Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .
It’s still in beta stage so unexpected behaviour could happen,
Available Modules
- RouterPWN
Launch the http://routerpwn.com/ service to pwn your router.
*]Trace
Perform a traceroute on target. - Port Scanner
A syn port scanner to find quickly open ports on a single target. - Inspector
Performs target operating system and services deep detection, slower than syn port scanner but more accurate. - Vulnerability Finder
Search for known vulnerabilities for target running services upon National Vulnerability Database. - Login Cracker
A very fast network logon cracker which supports many different services. - Packet Forger
Craft and send a custom TCP or UDP packet to the target. - MITM
A set of man-in-the-middle tools to command&conquer the whole network.
- Simple Sniff
Only redirects target’s traffic through the device ( useful when using a network sniffer like ‘Sharp’ for Android ) and shows network stats. - Password Sniffer
Sniff passwords of many protocols such as http, ftp, imap, imaps, irc, msn, etc from the target. - Session Hijacker
Listen for cookies on the network and hijack sessions. - Kill Connections
Kill connections preventing the target to reach any website or server. - Redirect
Redirect all the http traffic to another address. - Replace Images
Replace all images on webpages with the specified one. - Replace Videos
Replace all youtube videos on webpages with the specified one. - Script Injection
Inject a javascript in every visited webpage. - Custom Filter
Replace custom text on webpages with the specified one.
- Simple Sniff
Requirements
- An Android device with at least the 2.3 ( Gingerbread ) version of the OS. ( 2.3 support since v1.0.5b ).
- The device must be rooted
- The device must have a BusyBox full install, this means with every utility installed ( not the partial installation ).
Download
https://github.com/evilsocket/dsploit/downloads
Crash Reporting & Submit an Issue
The app has an automatic crash reporting system, therefore if something nasty happens i will be informed via email with the crash detail ( no personal details are sent ), if you want to submit a new bug, use this page and provide every detail you can, such as your device model, Android version installed and so on.
NOTES
- The app is made to work only in landscape mode and will stay landscape even if you rotate your device, if you have an application such as Rotation Control to force every app to rotate, probably you are going to see dSploit crash. This is something i want to be like this, every interface is designed to work in landscape, so do not submit issues related to rotation.
- If the app keeps asking you for root privileges every 2-3 seconds, this is not a dSploit bug, but a bug of the application which handles the authorizations as documented here, so please do not submit bugs about that and start using something decent like SuperSU from chainfire.
- HTTPS is not supported at the moment, but will be implemented starting from 2.x releases.
Free Download dSploit – An Android Network Penetration Suite apk