Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

70 Android Hacking & Security Tools For Hackers

Here is the biggest collection of android hacking tools:

  • I2P

    I2P is a very good tool for anonymizing your connections to your destination. Yes, it is just like Tor, but much better. That is, if you want to hide your IP without losing much of your connection speed, I2P is the best option. I'm not saying that the I2P can make you completely anonymous on the web. But it definitely can provide you an extra layer of protection.


    • RouterCheck

    RouterCheck is an Android App for protecting your home router from attackers. It allows you to scan the router for vulnerabilities and dangerous configurations. RouterCheck not only helps to detect and fix router vulnerabilities but also protects (indirectly) all the devices connected to your router.


    • Fing

    Fing is a simple tool for network analysis. It can evaluate your network security levels, detect intruders and resolve network issues. It displays almost all the network details such as the number of devices connected, device MAC addresses and manufacturers, IP addresses, NetBIOS names, and Bonjour info.


    • Packet Sender

    Packet Sender is an open source tool for sending and receiving TCP and UDP packets. Whenever you want to test your network, you can use Packet Sender to create and send custom data packets.


    • ProxyDroid

    ProxyDroid is an android app that allows you to set a proxy on your android device. That is, it can help you to hide your actual IP address, bypass internet censorship and prevent web monitoring. I like this app very much because of it's user-friendly interface.


    • AppUse

    AppUse is a virtual machine that you can use to test the android mobile application security. It contains a custom Android ROM loaded with hooks which were placed at the right places inside the runtime for easy application control, observation, and manipulation. It has everything a pentester needs to run and test target applications - Android emulator, development tools, the required SDKs, decompilers, disassemblers, and etc.


    • JADX

    JADX is a decompiler that you can use to produce Java source code from Android Dex and Apk files.


    • Appie

    Appie is a portable Android Pentesting Environment that you can use on any windows based machine without using a Virtual Machine(VM) or dualboot. It has a lot of tools such as Android Debug Bridge, Apktool, AndroBugs Framework, AndroGuard, Androwarn, Atom, ByteCodeViewer, Burp Suite, Drozer, dex2jar, Eclipse IDE with Android Developer Tools, Introspy, Analyzer, Java Debugger, jadx, Jd-Gui, Pidcat, SQLite Database Browser, SQLmap, Volatility Framework, Mozilla Firefox with some security addons, Owasp GoatDroid, and InsecureBank-v2.


    • Kali Linux NetHunter

    Kali Linux NetHunter is the first ever Open Source Android penetration testing platform for Nexus devices. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks.

    In short, Kali Linux is now at your tip of your fingers!


    • Nipper

    Nipper is an android tool for analyzing the security of CMS websites (WordPress, Drupal, Joomla, Blogger, Magento, Concrete5, VBulletin). It has a lot of than modules that you can use to gather information about a specific URL.

    Here is the list of modules in Nipper:
    • Detect & CMS Version: Detects and identifies the version and CMS system.
    • DNS Lookup: Get the DNS information from a URL.
    • IP ports Nmap SERVER: Scan the ports of a website.
    • Users Enumeration: Enumeration WordPress user.
    • Plugins Enumeration: Enumeration of WordPress Plugins.
    • Find CMS Core Exploit: Search core vulnerabilities in CMS.
    • Find Exploit DB: search vulnerabilities.
    • CloudFlare Solve: Identify the true IP address.
    • Identification of Theme: detects and identifies WordPress theme of a website.
    • Detection of CMS Advanced.
    • Brute Force Attack (WordPress).


    • zANTI

    zANTI is one of the best penetration testing toolkits for android. It can help you to uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points in seconds.

    Note: This toolkit will change the SELinux configuration on your device to run certain commands, so if you are going to use this toolkit, please use it on a dedicated device. Otherwise, some apps may take advantage of lessened security setting for malicious purposes.


    • Radare

    Radare is a portable framework for reverse engineering and analyzing binaries. The radare project started in February of 2006 aiming to provide a Free and simple command line interface for a hexadecimal editor supporting 64-bit offsets to make searches and recovering data from hard disks. Now it is one of the best open source reverse engineering frameworks that you can use to do many things including forensic analysis on filesystems, software patching, vulnerability fixing, software exploitation, and etc.


