Just like our computer programs, there are so many Android applications used for many different tasks, and here we will discuss the best Android applications meant to do Penetration Testing or Ethical Hacking. The best Android apps below were chosen by comparing users’ experience, and my personal experience with the apps (I use most of these tools for daily use). Some of the tools require root access to your Android phone, and absolutely, the best applications below are all in active development.
8. Orbot: Proxy with Tor
Anonymity is the first thing you need to concern before doing Penetration Testing. Among many other apps that provide privacy connection like VPN, Orbot is the best at hiding your identity. Orbot is free and open source project (which you can take a look at the source code in Github or join their community) to provide anonymity on the internet for Android users. Orbot uses Tor to encrypt internet traffic by bouncing through available servers around the world. Orbot can help you to defend against personal and privacy threatens, hidden from monitoring internet traffic third parties app.
TOR – bouncing connections
TOR – live log
7. Wifi Master Key – by wifi.com
Wifi Master Key is the biggest peer-to-peer Wi-Fi key sharing for free Wi-Fi access developed by LinkSure Network (wifi.com). This is my favorite apps when i need Wi-Fi connection around. This app will shorten my tasks to break the locked (password-ed) Wi-Fi. The concept is sharing the Wi-Fi key (password) to provide free internet access. Whether the user knows the password or not, they will be able to connect to any nearby Wi-Fi hotspots that are listed with the “connect button” without input any login details. Another interesting feature of Wifi Master Key is the Wifi Map to help users find free and open hotspots Wi-Fi available in the location.
Wifi Key Master – Display available Free connect hotspots
Wifi Master Key – MAP display available Free and Open Hotspots
6. Fing – Network Tools
Fing is a network discovery tool to do information gathering about devices connected in the wireless network connection. Fing also offers several networking utilities including Ping, Traceroute, DNS Lookup, and Service scanning.
5. Netcut (free, requires root)
Netcut is a popular desktop network discovery tool which also available on Android. Netcut helps discover device connected on wireless network and display the information including IP address, MAC address, and device name. The difference between Fing and Netcut is, Netcut has the feature to change the MAC address of your device, and the main feature is to cut connections of other clients connected in your wireless network using ARP spoofing attack. Netcut also can protect users from ARP spoofing attack, using built-in feature Netcut Defender.
4. Packet Capture
Packet Capture is a network traffic sniffer with SSL decryption. Packet Capture has the same main function as the Wireshark program on the desktop. It is a very powerful Android app to debugging or to monitor the network communication in and outgoing internet connection. Packet Capture uses local VPN to capture and record the traffic. The good news is it doesn’t need any root permission. Not only capturing all packets, But Packet Capture is also able to decrypt SSL communication using the MITM method.
Packet Capture – Sniffing “Mobile Legends” game connections
3. Network Spoofer (requires root)
Network Spoofer is an Android app project to perform an ARP Spoofing attack to mess the network and clients. Network Spoofer lets you prank clients connected on your wireless network, the attack feature Network Spoofer provides are Flip picture and text upside down, website page redirect, delete and replace words from website and change all pictures on the website to trollface meme image.
Termux is a terminal emulator for Android with a bash Linux environment. If you are familiar with the Terminal Linux environment then you will not find any difficulties in using Termux. Termux using the APT package manager to automate installing any packages. The reason why i exclude “Nmap for Android” on the list is, you can actually install a popular Penetration Testing program directly in your Android using Termux “pkg install” command, such NMAP, Metasploit, Traceroute, and much more.
Termux – running NMAP on Termux Android
Termux – Running Metasploit Framework on Termux Android
1. zANTI (requires root)
zANTI is a very powerful full-fledged penetration testing toolkit. zANTI has so many features, it is a collection of tools, including network discovery using NMAP, MITM Attack, MAC Address spoofing, password auditing, vulnerability scanning and much more. The MITM attack itself has so many features that most have the main feature like “Network Spoofer” does, with HTTP sessions hijacking, HTTP requests and responses modifying, capture download files, router exploit and able to check the device for shellshock and SSL poodle vulnerability.