Android Hacking Apps
Wikipedia defines Ethical Hacking, also known as penetration testing, intrusion testing, or red teaming, as the controversial act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Now you don’t really need all the programming skills of an A-level hacker to get into a bit of ethical hacking yourself. All you need is a basic understanding of what you’re doing and an Android smartphone. Sounds too easy? Here are the top hacking apps that are available for download right now.
Best Android Hacking Apps
Let’s get on with the first on the list of best android hacking apps. For the uninitiated ARP stands for Address Resolution Protocol which in layman’s terms can be defined as a protocol that is used to map an IP address to a physical machine address in that is recognized by a local network. The working of the app is described by the website in the following manner:
“What we do is the following: We constantly send the victim computer ARP answers telling him that the MAC address belonging to the IP of the gateway machine (router) is our MAC address. After some time the victim computer will believe us and makes a wrong entry in his ARP cache. Next time the victim wants to send an IP packet to the gateway he sends the Ethernet frame to our MAC address so actually we get the IP packet. We do the same thing with the gateway machine just the other way round.
RFC 1027 describes the ARP protocol.”
All in all, ARPSpoof is a pretty handy tool if you want to get down to spoofing your ARP. Why you’ll need to do that? That’s your decision, isn’t it? Maybe you’re just feeling a bit freaky.
Droid Pentest helps you to find all Android apps for penetration testing and hacking so you can make complete penetration test platform. What is penetration testing you ask? Let’s head back to our friend Google for the answer.
“Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.”
Droid Pentest is essentially the go-to app for people looking to run a pen test and was also recently voted the Best Android Hacking Apps of 2016.
DroidSheep is an Android tool developed by Andreas Koch for security analysis in wireless networks. It is basically a session hijacking tool that allows hackers to capture session cookies over the wireless network. That means you can sniff and capture the web session profiles of a person who is on the same network. Now for what purpose you decide to use this is completely up to you.
And for those interested in finding out how the app works here’s a quote by the author that might lead you a few steps in the right direction:
“When you press the start button, DroidSheep will act as a router to monitor and intercept all the network traffic (if you enabled ARP spoofing) and then display active session profiles.”
Sounds simple? Well, that’s because it is. It pretty scary when you think about it really. Now you can never trust your neighbors with your wifi password, can you? Not if you’ve got me as your neighbor anyway 😉
DroidSheep Guard is well the counterpart to DroidSheep say the Batman to your Joker, the Harry Potter to your Lord Voldemort, the Big Bad Wolf to your… Well, you get the idea, don’t you?
It’s pretty simple actually. If you feel someone is snooping on your social network by using DroidSheep, you use DroidSheep guard and it lets you know if it detects any droid sheep users nearby. What to do once you detect a user? Well, change your wifi password for starters. Then perhaps you might have to move onto securing your social networks better, depending on the severity of the situation.
You can call DroidSniff the smaller, better-looking brother of DroidSheep. No really! This app works in the same manner DroidSheep does and gives you the same results, all this while having a much better UI.
Personal Note: Have used both DroidSheep and DroidSniff can’t really tell the difference. Both work effectively and the minor UI difference doesn’t really make a huge difference. But the android hacking apps out there and it works, thereby it makes the list.
dSploit is a penetration testing suite developed by Simone Margaritelli for the Android operating system. It consists of several modules that are capable to perform network security assessments on wireless networks. It allows you to perform tasks such as network mapping, vulnerability scanning, password cracking, Man-In-The-Middle attacks and many more.
The app does all this with one simple requirement: A rooted Android Device. Pretty much similar to every other app on this list.
Evil Operator is more of a prank app than a “Hacking” app. But who gives a sh*t about terminology right? It’s going to feature because it is one kick-ass app.
The idea here is simple:
You can make two random numbers call each other and sit there and record every minute of the conversation as the confusion ensues and your victims try to figure out who called who.
The app, unfortunately (fortunately if you’re the dev) is a paid app. So you can’t just prank people for free. You’re going to have to pay for it.
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work on any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It’s kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).
Supported Services include:
Fing seems to be the strongest one of all the android hacking apps. The idea here is simple Fing lets you discover which devices are connected to any Wi-Fi network, map devices, detect intruders, assess network security risks, troubleshoot network problems and achieve best network performance, with the world’s most popular network toolkit.
With more than a dozen free network tools including; Wi-Fi scanner, port scanner, DNS lookup, ping and service monitoring – Fing is a must-have network utility.
