Pentesting via android application



1).  zAnti is a network diagnostic toolkit. zANTI provide features, including everything from Man-In-The-Middle,password authentication,backdoor,brute-force,port monitoring and packet sniffer. It also help to route traffic from HTTPS TO HTTP.


2).  Fing Tool help to find out which devices are connected to your Wi-Fi network. Fing is a professional App for network analysis. Displays MAC Address and device manufacturer. It help to find out the open port, Ping and traceroute and  automatic DNS lookup and reverse lookup.


3).  tPacketcapture help to capture the packet without the root permission. Captured data are saved as a PCAP file format in the external storage.


4).  Shark for root is a traffic sniffer.It require root permission to capture the packet.


5).  Shark Reader use for reading the captured packet which are saved as PCAP extension.


6).  Loic stands for low Orbit Ion Cannon. It is used for flooding packets.It is useful for performing dos attack.


7).  ZIMPERIUM Mobile IPS used to defend your Android devices from advanced mobile threats.It protect from Man-in-the-Middle attacks, SpearPhishing attacks, Reconnaissance Scans.


8).  Sqlmapchik tool is useful for testing vulnerability in website.User can inject sqlinjection,if vulnerability found in website.


9).  Dsploit provide features from Man-In-The-Middle,password authentication,backdoor,brute-force,port monitoring and packet sniffer. It also help to redirect website from one to another.


10).  Droidsheep tool is used to hijack the http seassion of user.It is used to steal the session and cookie of user.




Pentesting via windows



1.  Drozer provides an easy and powerful way to interact with application IPC endpoints. Assessing the integrity of an application from attacks launched from malicious apps is a major part of any Android application vulnerability assessment. Ethical hacking service providers must ensure that other apps on the device cannot steal application data or invoke the application in insecure ways. Mercury allows for a tester to use an agent to simulate any attacks they wish, and operate as an unprivileged but malicious app.


2.  Eclipse help reverse engineering and subverting client side controls . Client side controls on the Android platform can generally be defeated most easily by modifying and repackaging smali code. It provides an easy to use interface to import the applications APK, disassemble the application, view the contents of the package, and rebuild the application after modifying code. It also allows for Java to be generated for smali documents, allowing an easier way to read many code pages. Packages can also be seamlessly pushed to your testing device or emulator through ADB. It is free for personal use.


3.  Burp Suite is a Java application that can be used to secure or penetrate web applications. The suite consists of different tools, such as a proxy server, a web spider, intruder and repeater. Burp has simple but powerful features to intercept, modify, and replay traffic sent by the client.