The days where penetration testers carry around laptops with them to test the security of networks seem to be numbered, with Zimperium's 'Anti' bringing a lot of those tools over from the PC to Android smartphones.
It's been a long time coming, but Anti is now available to download to your phone for free from the Zimperium website.
For some strange reason, you will have to install 'AntiCredit' from the
Android Market in order to actually use the application effectively by
buying credits, meaning that you will have two apps which, essentially,
perform the same function.
After you have downloaded and installed
Anti from the web (you will first need to enable the installation of
3rd party applications by going to Settings > Applications >
Unknown sources), you are prompted to buy AntiCredits in order to
actually use many of the features within the app. Once you have
downloaded it separately, you can then choose from three tiered plans.
Buying
silver credits will allow you to use man-in-the-middle as well as
remote exploits. This pack comes with 20 credits (with one credit being
used for each exploit) and will put you back $10. If you to choose to
upgrade to gold credits, it will cost you $50, and for that you will be
able to access additional server cracking dictionaries and use less
crowded servers than members using silver. With gold, you will be able
to use 150 credits.
For
those who take penetration testing really seriously, there is also a
platinum pack available. This pack contains everything that you get in
the gold pack, but gives you access to premium servers which are more
reliable than those in the cheaper packs, and will allow you to receive
updates before anyone else. If this interest you, then you'd better be
prepared to dig deep in to your wallet; for 1000 credits, it will cost
you $250.
When you're connected to a wireless network, Anti will
begin to scan all of the machines that are connected, and if you run an
intrusive scan it can also flag any potential targets with a vulnerable
badge. The report generated from the network scan will automatically be
sent to the email address that you used to register the app when you
first downloaded it, so you can have an extra copy handy in your inbox,
even if you choose not to view it on your phone within the application
itself.
Once a machine with a vulnerability has been detected, you
can select it for more options, and choose to "Attack" through the menu
presented to you. Once the application has access to the machine, you
can control the attack through various options. If you're using the
attack as a proof of concept, you can eject the optical disc currently
in the drive, or execute the calculator application.
Other
options available include the ability to take a screenshot of whatever
is currently being displayed to the user, or even run a custom command
through the command prompt. You can also choose to force a shutdown or
reboot the machine. If you choose to take a screenshot, the image
generated will then be saved on to your phone's SD card for you to view
on the device itself, or later if you copy the images over to another
machine.
As well as a direct attack on a local machine, you can
choose to perform a DoS attack, monitor insecure connections on the
network to capture plaintext usernames and passwords, or even execute
man-in-the-middle attacks which invoke specific filters to manipulate
the network data.
Using the 'Cracker' function, you can select a
port on the network to check if your passwords are easily bruteforced,
which can help you to stop them from being used in dictionary attacks.
Anti
will allow you to not only monitor local networks, but also define
foreign targets from within the application as well. By typing in a URL,
you can determine whether the server located at the given address has
any opened ports and is vulnerable to an attack. Like with local
machines, you can use the Cracker to test your passwords or trace nodes
from the network and have the results displayed on a map.
There's
no doubt that Anti is a very, very comprehensive penetration testing
application, and to be able to have all of these tools at your disposal
from your mobile phone is a great step forward. The interface is easy to
navigate and all of the features are accessible without much digging
around, but I just don't understand why you have to install a separate
application with the sole purpose of buying credits for the main app.
Surely it would be a lot easier to simply add a "buy credits" option
into the application itself?
If you want to try out Anti for yourself, you can download the .apk file from my file hosted
DOWNLOAD Anti
Use 'Anti' is with Credit , How to bypass Credit with AntiCredit
DOWNLOAD Anti
Use 'Anti' is with Credit , How to bypass Credit with AntiCredit