    • Drozer

    Drozer is a comprehensive security audit and attack framework for Android. It allows you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. With Drozer, you can greatly reduce the time taken for Android security assessments by automating the tedious and time-consuming tasks.

    It runs both in Android emulators and on real devices. And, it does not require USB debugging or other development features to be enabled.


    • Passera

    Passera is a simple android app that turns any entered text into a strong password. This tool is for the people who understand the need to have strong unique passwords for each website.


    • aNmap

    aNmap is the android version of the Nmap; meaning, you can use this app to identify open ports and services, operating system versions, types of packet filters/firewalls and other characteristics.

    It is one of the must-have tools for hackers!


    • Hooker

    Hooker is an open source project for dynamic analyses of Android applications. It has a lot of tools and applications that you can use to automatically intercept and modify any API calls made by a targeted application. 

    It also has a set of python scripts is also provided to automatize the execution of an analysis to collect any API calls made by a set of applications.

    Note: Android-Hooker is a proof of concept relying on the Substrate framework. That means Hooker cannot work if Substrate is not correctly installed on your device.


    • Intercepter-NG

    Intercepter-NG is an android app for intercepting and analyzing the WiFi network traffic. It is very easy to use. It can intercept communications, analyze data packets. hijack sessions, SSL Strip connections, and monitor target's web activities.


    • Orbot

    Orbot is an android app developed by the Tor Project for internet freedom and privacy. It allows you to hide your real IP address by bouncing your communications around a distributed network of relays run by volunteers all around the world.

    Orbot is not just Tor, it also contains LibEvent and a lightweight web proxy server -"Polipo".

    And, in rooted devices, it allows you to transparently torify all of the TCP traffic on your Android device.


    • APKinspector

    APKinspector is a powerful tool for android application analysts and reverse engineers. It can help you analyze the app permissions, Dalvik codes, Smali codes, Java codes, APK information and call graph.


    • OWASP GoatDroid

    OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users.

    Currently, it has two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application.


    • AndroRat

    AndroRat is a remote administration tool for android (thus the name AndroRAT). This tool allows you to access target's contacts, call logs, messages, and the location details remotely.

    Some other interesting functionalities of AndroRat:
    • Live monitoring of received messages.
    • Live monitoring of the device state (call received, call sent, call missed.).
    • Take pictures using the camera.
    • Stream sound.
    • Stream video.
    • Do a toast.
    • Send text messages.
    • Give call.
    • Open a URL in the default browser.
    • Vibrate the phone.
    You can even use this tool to hack the target's online accounts.


    • DroidSQLi

    DroidSQLi is an android app that you can use to launch SQL injection attacks on a target URL. This is fully automated tool, you don't need to know any complex technical information to use this app, anybody can use it, it's that simple.

    It supports the following injection techniques:
    • Normal injection.
    • Blind injection.
    • Time-based injection.
    • Error based injection.


    • Smartphone Pentest Framework (SPF)

    Smartphone Pentest Framework is an open source tool designed to aid in assessing the security posture of smartphones in an environment. Currently, it contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.


    • Android Data Extractor Lite (ADEL)

    ADEL is a forensic tool that allows you to dump selected SQLite database files from Android devices and extract the contents stored within the dumped files. The first version requires a modification of the kernel and the adb daemon. But now, you do not need to modify those things, because now the ADEL makes use of a custom recovery image based on the Clockworkmod-Recovery.


    • Dexter

    Dexter is a free tool for malware analysis and code auditing. It allows you to extract as much information as possible from android applications and display them in various different views. 

    Here are some of its key features:
    • Free and interactive environment.
    • Flexible tagging system - Annotate and tag everything in your analysis
    • Collaboration - share your analysis results easily with your co-workers.
    • An API for automated processing or extending.


    • aWPVSCAN

    aWPVSCAN is a free android tool for finding security weaknesses within Wordpress installations. It is very easy to use, no technical knowledge is necessary.

