You are previewing Learning zANTI2 for Android Pentesting.
O'Reilly logo
Learning zANTI2 for Android Pentesting

Book Description

Dive into the world of advanced network penetration tests to survey and attack wireless networks using your Android device and zANTI2

About This Book

  • Understand the basics of wireless penetration testing and its importance

  • Learn the techniques to perform penetration testing on your wireless networks, such as scanning, detecting vulnerabilities in your victim, and then attacking

  • This simple and intriguing guide takes a step-by-step approach that will help you get to grips with network pentesting using just your Android device and zANTI2

  • Who This Book Is For

    The book is intended for those who want to know more about network penetration tests and have no prior experience, as well as for those who are experienced in network systems and are curious to discover more about this topic. Since zANTI2 features an extremely intuitive and easy to control interface, it doesn’t require any special skills.

    What You Will Learn

  • Understand the importance of penetration testing throughout systems

  • Take a run through zANTI2’s interface and understand the requirements to the app

  • Perform advanced scanning/network mapping and discover the various types of scans used on a target

  • Discover and remotely connect to open ports on a target, thereby accessing a target's files and folders remotely

  • Detect vulnerabilities on a target, learn how to remotely exploit them, and discover ways to protect your self from these exploits

  • Understand what an MITM attack is and how it works, and apply this knowledge to perform attacks on network targets

  • Learn to hijack sessions, identify victim’s passwords, replace images on websites, inject scripts, and more

  • Use this knowledge to protect yourself from all of the attacks you will study

  • In Detail

    A penetration test is one of the most important methods to secure a network or any individual machine. Having knowledge of these methods can enable a user to protect himself/herself from any kinds of attacks. Penetration tests can also be used to discover flaws or loop holes in one's security system, which if not fixed, can be exploited by an unwanted entity.

    This book starts off with an introduction to what penetration testing is, and how it can be performed on Android using zANTI2. Once you are aware of the basics, we move on to teach you the different types of scans that can be performed to search for targets. You will then learn how to connect to open ports and intrude into an unsecured computer. From here you will explore vulnerabilities and their usage, including ShellShock and SSL Poodle vulnerability.

    When connected to an open network, a user is susceptible to password and session hijacking, and a number of other cyber attacks. The book therefore ends with one of the main aspects of cyber security: the Man in the Middle attack. You will get to know everything about the MITM attack, how it works, and how one can be protected against it.

    Style and approach

    The book follows a step-by-step approach with each of the parts explained in an easy-to-follow style. Most of the methods showcased can be tried out immediately on almost any network.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

    Table of Contents

    1. Learning zANTI2 for Android Pentesting
      1. Table of Contents
      2. Learning zANTI2 for Android Pentesting
      3. Credits
      4. About the Author
      5. About the Reviewers
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Introducing Android Pentesting with zANTI2
        1. Penetration testing
          1. Getting to know the dark side of Android
        2. zANTI2
          1. Mac Changer
          2. zTether
          3. RouterPWN
          4. Cloud reports
          5. The Wi-Fi monitor
          6. The HTTP server
          7. Nmap scan
          8. Operative actions
          9. Password complexity audit
        3. Zetasploit
        4. Summary
      9. 2. Scanning for Your Victim
        1. Network discovery
        2. Open or closed?
        3. Scan types
        4. Run script
        5. Intense scan
          1. OS detection
        6. Device type
        7. Running
        8. OS CPE
        9. OS Details
        10. Network distance
        11. Uptime guess
        12. TCP sequence prediction
        13. IP ID sequence generation
        14. Ping scan
        15. Quick scan and OS detection
        16. Quick traceroute
        17. Slow comprehensive scan
        18. IP/ICMP scan
        19. Script execution
          1. Auth
          2. Broadcast
          3. Brute
          4. Citrix
          5. Database
          6. Discovery
          7. DNS
          8. Geolocation
            1. Protocol
          9. Info
        20. Brute-force scripts
          1. Broadcast scripts
          2. Info scripts
          3. Intrusive scripts
        21. Summary
      10. 3. Connecting to Open Ports
        1. Open ports
        2. Connecting to open ports
        3. Cracking passwords
        4. Microsoft-DS port connection
        5. A remote desktop connection
        6. Summary
      11. 4. Vulnerabilities
        1. A vulnerability
        2. Reverse engineering
        3. Shellshock
        4. SSL Poodle
        5. Zetasploit exploits
        6. Summary
      12. 5. Attacking – MITM Style
        1. Man in the middle?
          1. ARP spoofing
        2. MITM attacks through zANTI2
          1. Logged requests
          2. ZPacketEditor
          3. SSL Strip
          4. HTTP redirection
          5. Replacing images
          6. Capture/intercept downloads
          7. Insert HTML
        3. Summary
      13. Index