There are apps for everyone, but no one really bothered about Security expperts/admins/ network gurus. Nickmpetty thought about this and compiled a list of apps that will do this right for security geeks, Pen testers. You can simply install all the popular pen testing tools to your iPhone, iPod Touch, iPad and connect an external keyboard (if you need to) or use it wirelessly via a SSH client like putty and there you have it — A Portable powerful pen-testing tool.
So here is the suite of Pen Testing Tools for all those who own an iPhone/ iPod Touch
Pre-Requisites: Jailbreak your iPhone, iPod Touch, iPad
Note: You must use ‘Developer Mode’ in Cydia. If you didn’t, go to Manage, then click on settings in the top left corner, and select it there.
If you have a jailbroken iPhone, this would be something you already have.
Mobile terminal gives you the full shell access, it provides bare bones for the most of the stuff.
Building a Linux Shell
With the basic stuff in there, lets install some base tools and packages that are normally included on a normal linux computer.
How to Install From Cydia, Install “uzip, adv-cmds, aptitiude, apt 0.6 transitional, inetutils, iPhone/Python, make, subversion, wget, iDNS, stunnel, tcpdump, setup tools, ruby, OpenSSH, OpenSSL, MetaSploit”.
In terminal (or via SSH) login as root with the “su” then install using “apt-get install perl” or via Cydia. Execute “curl -O http://coredev.nl/cydia/coredev.pub”. Next, run “apt-key add coredev.pub”. If you get an error, just ignore it. Now type, “echo ‘deb http://coredev.nl/cydia iphone main’ > /etc/apt/sources.list.d/coredev.nl.list”. Then, “apt-get update”, and “apt-get install perl”. Thats it. You can now delete that coredev.pub file.
Installing Pen Testing Tools
Create a folder called ‘pentest’ anywhere e.g. /var/root/. Try isntalling all the apps in this directory so that you have all the tools handy at one place.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
How to Install Install from Cydia, if you can’t find it, Add this source “theworm.altervista.org/Cydia”.
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
How to Install Search for “aircrack”, if you can’t find it try adding source to Cydia, “http://cydia.xsellize.com”. Once you’ve installed it, an icon will appear on SpringBoard, don’t bother with it. Its only to tell you to run aircrack from the terminal. Navigate to /var/aircrack/ to use it.
A web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
How to Install We need SVN to get the source and build it. execute “svn co http://svn2.assembla.com/svn/Nikto_2″. It will download the folder, move it to pentest and then navigate to the nikto2 folder, and the next folder then execute as normal.
SET (Social Engineering Toolkit)
The Social-Engineering Toolkit (SET) was designed by David Kennedy (ReL1K) and incorporates many useful Social-Engineering attacks all in one simplistic interface. The main purpose of SET is to automate and improve on many of the social-engineering attacks out there. As pentesters, social-engineering is often a practice that not many people perform.
How to Install SET is every geek’s fav. You need to checkout via svn “svn co http://svn.thepentest.com/social_engineering_toolkit/ SET/”
Move it to your pentest folder, then SET, and go as normal once again.
Nmap (“Network Mapper”) is a utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
How to install Search for it in Cydia, its already there.
This just the beginning, you can get a number f other security tools, just search in Cydia.