    It can also help you to enumerate plugins, themes, authors, and Timthumbs file.


    • DNSChef

    DNSChef is a highly configurable DNS proxy  (a.k.a Fake DNS) for Penetration Testers and Malware Analysts. This tool is mainly used for application network traffic analysis.

    It can be used to fake requests for "" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

    Unlike most of the DNS proxies, DNSChef is capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6, and many other things.


    • Revenssis

    Revenssis is a fully featured network, wireless and web app pentesting suite. It is also called as the "Smartphone Version of Backtrack" because it has almost all the useful tools in the Backtrack distributions.

    It has almost all the web app vulnerability scanners, forensic tools, vulnerability research tools, self-scan and defense tools. And, some useful utilities such as WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool and etc.


    • PenTBox

    PenTBox is a multiplatform security framework written in Ruby. It has a lot of tools such as Base64 & Decoder, Multi-Digest, Hash Password Cracker, Secure Password Generator, Net DoS Tester, TCP port scanner, Honeypot, Fuzzer, DNS and Host gathering tool, MAC address geolocation tool, and a HTTP Bruteforce tool.


    • WiFi Kill Pro

    WifiKill Pro is a lightweight android application that allows you to disable internet connection for any device on a WiFi network. It doesn't termiate the internet connection, it just blocks the packet data to the device.


    • DroidSheep

    DroidSheep is a session hijacking tool developed by Andreas Koch for hackers. It can capture session cookies over a WiFi network. That means this tool can help you to hijack any unencrypted web sessions!


    • Android Privacy Guard

    Android Privacy Guard is an open source security tool that you can use to encrypt, decrypt and sign files and email messages by using a public/private key pair. It also allows you to encrypt individual files without a public/private key pair by relying on symmetric encryption and a strong passphrase.


    • Totally Free VPN

    Totally Free VPN is a wonderful proxy app with a lot of high-speed proxy servers. It's totally free and super fast. Totally Free VPN is very efficient at hiding your IP address from unwanted websites and services. so I would say it is a must-have security tool for an android device.

    Note: If you are looking for a best free proxy or VPN app for your android device, check out this article: 10 Best Free Proxy/VPN Apps For Android.


    • Mock Locations

    Mock Locations is a free android app that allows you to spoof the device location in seconds. It can simulate GPS route, set breakpoints, set variable speed and simulate closed route. In short, it is one of the best GPS spoofer apps in the play store.

    Here is the list of best free GPS spoofer android apps: 10 Best Free GPS Spoofer Apps For Android


    • SDelete

    You probably know that the deleted files can be recovered, so don't just delete files, destroy them. SDelete is such a tool that you can use to destroy files beyond recovery. It supports two different wiping algorithms: US DoD 5220.22-M,  NIST 800–88.

    It also allows you to create your own shredding patterns!


    • ChameleMAC

    ChameleMAC is an android app that you can use to change your MAC address. You know, this app can be used to get free WiFi (from your neighbor or public WiFi spot).

    If this app is not working for you, read How To Change (spoof) MAC Address on Android. That article contains 3 different methods to change your MAC address. 


    • Tor Browser

    If you care about your privacy, you should not use normal browsers, you should use the Tor Browser to browse the web. Because it can give you more protection and security. 

    Tor Browser has the ability to block trackers and it's multi-layered encryption ensures real anonymity for the users.


    • Servers Ultimate

    Servers Ultimate is a powerful app that can turn your android device into a multipurpose server. It allows you to run Caddy, CVS, DC Hub, DHCP, UPnP, DNS, DDNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, FTPES, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, Lighttpd, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, Node.js, NTP, NZB Client, Napster, Nginx, PHP, PXE, Port Forwarder, RTMP, Remote Control, Rsync, SIP, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Styx, Syslog, TFTP, Telnet, Time, Torrent Client, Torrent Tracker, Trigger, USB/IP, Unison, UPnP Port Mapper, VNC, VPN, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server on your android device.


    • WIBR

    WIBR is an android app that you can use to break into a password protected (weak) WiFi network. It is actually a brute forcer that allows you to perform a dictionary attack on the target. 


