A selection of “hacking” programs for Android. The best hacking programs for hacking from a smartphone The most popular hacking programs

Description Reviews (0) Screenshots

Everyone has forgotten the password for a document, an archive, or even an operating system. And, of course, the first thought is to call a programmer so that he can solve such an urgent program. However, everything can be made much easier if you download hacking programs.

Of course, no one thinks that downloading free hacking programs is quite an easy task. However, you can turn to software of this kind, which, meanwhile, is freely available. So, if you have problems accessing some archive, we can offer you the Advanced Archive Password Recovery application, which will help restore access to lost data.

The principle of its operation is quite complex, however, for a client who has decided to download this application it will be enough to know that in the end either the password protection from the archive will be completely removed, or in the end the user will have access to a password for it, which can be entered in a separate window and, again same - to gain access to the data. And taking into account the extensive database, possible variations in archive formats, as well as the operating principle of individual archivers (all this is used by the program during hacking), access to data can be obtained in a minimum amount of time.

Key features of Advanced Archive Password Recovery

In addition to its main purpose - identifying and removing passwords from archives, the application also has some additional functionality, presented below:

The application supports archives larger than 4 GB and works with them as quickly as with lighter files;
Archives containing more than 5 files of the popular format that were created by versions earlier than 8 are unpacked slowly - only within an hour. This is due to inconsistency between data hacking tools and earlier versions;
The program can be switched to background mode. Of course, the process will slow down somewhat, however, in this situation, the amount of RAM will be used minimally;
Dictionary attacks and a methodical search of possible values using established masks and templates provides almost 100% probability of access to data encrypted in the archive.

Top programs for a hacker

Hidden from guests

It has a number of features that can help pentesters and hackers. Two compatible applications used in this tool include "Burp Suite Spider", which can list and map various pages and settings of a website by examining cookies. Initiates a connection to these web applications, as well as an "Intruder", which carries out a series of automated attacks on targeted web applications.

Burp Suite is an excellent web hacking tool that many pentesters can use to test the vulnerability of websites and targeted web applications. Burp Suite works using detailed knowledge of the application, which has been removed from the HTTP protocol. The tool works through an algorithm that is customizable and can generate a malicious HTTP attack request that hackers often use. Burp Suite is especially indispensably useful for detecting and identifying vulnerabilities for SQL injection and Cross-Site Scripting(s).

Hidden from guests

Also known as "ipscan" is a freely available network hacking scanner that is both fast and easy to use. The main purpose of this IP address and port scanning hacking tool is to find open doors and ports in other people's systems. It is worth noting that Angry IP Scanner also has a bunch of other hacking methods, you just need to know how to use it. Common users of this hacking tool are network administrators and system engineers.

Hidden from guests

is an amazing network hacking tool that can be configured in one of three preset modes:

it can be used as an interceptor
packet logger
for detecting network intrusions

More often than not, hackers use Sniffer Mode, which gives them the ability to read network packets and display them on a graphical user interface. In package logger mode, Snort will audit and log packages to disk. In intrusion detection mode, Snort monitors network traffic and analyzes it with a user-defined set of rules.

THC Hydra - Often seen as another password cracker. THC Hydra is extremely popular and has a very active and experienced development team. Essentially Hydra is fast and stable for hacking logins and passwords. It uses a dictionary and Brute Force attacks to try different combinations of usernames and passwords on the login page. This hacking tool supports a wide range of protocols, including Mail (POP3, IMAP, etc.), Database, LDAP, SMB, VNC, and SSH.

Wapiti has a very loyal following. As a pentesting tool (or Framework), Wapiti is capable of scanning and identifying hundreds of possible vulnerabilities. Basically, this multi-purpose hacking tool can check the security of web applications by executing a black box system. That is, she does not study the source code of the application, but scans the application's HTML pages, scripts and forms, where she can insert her data.

Today this is the top program for a hacker. Do you have information that is newer than ours?- Share it in the comments. Any questions?- ask. We will always answer and explain everything.

Pentesting, or simply penetration tests, is a legal way to do real hacking, and even get paid for it. An advanced security audit is usually performed on a laptop with specific hardware, but many security flaws can be easily detected using a regular smartphone and tablet. In this article, we will look at 14 hacking applications that will allow you to perform a penetration test using Android without pulling out your laptop.

