Many times pentesters/ security researchers needs to scan URLs or they need to do penetration testing immediately. For that pentesters cannot use laptops or tablets all the times. As they may take time to open. So for information gathering phases or for checking code. They can use any android device containing all necessary tools. According to ethical hacking researcher of International Institute of Cyber Security (iiCyberSecurity, IICS) there are many applications available on play store. Which are used to for pentesting & forensics. But we will show an bundled android app store which is used in mobile hacking & forensics.
Kali NetHunter is an another open source OS which is mostly used in mobile devices or small devices like Raspberry or Arduino. We will show Kali NetHunter application play store mainly used for hackers in penetration testing & forensics. Here you can download different applications for reconnaissance, information gathering, Scanning, Development, Exploitation, Forensics, NetHunter, Privacy & other tools.
- For testing we will use Xiaomi Redmi Note 4. Download & install Kali NetHunter App Play store from : https://store.nethunter.com/
- Above screenshot shows UI of the Kali Nethunter. From here you can install applications according to your requirement.
- Kali Nethunter playstore also provides tools on different categories.
- Now we will try some applications.
- Shodan App – Shodan is the very popular search engine used to find open webcams, router logins, open game servers, open databases. And many other information can be found on shodan. You can checkout another article on Shodansploit.
- Open Kali nethunter playstore, download shodan application. We have searched mobotix. An popular webcam company. We found list of IP addresses. After opening 18.104.22.168.
- When opened the above IP address in web browser with default login of mobotix. Username – admin Password – meinsm
- According to ethical hacking researcher of International Institute of Cyber Security (iiCyberSecurity), you can find many webcam’s on shodan with default login and passwords
- We found it open.
- Above screenshot shows that shodan application on mobile can be used in collecting information of any IP address.
- SysLog – Syslog is an open source tool used to quickly share system logs. For grabbing all logs you need root access. But you can grab main logs of system by granting access.
- Above screenshot shows that what sort of logs, syslog will collect. Logs information can be used in other phases of pentesting.
- Orbot – Orbot is an popular application mainly used to hide users real time IP address. Orbot routes all the application traffic through TOR.
- Orbot route network traffic by connecting with different nodes.
- Above screenshot shows list of nodes. The above list of nodes changes continously.