Framework - Android Device Testing (dtf)

About

The Android Device Testing Framework ("dtf") is a data collection and analysis framework to help individuals answer the question: "Where are the vulnerabilities on this mobile device?" Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. By default, dtf does not include any modules, but a collection of testing modules is made available on the Cobra Den website (www.thecobraden.com/projects/dtf/). These modules allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you'll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.


Prerequisites

To use dtf, you will need at least the following:

º JRE 1.7
º Python 2.6 or higher
º A true Bash shell (no Dash!!!), with general purpose Linux utilities (sed, awk, etc.)
º sqlite3
º The Android SDK


Using DTF

For details on getting started with dtf, check out the documentation over at the www.thecobraden.com/projects/dtf/.

Licenses

Dtf is licensed under the Apache License, Version 2.0, but contains additional code from other projects. Check the NOTICE file for additional projects and licensing.

Download Android Device Testing Framework

Read More

Android Pentest Tools - Shark for Root

Shark for Root

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you have any problems/suggestions.

Download Shark for Root

Read More

AppUse – Android Pentest Platform Unified Standalone Environment

AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools.

Features

 º New Application Data Section
 º Tree-view of the application’s folder/file structure
 º Ability to pull files
 º Ability to view files
 º Ability to edit files
 º Ability to extract databases
 º Dynamic proxy managed via the Dashboard
 º New application-reversing features
 º Updated ReFrameworker tool
 º Dynamic indicator for Android device status
 º Bugs and functionality fixes

Download AppUse

Read More

Android Pentest Tools - dSploit

dSploit


dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.


Features


º WiFi Cracking
º RouterPWN
º Trace
º Port Scanner
º Inspector
º Vulnerability finder
º Login cracker
º Packet forger
º Man in the middle
º Simple sniff
º Password sniff
º Session Hijacker
º Kill connections
º Redirect
º Replace images
º Replace videos
º Script injector
º Custom filter

Download dSploit

Read More

Android Pentest Tools - Droid Sheep

DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.


DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)

DroidSheep is not intended to steal identities or endamage anybody, but to show the weak security of non-ssl webservices

Download Droid Sheep

Read More

Android Pentest Tools - zANTI

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

These various pentest options include:

º Network Map
º Port Discovery
º Packet Manipulation
º Sniffer
º MITM (Man in the Middle filters)
º DoS (Pentest DoS vulnerabilities)
º Password Complexity Audit
º Penetrate CSE to check server/desktop vulnerabilty

Download zANTI

Read More

Android Pentest Tools - DroidBox

Intro

DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:

º Hashes for the analyzed package
º Incoming/outgoing network data
º File read and write operations
º Started services and loaded classes through DexClassLoader
º Information leaks via the network, file and SMS
º Circumvented permissions
º Cryptographic operations performed using Android API
º Listing broadcast receivers
º Sent SMS and phone calls


Additionally, two graphs are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.

Setup

This is a guide to get DroidBox running. The release has only been tested on Linux and Mac OS. If you do not have the Android SDK, download it from http://developer.android.com/sdk/index.html. The following libraries are required: pylab and matplotlib to provide visualization of the analysis result.


º Export the path for the SDK tools


export PATH=$PATH:/path/to/android-sdk/tools/

export PATH=$PATH:/path/to/android-sdk/platform-tools/


º Download necessary files and uncompress it anywhere

wget https://github.com/pjlantz/droidbox/releases/download/v4.1.1/DroidBox411RC.tar.gz

º Setup a new AVD targeting Android 4.1.2 and choose Nexus 4 as device as well as ARM as CPU type by running:

Android

º Start the emulator with the new AVD:

./startemu.sh <AVD name>

º When emulator has booted up, start analyzing samples (please use the absolute path to the apk):

./droidbox.sh <file.apk> <duration in secs (optional)>

Download DroidBox

Read More

Android Pentest Tools - APKInspector

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:


º CFG
º Call Graph
º Static Instrumentation
º Permission Analysis
º Dalvik codes
º Smali codes
º Java codes
º APK Information

Download APKInspector

Read More

Android Pentest Tools - Androrat

Androrat:

Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool).

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

All the available functionalities are

º Get contacts (and all theirs informations)
º Get call logs
º Get all messages
º Location by GPS/Network
º Monitoring received messages in live
º Monitoring phone state in live (call received, call sent, call missed..)
º Take a picture from the camera
º Stream sound from microphone (or other sources..)
º Streaming video (for activity based client only)
º Do a toast
º Send a text message
º Give call
º Open an URL in the default browser
º Do vibrate the phone

Download Androrat

Read More