The article was written for research purposes. All information is for informational purposes only. Neither the author of the article nor the administration is responsible for the unlawful use of the programs mentioned in the article.

Hacker programs for hacking from a smartphone

All hacker applications for Android are divided into several groups:

Web resource scanners are hacker utilities for searching for vulnerabilities.
Harvesters - allow you to search for vulnerabilities (and exploits for them) both in software and in hardware. Perform sniffing, MITM attacks, etc.
Sniffers are hacker applications for intercepting and analyzing traffic.
Auxiliary utilities are tools that help in pentesting.
Directories and search engines are applications that perform auxiliary functions.

Web crawlers for Android

Let's start our review of programs for hacking a smartphone with the most important thing, namely web application scanners. Here we have three applications that will allow you to find open admin areas, reset passwords, test your site for XSS vulnerabilities, SQL injection capabilities, create directory listings, and much more.

Mobile web application vulnerability scanner Kayra the Pentester Lite looks for common errors in the configuration of the specified web server and attempts to obtain directory listings (usually successfully). Additional tools include a hash generator and an AES decryptor.
The application has simple and clear settings. Supports HTTPS and checks TLS for correctness. Can search for XSS, brute force CGI, and perform dictionary attacks. Can work in the background and in multi-threaded mode. Contains a Google Hacks database and automatically detects known vulnerabilities.

Kayra Report and About Screen

For each item marked in the scanning settings, a detailed report is created. The screenshot shows only a small part of it. The free version is quite functional, but sometimes annoying with ads. The paid version has no advertising and restrictions; its cost at the time of writing is 159 rubles.

Tested version: 1.4.0
Size: 4.7 MB
Android version: 4.1 and higher
Root required: no

The next Android hacker is DroidSQLi. The DroidSQLi application is used to check websites for vulnerability to four types of SQL injections:

Normal SQL injection - a classic version with passing the UNION ALL SELECT parameter;
Error based SQL injection - using obviously incorrect syntax in queries to receive an error message that reveals additional database parameters;
Blind SQL injection - a series of queries with analysis of true/false responses from the DBMS, allowing you to restore the structure of the database;

Time based SQL injection - the formation of additional queries that cause the DBMS to be suspended for a certain time, which makes it possible to extract data character-by-character.

Demonstration of error based SQL injection

The DroidSQLi utility automatically selects the injection method and also uses techniques to bypass query filtering.

To start testing the site, you need to manually find the entry point. Typically this is the address of a web page containing a request of the form?id=X or?p=X, where X is a positive integer. In our example, the payload for the id parameter looks like this:

id = (SELECT 4777 FROM (SELECT COUNT (*), CONCAT (0x71626b6a71, (SELECT (ELT (4777 = 4777, 1))), 0x7170767871, FLOOR (RAND (0) * 2)) x FROM INFORMATION_SCHEMA. GINS GROUP BY x ) a )

There are a lot of sites on the Internet that are vulnerable to SQL injections. I think you can easily find a few of these just by looking at your browser history.

Tested version: 1.1
Size: 705 KB
Android version: 4.2 and higher
Root required: no

The next tool for hacking from smartphones is the Droidbug Admin Panel Finder FREE utility. The application searches for admin panels using the default addresses of different CMSs. The result of its work does not always correspond to the real state of things, since popular web servers have IDS and WAF. They block URL brute force or redirect it to a honeypot (trap), which responds with HTTP 200 OK to all requests, and itself collects information about the attacker.

However, on less popular sites, security is very sad, and a valid admin panel can be found in a matter of seconds. The paid version, costing 139 rubles, removes advertising and unlocks the ability to search using a mixed template for sites that support PHP/ASP/CGI/CFM/JS.

Search for admin panel on the site

Tested version: 1.4
Size: 6.3 MB
Android version: 2.1 and higher
Root required: no

Harvesters for hacking from a smartphone

The Internet is not only made up of web applications, and holes are not found only in them. The following selection of hacking applications for Android will allow you to look for vulnerabilities (and exploits for them) in software and hardware, perform sniffing, MITM attacks, abandonment and do many other interesting things.

cSploit is one of the most powerful tools for scanning networks and searching for vulnerabilities on detected hosts. Creates a network map and displays information about all devices found in it. Can determine their IP/MAC and vendor (by the first three octets of the MAC address), determine the OS installed on them, search for vulnerabilities using the Metasploit framework RPCd and brute force passwords.

