically if you tap the port number after scanning with Fing.

Hash Suite Droid:  has a great set of rules for manipulating wordlists etc, version 1.2 cracks md5's at the rate of 35.6 Million a second on a Galaxy s6, compared to the newest versions lowly 16.5M.

Shodan: search engine for finding internet-connected devices.

Termux:  a terminal emulator and Linux environment that lets you install things like PHP, Perl, Ruby, Python along with all the modules and packages you'd normally only have access to from a desktop computer.

QPython: for editing/working with python as its like IDLE on the desktop.

Greenify: to kill running processes.

Service Disabler: to stop them for good.

Those will all work an unrooted Android, but if you root your phone it will allow you to do so much more.

Oh wow, I had really only thought about website based hacking before now, but I'm definately going to try out a few of those apps as they've already peaked my interest. Thanx dude. :D

Futility wrote:  You've got to remember that having a keyboard and screen larger than 6 inches or whatever is actually pretty necessary for getting anything done. The screen size doesn't matter as you get used to it pretty quickly.

But seriously man, if you're able to install and run a whole shitload of awesome tools right from your phone, why the fuck wouldn't you ?

I've never installed a mobile version of Kali but I do use some of its various tools like metaspliot, nmap nikto, ssl-strip, packet sniffers etc, and they all work and display perfectly on an s6 screen. As does QPython, so completing HBH's timed challenges, and cracking captchas with OCR and the like,  is just as easy on a mobile phone as it is on a normal computer.

I suppose if you couldn't adapt to the smaller keyboard you could always connect a bluetooth one, and bask in the public shame that accompanies it lol.

Huitzilopochtli wrote: The screen size doesn't matter as you get used to it pretty quickly.

But seriously man, if you're able to install and run a whole shitload of awesome tools right from your phone, why the fuck wouldn't you ?

I've never installed a mobile version of Kali but I do use some of its various tools like metaspliot, nmap nikto, ssl-strip, packet sniffers etc, and they all work and display perfectly on an s6 screen. As does QPython, so completing HBH's timed challenges, and cracking captchas with OCR and the like,  is just as easy on a mobile phone as it is on a normal computer. Ah yes, that's totally fair- I was thinking of projects that would be considerably more difficult. Binary reversing/exploitation/building the types of tools that exist in Metasploit modules or crafting particularly elaborate bypasses for pen-testing scenarios are cases where I don't think I can agree with the "as easy on a phone as it is on a normal computer". But for fun little recon-type examples I could see any of those tools you mentioned in your other post to be nice to have.

I suppose if you couldn't adapt to the smaller keyboard you could always connect a bluetooth one, and bask in the public shame that accompanies it lol. Gross.

These are both extremely handy for working with binaries:

http://docs.pwntools.com/en/stable/ https://github.com/david942j/one_gadget/

I use python on my computer at home and that pwntools module is amazing. I've been using it with apps from a Korean site and it's really helpful.  The debug function that lets you see the data contained in HTTP requests and responses when running a script is really brilliant. I like this a lot. Thanks dude.