Make iPhone a penetration testing tool

[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point try this out. The first step is to jailbreak your device and setup OpenSSH so that you can tunnel in for the rest of the setup. From there the rest of the setup is just acquiring build tools and compiling pentesting programs like Aircrack-ng, Ettercap, Nikto2, and the Social Engineering Toolkit. You’ll be up to no good testing your wireless security in no time.

24 thoughts on “Make iPhone a penetration testing tool

  1. This is OLD news, and also misleading. The iPhone will NOT be capable of packet injection, which is a major part of aircrack-ng.

  2. Came here to say “Ok, NOW I’ll get an iPhone.”

    But upon reading it’s unable to implement packet-injection, it looks like I’ll have to keep waiting for an interesting iPhone app to pull me into the purchase. Guess no one’s hacked it into the wifi drivers yet.

  3. Use android and download/make your own. Unlike the iPhail you can actually write your own software without big company approval.

  4. IIRC you still cant use the monitormode for sniffing wireless networks, not on the iPhone also not on Android. Please correct me if I’m wrong because I’d love to be able to set up a small wireless capturing beacon for portable pentesting :)

  5. It frustrates me no end to see this on iPhone. I’ve looked several times for similar toolkits for my Droid, to no avail. Yes, I know I can, in theory write/port it myself. Like most everyone, I’ve not got the time…

  6. I’m assuming that since the author mentions using snowbreeze to create a custom firmware to allow for a bigger root partition that this would be incompatible with the iPhone 4?

  7. I’m pretty sure all cell phone wifi cards do not support monitor mode and packet injection, hence it can’t really ‘penetrate’ but merely ‘test’ wifi connectivity if you have the right key already…. Too bad :(

  8. I guess it’s fairly useful, portable, and discreet for recon, but I don’t think you’ll be doing too much actual penetration with it. Still, I loved Ettercap when I was into this stuff, and I can think of a few pranks and a few more malicious things that portable ettercap would be useful for.

    Oh, and I think Nmap should absolutely be on the list.

  9. I looked into this a while ago but all the apps available seemed to be in just PoC stage.

    Any possibility of this on Android?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s