Jump to content
Wubi

The Smartphone Pentest Framework!

Recommended Posts

Posted

Post BlackHat USA, a lot of new tools that we were waiting for were finally released! First in line is the Smartphone Pentest Framework by Ms. Georgia Weidman! This open source tool was built out of the need of having a way to test the security of the frighteningly workplace intrusive smart phones that have unique attack vectors currently not covered by available industry tools. Mind you, this is not like just running Nmap from your smartphone.

So, the Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphone’s deployed in an environment and is a product of DARPA Cyber Fast Track grant. The SPF allows you to understand the security posture of the smartphones in an organizations just as we would in a normal world penetration test – gather information/social engineering, launch exploits and maintain control post exploitation. The current Smartphone Pentest Framework contains remote attacks (via HTTP or SMS), client side attacks (via malicious webpages, PDFs etc.), social engineering attacks, and post exploitation, targeting smartphone devices.

Smartphone Pentest Framework includes the following:

  • SPF Console: The console is a text based Perl program that allows Smartphone Pentest Framework users to perform all the server functionality of SPF.
  • SPF Web based GUI: The GUI is a web based front end for SPF that allows users to perform all the server functionality. It is a set of Perl based webpages.
  • SPF Android App: The SPF Android App allows users to use the mobile modem of the Android smartphone with SPF to send SMS messages, gather information, etc. Users can also perform server functionality directly from Android smartphones using this application.
  • SPF Android Agent: The SPF Android Agent is one of Smartphone Pentest Framework’s post exploitation options. It is transparent to the user and allows SPF users to perform post exploitation tasks such as privilege escalation, information gathering, and remote control on Android phones with the agent installed. Agents for iPhone and Blackberry platforms are currently in development.

The above components may be mixed and matched to meet users’ needs, making this framework very versatile. Prerequisites for the Smartphone Pentest Framework (though very few) are: a Webserver, a Mysql database, Perl with packages - Bundle::Expect & DBD::MYSQL and an Android phone.

Download the Smartphone Pentest Framework – SPF v0.1

Sursa: Smartphone Pentest Framework (SPF)! — PenTestIT

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...