Mobile Pentesting/Dev Tools

So we all have times when we are onsite and need some standard information quickly but we aren't near a machine but you have an android device near you and I'm going to recommend a few apps to make onsite and also devops work easier

  • Fing
  • JuiceSSH
  • YOCA PKI
  • WiGLE Wifi
  • WiFiFoFum

Fing


Fing is a very nice nmap style network scanner.

This program is very good if your not at a desk and just want to know the ip of a machine or server. The app is free but requires a subscription if you want to sync results and sessions as well as monitoring servers.

Google Play

JuiceSSH


one of the best if not the best ssh app for remote login to servers. it even has the ability to generate ssh keys on device and generate a snippet command to copy it to authorised hosts. It's very customisable with different themes and the ability to sync identities and connection details to the cloud encrypted by AES. This is a excellent tool for sysadmins who want to be able to out of office fix problems.

Google Play

YOCA PKI


A strange but really interesting app that allows you to make certificates for SSL and to make your own certificate authority(CA).

Google Play

WiGLE Wi-Fi


This tool is great for reconisance in a area, it is a war driving tool for gathering Wi-Fi access points and plotting them on a map.

Please check local laws when using war driving applications

Google Play

WiFiFoFum


this is another war driving tool that allows logging and it also has a radar screen to judge how far you are away and what direction the Wi-Fi point is at

Please check local laws when using war driving applications

Google Play


That's just a small taste of handy apps to have on a on/offsite pentest