Many times pentesters/ security researchers needs to scan URLs or they need to do penetration testing immediately. For that pentesters cannot use laptops or tablets all the times. As they may take time to open. So for information gathering phases or for checking code. They can use any android device containing all necessary tools. According to ethical hacking researcher of International Institute of Cyber Security (iiCyberSecurity, IICS) there are many applications available on play store. Which are used to for pentesting & forensics. But we will show an bundled android app store which is used in mobile hacking & forensics.

 

Kali NetHunter is an another open source OS which is mostly used in mobile devices or small devices like Raspberry or Arduino. We will show Kali NetHunter application play store mainly used for hackers in penetration testing & forensics. Here you can download different applications for reconnaissance, information gathering, Scanning, Development, Exploitation, Forensics, NetHunter, Privacy & other tools.

  • For testing, we will use Xiaomi Redmi Note 4. Download & install the Kali NetHunter App from the Play Store: https://store.nethunter.com/

  • The above screenshot shows the UI of the Kali Nethunter. From here you can install applications according to your requirements.
  • Kali Nethunter Playstore also provides tools for different categories.

  • Now we will try some applications.
  • Shodan
  • SysLog
  • Orbot

  • Shodan App – Shodan is a very popular search engine used to find open webcams, router logins, open game servers, and open databases. And many other information can be found on Shodan. You can check out another article on Shodansploit.
  • Open Kali Nethunter playstore, download Shodan application. We have searched mobotix. A popular webcam company. We found a list of IP addresses. After opening 2.34.89.80.

  • Then opened the above IP address in a web browser with the default login of mobotix. Username – admin Password – meinsm
  • According to ethical hacking researcher of International Institute of Cyber Security, you can find many webcams on Shodan with default login and passwords
  • We found it open.

  • The above screenshot shows that the Shodan application on mobile can be used to collect information on any IP address.
  • SysLog – Syslog is an open-source tool used to quickly share system logs. For grabbing all logs you need root access. But you can grab the main logs of the system by granting access.

  • The above screenshot shows what sort of logs, the syslog will collect. Logs information can be used in other phases of pentesting.
  • Orbot – Orbot is a popular application mainly used to hide the users' real-time IP address. Orbot routes all the application traffic through TOR.

  • Orbot routes network traffic by connecting with different nodes.

  • The above screenshot shows a list of nodes. The above list of nodes changes continuously.
Was this answer helpful? 0 Users Found This Useful (1 Votes)

Most Popular Articles

4 browsers for safe anonymous surfing

  Internet comes with full of productivity & entertainment solutions. Being anonymous is...
All-new Windows Exploit suggester is here, WES-NG

Windows is the most popular operating system. Because of its easy usability, easy to...
Android mobile hacks with android debug bridge(ADB) - Part l

ANDROID ARCHITECTURE – Hardware Components :- Hardware components interact with the drivers...
Android mobile hacks with android debug bridge(ADB) - Part ll

Earlier in part I we have shown adb hacks which are used in testing or foot printing phases. That...
Automate your initial phase of Pentesting

Different automation & manual tools/ techniques are used in pentesting. Considering on the...