    • pulWiFi

    pulWiFi is an android app that shows the default passwords for wireless networks of some routers. It supports the following networks.
    • Some D-Link routers
    • Some Huawei routers
    • Some InfoStrada routers


    • Penetrate Pro

    Penetrate pro is an excellent app for decoding WEP/WPA WiFi keys. It supports the following routers.
    • Routers based on Thomson: Thomson, Infinitum, BBox, DMax, Orange, SpeedTouch, BigPond, O2Wireless, Otenet.
    • DLink
    • Eircom
    • Pirelli Discus
    • Verizon FiOS (only some routers)
    • Fastweb (Pirelli & Telsey)
    • Jazztel_XXXX and WLAN_XXXX
    • Tecom
    • Infostrada
    • SkyV1


    • Router Brute Force

    Let's assume, you have free WiFi, and you want to take control of that wireless network. What do you do?

    Obviously you need router login credentials. If you can't steal those from the admin, you should use the Router Brute Force app. Because it can crack the router passwords very efficiently.


    • RouterPWN

    RouterPWN is a router security audit tool for penetration testers. This is actually a web based tool that contains a compilation of ready to run local and remote exploits. You can use it offline for local exploitation without the internet connection.


    • AnDOSid

    AnDOSid is a powerful denial of service attack tool for pentesters and security researchers. Please don't use it to attack servers that you don't own, otherwise, you might end up in jail.


    • OFS Doser

    OFS Doser is also a denial of service attack tool, but this one works in a different way. It can only crash a PHP or Java server that has the "HashDoS" vulnerability. 


    • Hash Decrypt

    Hash Decrypt is a powerful tool that allows you to crack/decrypt a hash. It uses the dictionary attack to crack hashes. This tool supports 10 different hash functions such as MD2, MD4, MD5, SHA1, SHA-256, SHA-384, SHA-512, Tiger, RIPEMD-128 and RIPEMD-160.


    • Cryptonite

    Cryptonite is an open source application for file encryption. It is fully compatible with all EncFS features. The app works on both rooted and non-rooted devices.


    • CrypticSMS

    CrypticSMS can encrypt / decrypt SMS messages. It supports AES cipher, Backwards cipher, Caesar cipher, DES cipher, Hill cipher, Monoalphabetic cipher, Morse Code cipher, Playfair cipher, Reverse Alphabet cipher, Triple DES cipher, and Vignere cipher.


    • GT Recovery

    GT Recovery is an android app that you can use to recover any deleted file you want on android. This app supports mainstream volume formats such as FAT, EXT3, and EXT4.


    • WiFinspect

    WiFinspect is a security audit tool that allows you to monitor the networks you own or have permission. It has the following functions:
    • Network Information
    • UPnP Device Scanner
    • Host Discovery
    • Network Sniffer
    • Pcap Analyzer (three options)
    • PCI DSS (Version 2) Menu
    • Access Point Default Password Test 
    • Access Point Security Test 
    • Access Point Scanner
    • Internal Network Vulnerability Scanner 
    • External Network Vulnerability Scanner
    • Host Information
    • Port Scan
    • Host Vulnerability Scan
    • Traceroute
    • Ping


    • Nessus

    Nessus is a powerful vulnerability scanner that you can use to detect vulnerabilities in your network. It uses Nessus Attack Scripting Language to describe individual threats and potential attacks.


    • Find People Search

    Find People Search is an  android app that allows you to find whoever you want. Unfortunately, the search is limited to the United States only.

    If you want to search the whole world, check out the article "3 Best Free Android Apps For People Search (a.k.a Social Search)".


    • AppLock

    AppLock is one of the best android apps to protect your files, calls, apps, and settings from unauthorized access. It is one of the must have security tool for an android device.

    If you want to see the best android apps for locking apps and files, check out this article: Best Free Lock Android Apps.


    • NoRoot Firewall

    This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here

    Share the post

    70 Android Hacking & Security Tools For Hackers


    Subscribe to Effect Hacking - Hacking Tools, How To Guides An

    Get updates delivered right to your inbox!

    Thank you for your subscription