After getting my new phone, an android one (The Samsung Spica i5700), I’ve started looking around on how could I use it as to pentest , the first step was to know the possibilities of the beast, so I started gathering some information about the specifications & the possibilities of The spica.
The spica comes with a 800 Mhz processor with a BCM4329 wifi chipset, which not allow the injection mode for the moment, comparing to the Apple iphone or The N900.
I forgot about the The injection mode to focus on metasploit!,
Metasploit needs to be fully ported to jRuby before it will run on the Android platform.actually We can use it and it can run on android devices offring some Basic operations (Reverse connect shells, meterpreter, etc still don't work.) but it crashes a lot! HD Moore and his stuff are making serious progress above and maybe we will have a fully ported MSF with the release of the 3.5 metasploit Framework.
Browsing the android market, i found some interesting apps like the Netscan and the Network Discovery wich allows to discover host connected trought the network and get some basic informations like ips,mac addresses, masks… Wifiscanner can help too, to get information about Wifi network and their encryption, and Port scandroid can scan ports but it’s nothing comparing to the Nmap which is avaible and compatible with android (Fully Ported!)
Other tools like ConnectBot(SSh Client) or RemoteVnc are avaible for free on the market.
Python, Perl, JRuby, Lua, BeanShell, JavaScript, Rhino are Fully/partially ported to android and runs quite well (thanks to the devs grous !)
Pentesting with Android still in his first stages comparing to the iphone and N900, that offers a complete set of fully working pentesting tools that run smoothly; but the high speed growing of the google mobile Os and the next release of android for x86 architecture will offer some interesting stuffs in the near future, and maybe , we gonna witness the birth of a fully compatible pentesting framework on Android.
But for those who don’t want to wait, they can use their android devices without android OS to pentest, by emulating a linux operating system!
How could you do this?!? Stay tuned on moroccangeek and you’ll get the full article Soon!