Client search and MITM attack

Performs various types of MITM attacks through DNS spoofing (it is possible to replace media files in traffic on the fly, JS injections, session hijacking and cookie hijacking for authorization without entering a password). It can also disconnect individual devices (or disconnect them en masse from the access point). Intercepts traffic and saves it in .pcap format or redirects it wherever you want.

cSploit contains a tool for creating and sending any TCP/UDP packet to a selected host. The link redirects to an online service for selecting and exploiting vulnerabilities for a specific model. The database stopped being updated in 2015, but is still relevant. In my short test on an ASUS router, which has been in production since the end of 2016, a vulnerability first described in 2009 was discovered in the latest firmware (April 2018).

Open ports and a selection of exploits for the selected target

Additionally, cSploit helps you create a remote host on a hacked, security-audited host and gain full control over it. In general, this is a definite must have for pentesters, and not only for them.

Version tested: 1.6.6 RC2
Size: 3.5 MB
Test builds of cSploit Nightly are available
Android version: 2.3 and higher
Root required: YES!
to /system/bin

cSploit, Intercepter-NG and other powerful utilities deserve more detailed consideration in separate articles. We suggest first getting familiar with the basic principles of pentesting using simple applications as an example, and only then moving on to hardcore.

The cSploit fork by Simone Margaritelli died in 2014. The project remained in beta stage with very crude code. While cSpoit worked flawlessly for me, the last three versions of dSploit crashed with an error almost immediately after launch.

The same cSploit, side view

Since Margaritelli joined the Zimperium company, dSploit's developments have become part of the proprietary zAnti utility.

Wireless Network Scanning and Host Discovery

Tested (not entirely successful) version: 1.1.3c
Size: 11.4 MB
Android version: 2.3 and higher
Requires root: YES!
Additional requirements: install BusyBox in /system/bin, show a tendency towards masochism

zAnti

Mobile application for pentesting from Zimperium. A more modern, stable and visual analogue of dSploit.

The zAnti interface is divided into two parts: scanning and MITM. In the first section, like dSploit and the original cSploit, it maps the network, determines all hosts, their parameters and vulnerabilities.

Nmap's network

A separate function is the detection of vulnerabilities on the smartphone itself. According to the program's report, our test Nexus 5 contains 263 holes that will no longer be closed because the device's lifespan has expired.

Vulnerability detection

zAnti helps to hack routers and gain full access to them (with the ability to change the admin password, set a different SSID, PSK, and so on). Using MITM attacks, zAnti detects insecure elements at three levels: OS, applications and device settings.

The key feature is the generation of a detailed report on all scanned elements. The report contains explanations and advice on how to eliminate the deficiencies found.

zAnti report

Tested version: 3.18
Size: 24 MB
Android version: 2.3 and higher
Root required: YES!
Notes: zAnti does not work on devices with x86 and x86_64 processors

Sniffers for intercepting traffic on Android

No pentester can do without a good one. It is as common a tool as a knife on a chef's table. Therefore, the next section of the article is devoted to applications for intercepting and analyzing traffic.

is an advanced sniffer focused on performing MITM attacks. Captures traffic and analyzes it on the fly, automatically identifying authorization data in it. Can save intercepted traffic in .pcap format and analyze it later.

Automatically detected data formats include passwords and hashes for the following protocols: AIM, BNC, CVS, DC++, FTP, HTTP, ICQ, IMAP, IRC, KRB5, LDAP, MRA, MYSQL, NTLM, ORACLE, POP3, RADIUS, SMTP, SOCKS , Telnet, VNC.

Scanning and ARP spoofing

Intercepter-NG collects files transmitted via FTP, IMAP, POP3, SMB, SMTP and HTTP from intercepted packets. Like cSploit and its analogues, Intercepter-NG uses ARP spoofing to perform MITM. It supports SSLstrip, which allows you to perform MITM attacks even with HTTPS traffic, replacing HTTPS requests of the attacked hosts on the fly with their HTTP variants through the built-in DNS proxy.

