Zimperium Finally Releases 'Anti' For Android, Allows You To Use Penetration Testing Tools On The Go

The days where penetration testers carry around laptops with them to test the security of networks seem to be numbered, with Zimperium's 'Anti' bringing a lot of those tools over from the PC to Android smartphones.

It's been a long time coming, but Anti is now available to download to your phone for free from the Zimperium website. For some strange reason, you will have to install 'AntiCredit' from the Android Market in order to actually use the application effectively by buying credits, meaning that you will have two apps which, essentially, perform the same function.

After you have downloaded and installed Anti from the web (you will first need to enable the installation of 3rd party applications by going to Settings > Applications > Unknown sources), you are prompted to buy AntiCredits in order to actually use many of the features within the app. Once you have downloaded it separately, you can then choose from three tiered plans.

Buying silver credits will allow you to use man-in-the-middle as well as remote exploits. This pack comes with 20 credits (with one credit being used for each exploit) and will put you back $10. If you to choose to upgrade to gold credits, it will cost you $50, and for that you will be able to access additional server cracking dictionaries and use less crowded servers than members using silver. With gold, you will be able to use 150 credits.

For those who take penetration testing really seriously, there is also a platinum pack available. This pack contains everything that you get in the gold pack, but gives you access to premium servers which are more reliable than those in the cheaper packs, and will allow you to receive updates before anyone else. If this interest you, then you'd better be prepared to dig deep in to your wallet; for 1000 credits, it will cost you $250.

When you're connected to a wireless network, Anti will begin to scan all of the machines that are connected, and if you run an intrusive scan it can also flag any potential targets with a vulnerable badge. The report generated from the network scan will automatically be sent to the email address that you used to register the app when you first downloaded it, so you can have an extra copy handy in your inbox, even if you choose not to view it on your phone within the application itself.

Once a machine with a vulnerability has been detected, you can select it for more options, and choose to "Attack" through the menu presented to you. Once the application has access to the machine, you can control the attack through various options. If you're using the attack as a proof of concept, you can eject the optical disc currently in the drive, or execute the calculator application.

Other options available include the ability to take a screenshot of whatever is currently being displayed to the user, or even run a custom command through the command prompt. You can also choose to force a shutdown or reboot the machine. If you choose to take a screenshot, the image generated will then be saved on to your phone's SD card for you to view on the device itself, or later if you copy the images over to another machine.

As well as a direct attack on a local machine, you can choose to perform a DoS attack, monitor insecure connections on the network to capture plaintext usernames and passwords, or even execute man-in-the-middle attacks which invoke specific filters to manipulate the network data.

Using the 'Cracker' function, you can select a port on the network to check if your passwords are easily bruteforced, which can help you to stop them from being used in dictionary attacks.

Anti will allow you to not only monitor local networks, but also define foreign targets from within the application as well. By typing in a URL, you can determine whether the server located at the given address has any opened ports and is vulnerable to an attack. Like with local machines, you can use the Cracker to test your passwords or trace nodes from the network and have the results displayed on a map.

There's no doubt that Anti is a very, very comprehensive penetration testing application, and to be able to have all of these tools at your disposal from your mobile phone is a great step forward. The interface is easy to navigate and all of the features are accessible without much digging around, but I just don't understand why you have to install a separate application with the sole purpose of buying credits for the main app. Surely it would be a lot easier to simply add a "buy credits" option into the application itself?

If you want to try out Anti for yourself, you can download the .apk file from the Zimperium website for free, so it's well worth a look.