One of my favorite posts on this site that I continue to go back to is @VVid0w’s post about the ideal Hackers EDC Bag.
But seeing as it may not be practical to bring ALL of your combat gear grocery shopping, or running day to day errands, what kind of smartphone apps, or very small gadgets can you use for when you stumble across something on the go? Something totally inconspicuous you could use in a crowd of people, or be able to conceal comfortably?
I found a few useful android apps that I have been playing around with. Most of you probably know about these, but I thought I’d share with you guys anyways. They are all tools that are great for Reconnaissance. But this isn’t a foot printing only post, I want to hear about what tools you all use for anything that has to do with you physically being close to a network, that won’t look suspicious.
- EZnetScan+ ($1.99)
There is also a free version with tons of features, just doesn’t have alot of the network commands.
EZnetScan+ is a fun tool that can be used for very basic Recon. It’s designed to aid in basic personal network administration. It has alot of awesome features that allow you to gather some great information as long as you can connect to the network you can see everything else running through it. It’s great for seeking out what else a public network has connected to it.
There is also a free version
Features
- Quick tools
- Traceroute
- DNS Lookup
- TCP Port Scans
- Ping
The Pro version includes network commands that allows you to view and manage -
- Software inventory
- Hardware and storage
- Running Services
- Running Processes
- SMB protocol
Pros
Easy to use
Inconspicuous
A Lot of features and useful tools
Cons
Have to be connected to the network
Not very stealthy if not using a burner phone
- FaceNiff
FaceNiff is a nifty little session hijacker allowing you to intercept web session profiles over the WiFi network your phone is connected to.
Apparently it works over WEP/WPA-PSK/WPA2-PSK. It does require a Rooted Phone however, and will not work if any of your targets are using SSL. I personally don’t have much experience using this. I really want to get it working, but for any learning hacker, there is only so much time you can spend troubleshooting different things. It looks cool in theory, if working correctly. Does anyone have any experience using this app? Let me know!
You can hijack session profiles from FaceBook
Twitter
Youtube
Amazon
Vkontakte
Tumblr
Myspace
Tuenti
MeinVZ/StudiVZ
Blogger
Nasza-Klasa
Pros
Stealthy
Inconspicuous
Simple to use
Cons
Rooted Phone Required
Will not detect targets using Secure Socket Layers(SSL)
There is alot of cool apps out there, I didn’t really make this post as a tutorial, i just wanted to start a cool discussion so we can bounce some findings, ideas, and concepts around!
What kind of cool tools do you guys know about? They dont even need to be apps, or hacking tools, i am just looking for something that you can have on your person at all times that wouldn’t draw attention, or be uncomfortable to lug around all day, that can aid you in a successful penetration.