In addition, it can detect ARP spoofing in relation to itself (useful when connecting to public hotspots) and protect against it. When you click the umbrella icon, the ARP cache is checked.

Tested version: 2.1 (console - 0.8)
Size: 5.2 MB
Android version: 2.3 and higher
Root required: YES!
Additional requirements: install BusyBox in /system/bin

A simpler and “legal” TCP/UDP packet analyzer with the ability to intercept HTTPS sessions using MITM. It does not require it, since it uses the built-in Android function of proxying traffic through and substituting an SSL certificate.

In Android 6.0.1 and later versions, you must manually add a CA certificate through the application settings.

Traffic capture

Packet Capture runs locally. It does not perform ARP spoofing, session hijacking, or other attacks on external hosts. The application is positioned as a debugging application and is downloaded from the official market. It can decode packets as Text/Hex/Urlencoded, but does not yet support gzip-compressed HTTP requests.

Packet Capture makes it easy to monitor the network activity of installed applications. It shows not just the volume of transmitted traffic, but what exactly each program or built-in Android component sends and where, and what packets it receives in response and from which servers. An excellent utility for searching for Trojan bookmarks and annoying advertisements.

Tested version: 1.4.7
Size: 4.5 MB
Android version: 2.3 and higher
Root required: no

Helper hacking utilities for Android

While advanced pentest utilities require root and BusyBox, simpler applications are available in the Play Store and work on any smartphone without any tricks. They cannot perform ARP spoofing and MITM attacks, but they are quite sufficient for scanning a wireless network, detecting hosts and obvious security problems.

This program scans the airwaves looking for access points with WPS enabled. Having discovered such ones, she tries to try default pins on them. There are few of them, and they are known from the router manufacturer's manuals.

If the user has not changed the default pin and has not disabled WPS, then the utility takes at most five minutes to sort through all known values and obtain WPA(2)-PSK, no matter how long and complex it may be. The password for the wireless network is displayed on the screen and is automatically saved in the Wi-Fi settings of the smartphone.

Hotspot detection with WPS

Since that article was published, WPSApp has been updated and improved in every way. She knows more pins from different vendors, iterates through them faster, and has learned how to brute force in new modes. The utility works both on rooted smartphones and without root rights. It has many analogues, but they are all much less effective.

Tested version: 1.6.20
Size: 3.0 MB
Android version: 4.1. Works much better on Android 5.1 and later
Root required: preferred, but not required

Open source and free Wi-Fi network scanner. A very convenient utility for detecting access points (including hidden ones), finding out their parameters (MAC, vendor, channel, encryption type), assessing signal strength and distance to them. The distance from the router is calculated using the formula for line of sight, so it is not always indicated accurately enough.

Displaying hidden networks and assessing channel noise

WiFiAnalyzer allows you to clearly see the situation on air, filter targets by signal strength, SSID, frequency used (2.4/5 GHz) and encryption type. You can also manually determine the least noisy channel using two types of graphs: regular and time-accumulated.

In short, WiFiAnalyzer is where you should start reconnaissance in wireless networks. Searching for targets with certain parameters will save a lot of time when further working with advanced utilities.

Tested version: 1.8.11
Size: 1.6 MB
Android version: 4.1 and higher
Root required: no

Fing

Often the functionality of hacker utilities overlaps with the capabilities of completely legal tools that system administrators use to set up networks.

Fing is one such tool. It quickly scans the Wi-Fi network you managed to connect to (for example, using WPSApp) and identifies all the hosts. This may be needed to check your own wireless network for unauthorized access, but, you see, exploring unfamiliar networks is much more interesting.

Defining ports and services on selected hosts

Fing performs advanced analysis of NetBIOS, UPNP and Bonjour names, so it more accurately identifies device types and shows more of their properties. Fing has integrated ping and tracerout utilities. It can also send WOL (Wake on LAN) requests, remotely waking up “sleeping” devices that support this function.

Fing automatically detects open ports and the services associated with them. When SMB, SSH, FTP and other things are detected, Fing offers to connect to them, calling external programs from its menu to do this. If the corresponding utility (for example, AndSMB) is not installed, then Fing opens a link to download it.

