Nipper : Android App for Penetration Testers
Android Devices are the choice of hackers today for conducting penetration tests on the Fly … This post is about a tool called Nipper that enables you to use your Android Device for Penetration testing . Nipper allows you to conduct Penetration tests on the Web applications that are running on some kind of CMS .
Nipper is an android app for penetration testers for checking the security of CMS (Content Management System) websites. It is a simple scanner that has more than 15 different modules to gather information about a specific URL.
Today, I’m going to show you how to use Nipper Toolkit. But first, take a look at the requirements.
- Android 3.0 or higher.
And Internet Access on the Device .
How To Use Nipper Toolkit Web Scan:
Download and install Nipper on your android device.
Here is the Download Link to the APP :
Install Nipper Toolkit in your Android Device . Open the application in your device and you should have a screen as shown below :
Enter a URL. Then tap on the “Play” button. It will scan the target and display the site’s IP address along with some modules
The Scanning should begin and you should have the scan information coming on your Android Screen .
Refer to the Screenshot Below :
Features of Nipper, an android app for penetration testers :
DNS Lookup: Identify the domain name servers of the target site.
Nmap: Scan the target for open ports.
If your target is a WordPress site, you will see some additional modules such as Enumeration Users, Plugin Enumeration, Theme Identify and Core Analysis.
If your target is a Drupal powered site, you will see an extra module called “Modules Drupal“.
Enumeration Users: Displays the list of members.
Plugin Enumeration: Extracts the details of plugins used in the target site. You will also see a button named “Buscar Exploits”, “Buscar Exploits” means “Look for exploits”. Tap on that button to search for exploits on exploitDB. If the installed plugin is not updated, find an appropriate exploit and then make use of it.
Theme Identify: Displays the theme details.
Core Analysis: Checks the CMS version.
Explore this toolkit and conduct the penetration testing from your Android on the fly !!