Use your Mobile phone to start Basic Pentesting

Android, the most popular operating system in mobile. Android gives tons of options from customizing user experience to install apps as per your needs. Some are done by rooting the android device & some are available for non-rooting android device. We will show you an android application which gives basic functionality to start pentesting from your mobile phones. This testing involves basic network utilities like: checking the web application destination IP address, trace routing any website, Whois query, dnslookup, netcat & many other features which are mostly required in network/ website basic pentesting. According to ethical hacking researcher of international institute of cyber security network manager can be a handy app for starting very basic pentesting. Now we will show on how to use this app:

• For testing we will use Xiaomi Redmi Note 4 – Android 7.0 Nougat.
• Download apk from https://play.google.com/store/apps/details?id=com.eakteam.networkmanager.free&hl=en

• This apk also comes with paid version. But you can do many task with freeware.
• Simply download & install network manager apk.
• Then click on the Network Manager apk.

• Network Manager APK shows basic IP details.

• Network Manager gives tons of features for diagnosing any local network.

• Starting with Universal Scanner. This scanner gives options like IP lookup, DNS Lookup, SSL/TLS Analyzer, Ports Scanner, Whois, Trace route.

• We have scanned hack.me for showing that how network manager works. For gathering basic info of any website, user can use universal scanner.
• Such information can be used in information gathering phase of pentesting.
• Gathering details with whois.

• Whois is the first step to know any information about any URL. It gives information about website registration details, hosting domain etc.
• Network manager gives an option to connect using SSH.
• For testing we have connected with Linux system. For connection, enter the username & password.

• Click on connect as you click on connect, it will open terminal session.

• SSH can be used for accessing any server from any location.
• Checking the speedtest with network manager.

• Checking the speedtest before using it gathering information can be helpful.
• Using the Web Crawler in network manager. This will crawl much information until stopped.

• Web crawler which is required for finding bugs in any website. Website crawler shows the all the external, internal links & even shows the images, files & scripts which are found in website crawling.
• Find the arp cache. This helps to know how many users are connected on the network.

• Above shows the connected users with their MAC addresses. Attacker can gather mac addresses from the network. And can be used in ARP-poisoning attacks.
• Checking the url before opening it on the browser. Network manager

• Above shows that hackthissite.org is safe to visit. For checking any suspicious URL. Users can use URL check safe browsing.
• Analyzing SSL – Checking whether URL is secured with SSL or not.

• Above shows the SSL certificate version with SSL Cipher.
• Another option is Port scanner, which shows the open ports of the target URL. Certifiedhacker.com is used for testing.

• Above shows the open ports of the certifiedhacker.com. The more ports are open, the more website can be vulnerable.
• IP calculator can also be used to gives info on how many users can be handled by an network.

• Above screenshot refers 254 are available addresses.