Additional features of the program are available after registering a Fing account. With it you can perform an inventory of devices and networks. Even more functions are unlocked after purchasing the Fingbox hardware. It can monitor the connection of uninvited guests and selectively block their devices, as well as check the Internet connection for typical problems and automatically fix them.

Tested version: 6.7.1
Size: 10 MB
Android version: 4.1 and higher
Root required: no

The application detects all client devices on a wireless network and then uses ARP spoofing to selectively disable them or cut off communications for everyone except itself. And then you can download files at full speed somewhere in a cafe, watching how other visitors suffer.

NetCut - find and kick!

Joke! It’s uncivil to do this, but to quickly kick an attacker without getting into the router settings - why not? You can not just break the connection for any host once, but constantly block its attempts to connect to the access point until it changes its MAC address (see the Jail tab).

If someone tries to do such a trick against your device, NetCut will detect poisoning of the ARP cache and clear it (see NetCut Defender). For a dollar a month you can get a Pro account, remove ads and restrictions.

Tested version: 1.4.9
Size: 12 MB
Android version: 4.0 and higher
Requires root: YES!

Directories and search engines for pentesters

Finally, we’ll tell you about a couple of useful utilities that are not directly related to hacking, but rather perform an auxiliary and informational function.

If you want to hack the game on your phone or tablet, then you are on the right track. In this article we will talk in detail about how and with what you can hack the game on an Android device. This question worries many users, which is not surprising - prices for purchasing in-game currency are often unreasonably high.

How to hack the game

In fact, hacking an Android game is quite simple. But for this you will need the help of special programs (applications), which come in two types:

The first type allows you to make free purchases in games. This is the easiest way, as it does not require any complex actions from you. This kind of hacking occurs using an application that can bypass the Play Store license check and replace data when paying within the game.
The second type changes the amount of game currency. This type of hack is more complex, since you will have to manually find and change the necessary numeric values. But once you learn and understand the process, you can hack any game in a few minutes.

Most programs for hacking games work if you have Root rights on the device; what this is and how to get root rights is described in the article.

It is also worth noting that on Android you can only hack offline games (that do not require Internet access) and it is almost impossible to hack online games such as Clash of clans, Game of war, Boom beach and so on. This is due to the fact that all hacking programs replace data inside the device itself, and online games store data on the server and not in the device. Even if you manage to hack an online game, most likely after connecting to the server the data will be restored to the previous values or you will simply get banned.

Hacking games without root rights

The programs presented in this section allow you to hack without root rights. The disadvantage of these applications is that the list of supported games is limited and, as a rule, these are simple toys with weak protection.

An application for hacking games without root rights, with which you can make free purchases. At the moment, Krihak supports about 100 games, including Shadow Fight 2 (v1.7.0). But keep in mind that the program has not been updated for a long time and the developer announced the end of support, so KriHak may not be suitable for hacking new games.

Instructions:

Disable Google Play and Google services in the settings by clicking on “Stop the process”.
Then turn off the Internet or Wi-Fi.
Next, launch Krihak and minimize or press the “On” button to activate the hack (in some versions, activation occurs at startup).
We go into the application and make any purchase in the store, if you see the inscription - the hack worked, then accordingly Creehack worked.

Quite a powerful application for editing and hacking APK files. Allows you to change the contents of the APK: localization strings, replace background images, architecture layout, and even remove advertising. There are two versions of Apk Editor available in the Play Store - a paid Pro version and a free one.

Hacking games with root rights

Unlike the previous section, this one contains more powerful programs, for which you will need root rights.

A well-known program that allows you to make free purchases in offline Android games. The application replaces the purchase authorization server and emulates the purchase as if it were a real one. To put it simply, Freedom creates a virtual card with which you pay for free in applications.

Instructions:

4.GAME KILLER

One of the most popular programs for hacking games for numerical values (coins, gold, crystals, etc.). Game Killer works with almost all popular games, except online of course.

