Android has an app for everything. If you are a network administrator, professional pen tester, or someone who is aspiring to be a white hat hacker, you can use your Android device to perform basic to comprehensive scanning and testing to gather information and find vulnerabilities. Here are some of the best Android hacking apps you can try.
A targeted website sniffer that lets you monitor web activity on popular sites like Facebook, Twitter, YouTube and Amazon, FaceNiff makes novice hacking a cinch. It lets you sniff out and intercept web session profiles on the WiFi network that you’re connected to.
It works on most Wi-Fi networks (including WPA2-PSK, which most networks today use), and you could technically even hijack web sessions if a Wi-Fi network isn’t using EAP (which at this point is very rare).
The app is a bit dated, and not as robust as DroidSheep which fulfils a similar function, but its simplicity makes it a neat way to experiment with WiFi sniffing and monitoring web session activity.
Not to be confused with the alternative Android app marketplace of the same name, DroidBox is one of the most in-depth app analytics tools around, burrowing deep into things like read/write operations, hashes, detailed network data, and security details like circumvented permissions and information leaks.
The default app screen displays a graph that visualizes your chosen app’s behavior, letting you keep an eye out for any spikes or other anomalies. If an app is showing compromised security or hacky activity, the DroidBox is the one to detect it. It can
Given the more in-depth nature of its operations than other apps, the process to getting it running is a little more complicated than other apps. For full instructions, head over to the DroidBox Github page.
Unlike the similar app FaceNiff, which is limited to a set list of websites on which it can hijack web session activity, DroidSheep is capable of sniffing out web activity profiles on pretty much any website. It works by monitoring activity on a Wi-Fi network you’re connected to, and displaying information about web session activity.
Essentially, you get to eavesdrop on web activity on your network, making it a great tool for finding security vulnerabilities. Websites that use the HTTPS protocols tend to be more secure, and while DroidSheep can still detect activity on these sites, it can’t read the actual content thanks to the encryption built into HTTPS.
It’s very easy to use, and works with pretty much the press of a single button, making it a great tool for fledgling IT security white hats looking to learn the ropes.
4. Kali NetHunter
Originally designed to work only with Google Nexus devices, the popular hacking and penetration-testing Kali Nethunter can actually be used on more recent devices with a bit of tweaking.
Kali Nethunter essentially installs an OS overlay on your Android device, turning your device into a pentesting tool at relatively low memory usage. Using Nethunter, you can crack WEP keys and WPA keys, and detect open ports on other devices as well.
It also allows Wi-Fi frame injection, keyboard-hijacking and man-in-the-middle attacks, making it great for testing a wide variety of hacking methods.
5. zANTI Mobile Penetration Testing Tool
zANTI is one of the most popular and full-featured pen testing tools to not only identify but simulate real-world exploits and mobile attack techniques. With a single tap, zANTI can gather a boatload of information about any connected network or device. The gathered information can be used to find if the device or network is susceptible to any known vulnerabilities and perform MITM (Man in the Middle) attacks.
If needed, you can configure zANTI to send email reports of all the devices and data it collects at regular intervals. Though you can install zANTI on non-rooted devices, you need to have a rooted device to make use of all the power and features provided by the zANTI Android app.
cSploit is a free and open-source security professional toolkit that comes with built-in Metasploit framework and an easy-to-use user interface. Out of the box cSploit can map the local network, forge TCP or UDP packets, detect open ports, fingerprints of hosts operating systems, perform MITM (Man in the Middle) attacks, etc. Since the app comes bundled with the Metasploit framework, you can find security vulnerabilities of the network or connected devices, create shell consoles, and adjust exploit settings for better control.
To work with cSploit, your device needs to be rooted and have SuperSU and BusyBox installed.
Though not as powerful as zANTI or cSploit, Hackode is a pretty good app that lets you gather information about other devices. Using Hackode, you can scan and find device or network vulnerabilities. Along with that, the app also has built-in networking tools like Ping, DNS Lookup, traceroute, DNS diagnosis, exploit monitoring, and security feed. Since the app doesn’t need a rooted Android device, if you don’t mind the app’s cheesy user interface, do give Hackode a try. It gets the job done if you only have basic needs.
8. Network Mapper
Network Mapper is a powerful tool that makes use of the widely-used Nmap scanner in the background to map and scan the connected networks. Once you install the Network Mapper app from Play Store, it will automatically download and install the required Nmap binaries from the Internet and provide you with an easy-to-use GUI to perform scans. Using Network Mapper, you can do a comprehensive scan on the network to identify live hosts and gather a range of information like open ports, network attributes, OS information, etc.
Network Mapper works on both rooted and non-rooted devices. However, on non-rooted devices the functionality is limited due to Android restrictions.
As you can tell from the name itself, tPacketCapture is a simple app to capture packets and data transferred over your network. Since tPacketCapture works by creating its own local VPN, it works equally on both rooted and non-rooted devices. The good thing about the tPacketCapture app is that it stores all the captured data in a PCAP file so that you can use powerful desktop tools like Wireshark for detailed analysis.
Comment below sharing your thoughts and experiences of using the above hacking apps for Android.
This post is updated on May 2020.