iPhones and iPads have always been classed to be in a very closed-source environment. Even to do simple tasks and achieve a simple SSH into the device. Below we have a number of popular tools which are widely available on Android and Linux, popularly on Kali Linux which we would like the developers to add support to Ios too.
Why these devices?
Apple devices have never disappointed in performance, design and portability. Security researchers could benefit with having such apps available for these devices and have basic to medium level capabilities including network scanning, operating system fingerprinting, port scanners and basic web scanning.
Top 4 Ethical Hacking and Penetration Testing Tools we would love to see on iPhones and iPads
- Nessus remote security scanner
Nessus is seen as the world’s most popular vulnerability scanner which is being used in more than 75 thousand organizations around the world. By using Nessus remote security scanner many of the world’s largest and best organizations are realizing significant cost savings for auditing business critical applications and enterprises. It went as a close source in the recent times but still comes in free. It is able to work with a client server framework.
- Wireshark (Formely Ethereal)
Wireshark is another network hacking tool that is GTK + based network protocol analyzer or sniffer. It lets the user capture and browser interactively the various contents of network frames.
The main aim and goal of this project is to create a commercial quality analyzer for UNIX and to provide with all the wireshark features that are being missed from the closed source sniffers. Now the best part about wireshark is that it is able to work both on windows (with a graphic user interface) and Linux. It is very easy in use and is also able to reconstruct TCP or IP streams
- AndroRAT (Remote Administration Tool)
AndroRAT is a great tool for finding vulnerabilities in the remote protocols of the apps. It allows security researchers to exploit open ports to get remote access to devices through and command and control server. AndroRAT can let the source view a lot of different data on the victim’s phone I.e. messages, phones and logs too, the app can be currently found on SecuredYou for Android. Currently, it can be found as an APK download however, an IPA has been requested and currently in developed by the author.
Nikto is yet another open source (GPL) web server. It is able to perform comprehensive tests against web servers for various items that includes over 3200 files or CCGs that are potentially damaging. The plug-ins and scan items are updated very frequently and if desired can be updated automatically as well. Nikto is seen as a very good CGI scanner. There are other tools as well that go best with Nikto
Nmap is known as network mapper. It is an open source utility for network explorations or security auditing. It comes in free. It was designed with the purpose to scan large networks though it works well against single hosts as well. Raw IP packets are being used by Nmap in novel ways in order to determine which hosts are present on the network, what services are being offered by the host; they are running which operating systems.
What type of packets filters or packet firewalls are being used and some other purposeful characteristics. The best part about this tool is that it is able to run of almost of the types of computer systems plus it had both the graphical and console versions available. It comes in totally free and is an open source. This tool can be used by beginners and by pros as well. a very versatile tool indeed once you understand all the process and results.
I do hope such apps are making way to the Apple eco system and is encouraging security researchers and penetration-testers to adopt and start using their devices in the industry. Also, as a final note apple should be providing them with app downloads too and allowing such apps on the App Store like Android allows for APK files.