Instructions:

Install and launch GameKiller, then minimize it.
We go into the game that needs to be hacked.
Open the game killer, click on the key icon in the corner, select what you want to hack, for example, coins: to do this, enter the current number of coins in the search bar of the program.
Now change the quantity; to do this, you need to perform some action in the application, for example, buy something (in any way, the main thing is that the quantity is not = 0).
Then we again start the search in game killer using the changed value (for example, you had 100 coins, spent 20 - we are looking for 80).
As a rule, the program will give you 1-2 results; if everything turns out that way, we change them to the required ones (for example, 9999999).
If the program produced many more results, then you will need to repeat steps 4 and 5.

Video instructions for hacking a game using GameKiller.

5.GAMECIH

Changes the values of game currency, similar to Game killer, so the instructions are the same.

Process description:

Download and launch GameCIH, then minimize it.
Launch the game you want to hack.
Open Game Cich, choose what exactly you want to hack, for example crystals, to do this, write the current number of crystals in the program search.
Now change this number, to do this you need to perform any action in the game, for example, buy something (the main thing is that the number is greater than zero).
Then we again turn on the search in GameCIH using the edited value (for example, you had 150 coins, spent 50 - we are looking for 100)
Usually the program produces 2-3 results, if this happens, then we change these numbers to our own (for example, 9999999999).
If there are more results, then repeat steps 4-5.

6. XMOD GAMES

A universal application to simplify the process of playing online games by modifying them. XModGames gained popularity mainly due to the games Clash of Klens and Boom Beach. By installing the plugin, you can configure the search for an enemy with the desired amount of resources, as well as activate the “always online” function. The XMod app is constantly updated and new mods are added to it.

Android application patcher, with functions of cutting out advertisements and checking licenses. Lucky Patcher can scan and apply patches to change and expand their functionality in your games or applications. Lucky Patcher also has a function to remove license verification, which allows you to run “pirated” versions of applications, ignoring restrictions and protection algorithms. Recently, the patcher made it possible to replace the original Google Play Market with a hacked market.

Making free purchases in games.
Remove license check.
Disable advertising.
Save APK files from installed applications.
Implementation of patches into applications and the system.
Create copies of APK with the changes made.
Clone applications (to run two copies simultaneously).

If Hacker is your favorite magazine, it means only one thing - you are our man! Also, maybe you want to become a cool hacker. And, of course, X tries his best to help you with this. There are actually two ways to hack. First: you buy a bunch of books on the structure and operation of the Internet, programming languages, operating systems, protocols, processor operation, etc. You read all this carefully, and after 2 years of training you will be able to see all the holes and get the information you need without any problems.

1. Back Orifice

This good program is a Trojan. Consists of a server and a client. You send a client to an enemy, and the victim opens the default port 31337, which allows unauthorized access to his machine. Very easy to use.

2. Flood Bot Front End

This program will help you reset your interlocutor on the IRC network. Rolly little thing.

3. Divine Intervention 3

A very useful program. Contains nuker, flooder, mail bomber. Efficiency guaranteed.

4. ICQ Flooder

The simplest and most effective, in my opinion, is ICQ flooder. You specify the IP address, ICQ port - and off you go... It works flawlessly.

5. ICQ IP Sniffer

A simple program for determining an IP address by UIN in an ICQ network. Very easy to use. Nice interface.

6. WinNuke

A very good nuke. Download it - you won't regret it. You launch it, and if the victim does not have protection against nukes, then he is screwed - a blue screen of death. There is a port scanning option.

7. Nuke Nabber 2.9

The best anti-nuker. It not only protects you from 50 types of different attacks, but also detects the attacker’s IP address. It is possible to add other ports. This program is a leader of its kind.

8. X Net Stat

The program monitors all connections on all ports to your host. A very useful program.

9. Essential Net Tools

This scanner is used by most people. Includes NetBios scanner, Nat interface, etc.

10. Lamer_Death 2.6

A popular backdoor for mocking lamers. In addition to the usual functions (files, com. line) there is also
several, such as:
-push out/push in CD/DVD drive
-control someone else's mouse
-print text on the screen on top of all windows
-print all sorts of bad things on a lamer printer
pass 1537

The use of some of the listed programs for the purpose of committing illegal actions can lead to criminal liability (as, indeed, the use of a kitchen knife, ax, copier or, for example, a crowbar for the same purposes).