cSploit is a free/libre and open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to perform network security assessments on a mobile device.
See more at www.cSploit.org.
- Map your local network
- Fingerprint hosts’ operating systems and open ports
- Add your own hosts outside the local network
- Integrated traceroute
- Integrated Metasploit framework RPCd
Search hosts for known vulnerabilities via integrated Metasploit daemon
Adjust exploit settings, launch, and create shell consoles on exploited systems
- Forge TCP/UDP packets
Perform man in the middle attacks (MITM) including:
- Image, text, and video replacement– replace your own content on unencrypted web pages
- password sniffing ( with common protocols dissection )
- Capture pcap network traffic files
- Real time traffic manipulation to replace images/text/inject into web pages
- DNS spoofing to redirect traffic to different domain
- Break existing connections
- Redirect traffic to another address
- Session Hijacking– listen for unencrypted cookies and clone them to take Web session
Use cSploit to get root shell on Metasploitable2
Use cSploit for simple Man-in-the-Middle (MITM security demos)
Also see the wiki for instructions on building, reporting issues, and more.
- A ROOTED Android version 2.3 (Gingerbread) or a newer version
- The Android OS must have a BusyBox full installation with every utility installed (not the partial installation). If you do not have busybox already, you can get it here or here (note cSploit does not endorse any busybox installer, these are just two we found).
- You must install SuperSU (it will work only if you have it)