Fing network utilities include:
Wi-Fi/LAN scanner: discover all devices connected to any network
+ Full device details including IP address, MAC address, Device Name, Vendor, Device Manufacturer and more
+ Advanced analysis of NetBIOS, UPnP and Bonjour names, properties and device types
+ Inventory of devices and networks
+ Internet connectivity checker
+ ISP analysis and location
+ Subnet scanner
+ Port scanner: TCP port scanning that automatically finds open ports and available services
+ Ping and traceroute: for network quality measurement
+ WOL: remotely wake up devices
+ DNS Lookup and reverse DNS lookup
+ Connect to ports (Browser, SSH, FTP)
+ Network intruder detection
+ Network monitoring: device online and offline tracking
+ Supports device identification by IP address for bridged network
DroidSQLi is an android app that allows you to launch SQL injection attacks on a target URL. So yeah, basically one of the android hacking apps. It’s fully automated, so you don’t need much technical knowledge to operate this application. Just find a vulnerable URL and then put it in the “Target URL”, then tap on “Inject”. Simple. Easy. Convenient.
DroidSQLi includes the following injection techniques:
- Time-based injection
- Blind injection
- Error based injection
- Normal injection
Shark For Root is an android version of Wireshark for security experts and hackers. It is basically a traffic sniffer which works on WiFi, 3G and FroYo tethered mode. The app is based on tcpdump, so you can use tcpdump commands on this android version.
Sound like a load of gibberish? Well, it kinda is.
Basically put, the app works as a monitor for other devices on the same network. So maybe you’re a nosy employer who wants to keep an eye on their worker or perhaps you’re just a concerned parent. Whatever be the case. Shark for root to the rescue.
“Application for reading pcap files.
Possible instability/errors. Has problems with large files.
The project is discontinued and will not be updated.”
That’s how the app is described under the “Know More” section of the Google PlayStore. Seems vague? Well, it is. Again let’s hit up our friend Google for answers.
“In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.”
So what SharkReader essentially does is let you read the pcap files and browse their content. So it does really just work in the same way Shark does and lets you monitor packets sent and received on your home network.
SMS Combo allows you to send a simple SMS by touching a single button. You can send multiple SMS by touching the button many times in a row. Want to send a message to multiple contacts to invite them to a party? Select them with select button or type contacts by separating them with whitespace, write the message and send. This could be helpful when you need to send out multiple messages to get people to show their support for your favorite campaigner or as said above to send out party invites at one go.
sslstrip is a tool that transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
Author: Moxie Marlinspike
USBCleaver is designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt.
To use the application, said hacker must install an application called USB Cleaver on his Android device. Once executed, the app downloads a ZIP file from a remote server and then unzips the downloaded file to the following location: /mnt/sdcard/usbcleaver/system folder.
The tool is designed to steal information like Browser passwords (Firefox, Chrome, and IE), PC’s Wi-Fi password, The PC’s network information etc.
When the device is then plugged into a PC, /mnt/sdcard is mounted and, if autorun is enabled, go.bat and the payload are executed. The app allows the user to select what type of information should be harvested. The utilities save their results in /mnt/sdcard/usbcleaver/logs which the app user can view later by clicking “Log files” in the app.
Do note that this attack only works on PC’s running Windows 2000 or higher. (i.e. Every PC on this planet! Who even runs Windows 2000 anyway?)
WIBR+ is a wifi hacking app of sorts. See how I say of sorts? Yeah well, it doesn’t really do much except try and use Brute Force to try and “Hack” the password of your wifi network.
Don’t know what brute force is? I think you should question your decision to hack in the first place. J
This one’s downright simple. It basically turns your Android phone into a Wi-Fi analyzer. Showing you the Wi-Fi channels around you. What that does is basically help you to find a less crowded channel for your wireless router to broadcast on.
With this app, you can disable the internet connection of a device on the same network. So say your pesky neighbor or your brother or anyone for that matter is hogging all the data, all you have to do is simply disconnect them using this cool app. No more hogging the bitrate for yourself then eh?
Last one on our list of the top android hacking apps. zANTI™ is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
Conclusion on Best Android Hacking Apps
There are the best android hacking apps across the Google Play Store. Some of them are even available in iOS. If we have missed out your favorite one, drop it in the comments down below. You can let us know if you need more on hacking too!