Nice article! Personally, I think having a rooted smartphone specifically for carrying with you on pentests is honestly one of the most valuable pieces of equipment. In fact, the pwny express pwn phone is a tool designed for just that!
There’s also an android image called Kali Nethunter that features a fully functional kali-linux distro on your mobile device if you prefer to go that route. Unfortunately, I’m unable to offer any insight on these because I’ve not been able to get ahold of a device that would allow me to flash the image without making a custom kernal for it.
Although, currently I’ve got a rooted Kindle fire that I loaded up with a bunch of pentesting apps. If I must be honest though, I feel as though it’s sub-standard compared to both the pwn phone and Kali Nethunter. Just for the simple fact that it doesn’t really offer everything those specialized tools do. Here’s my list of apps and a short description of what they do: (not including the ones you’ve already listed)
1.) Juice SSH: It’s an SSH client that I use mainly for my headless kali raspi.
2.) Connect bot: Another SSH client for when I need to connect to two devices at once.
3.) VNC Viewer: For viewing VNC sessions lol.
4.) Orfox: TOR Browser for android.
5.) Orbot: TOR client for android. Allows me to route all traffic on the device through the TOR network.
6.) NetworkMapper: Nmap for android.
7.) Fing: [quote=“pry0cc, post:3, topic:2098”]
For network scanning on Android
[/quote]
8.) Network Spoofer: Lets you edit content on non ssl websites to your liking. Basically just a MiTM troll attack tool. (Although it could be useful with the custom redirect option. Also for propaganda lol)
9.) ES File explorer: File manager for android. It’s better than the default.
10.) WiFi key view: For viewing the wifi keys you’ve used for any access point. (Basically just so you don’t have to try to remember what you put in)
11.)Terminal Emulator: Well…it emulates a terminal lol. Can’t do without one on a “H@ck T@b” even though I don’t really need it rofl.
12.) Cluster snippits: This is an addon to Juice SSH. It lets you run a script through juice ssh so that you dont have to type it directly into the terminal. You can also save your scripts. They’re called “snippits”.
13.) AnDOSoid: Basically LOIC for Android.
14.) Droid SQLi: SQL Injection for Android.
15.) Evil Operator: Connect two people to a phone call and listen /record. Doesn’t work on my Kindle, but I still have it for some reason rofl.
16.) WhatsAppSniffer: Does as its namesake suggests.
17.) zANTI: Network testing tool. Allows you to scan for vulns, check for ShellShock & SSL Poodle, and conduct MiTM attacks.
18.) Nipper: Website information gatherer.
19.) WPS WPA Tester Premium: Tries to bruteforce accesspoints that have wps and wpa enabled.
20.) HID Shell Me: Human Interface Device shells.
21.) WiFiKill: Kills a specific devices wifi connection while still making it look as though they are connected. (Doesn’t really work on my Kindle unfortunately.)
22.) Shark: Wireshark for android.
23.) Shark reader: PCAP reader for Android.
24.) cSploit: Basically zAnti but better. Has loads more options. You’d have to look this one up because there’s too much for me to list.
25.) USB Cleaver: Gets creds from Windows machines (2000 and up). Doesn’t work on my kindle.
26.) inSSIDer: Lets you look at all the access points around you, what channel they’re using, and graphs their strengths.
27.) Lucky Patcher: Lets you “patch” applications to get free inapp purchases (doesn’t work on all apps)
28.) Cheat Droid: Lets you edit the contents of an app. It’s named cheat droid as a marketing scheme and because it’s mainly thought that it’s use will be adding coins or whatever to your game.
29.) Blackmart: Free apps that you normally have to pay for.
30.) Aptoid: Same as Blackmart, except there are repos you can choose.
31.) Google Play Store: Because it doesn’t come on the Kindle by default.
Hope this helped! All in all, the Kindle isn’t the worst pentesting platform but it’s certainly not the best either. And that goes for any rooted phone as well. I’d reccomend spending the money to get a nexus device and putting either the Pwnphone or Kali Nethunter on it to be honest, especially if you’re planning to carry it on you in real engagements. (You will need to purchase an external network card that’s capable of packet injection though. I reccomend the TP-Link TL-WN722N because it’s small af and works exceptionally. You’ll also need an OTG cable to connect the nic to the device.)
EDIT: Side note - When using these, it looks like you’re just playing on a tablet or phone which is nothing out of the ordinary. I’d install a few games though so you can quickly switch to those in case someone gets nosey.