How To Protect Your Private Data From Android Apps

protect-private-data-from-apps
In android there is lots of personal data that can be accessed by any unauthorized apps that were installed on the device. This is just because your Android data is openly saved in your file explorer that is not encrypted or protected by encryption method, so, even normal app can also hijack your data very easily as the media access permissions are granted when you click on accept button while installing the apps. And this may be endangering the private data that you might not want to share with anyone. So here we have a cool way that will help you to make your data private by disallowing the apps to access your media files without your permission. So have a look on complete guide discussed below to proceed.

How To Protect Your Private Data From Android Apps

The method is quite simple and just need a rooted android device that will allow the Xposed installer to run on the device. And after having the Xposed installer you will be using an Xposed module to disallow the apps to have access to your personal or say private data. For this follow the guide below.

Steps To Protect Your Private Data From Android Apps:

Step 1. First of all, you need a rooted android as Xposed installer can only be installed on a rooted android, so Root your android to proceed for having superuser access on your android.
Step 2. After rooting your Android device you have to install the Xposed installer on your android and thats quite lengthy process and for that, you can proceed with our Guide to Install Xposed Installer On Android.Xposed Installer
Step 3. Now after having an Xposed framework on your Android the only thing you need is the Xposed module that is DonkeyGuard – Security Management the app that will allow you to manage the media access for apps installed on your device.
Step 4. Now install the app on your device and after that, you need to activate the module in the Xposed installer. Now you need to reboot your device to make the module work perfectly on your device.
Step 5. Now launch the app and you will see all the apps that are currently installed on your device.
privacy 1
Step 6. Now edit the media permission for the apps that you don't want to have access to your media with private data.privacy 2
That's it, you are done! now the app will disallow the media access to that apps.

Manually Checking App Permission

Well, our Android operating system offers a nice feature in which we can manage a single app's permission. However, you need to have Android 6.0 Marshmallow or a newer version to get the option.
Step 1. First of all, open Settings and then tap on 'Apps'.
Manually Checking App Permission
Manually Checking App Permission
Step 2. Now you will see the list of apps that are currently installed on your Android smartphone. Now you need to select the app, and then you will see 'Permissions.'
Manually Checking App Permission
Manually Checking App Permission
Step 3. Now it will open a new window, which will show you all permissions that you have granted to the app like Camera access, contacts, Location, microphone, etc. You can revoke any permissions as per your wish.
Manually Checking App Permission
Manually Checking App Permission
Well, the same thing you need to perform if you feel that you have installed some suspicious app on your Android. By this way, you can protect your private data from Android apps.

Continue reading


Posted by at No comments:

Top 10 Most Popular Ethical Hacking Tools (2019 Ranking)

     Top 10 powerful Hacking  Tools in 2019.       

If hacking is performed to identify the potential threats to a computer or network then it will be an ethical hacking.

Ethical hacking is also called penetration testing, intrusion testing, and red teaming.

Hacking is the process of gaining access to a computer system with the intention of fraud, data stealing, and privacy invasion etc., by identifying its weaknesses.

Ethical Hackers:

A person who performs the hacking activities is called a hacker.

There are six types of hackers:

  • The Ethical Hacker (White hat)
  • Cracker
  • Grey hat
  • Script kiddies
  • Hacktivist
  • Phreaker

A security professional who uses his/her hacking skills for defensive purposes is called an ethical hacker. To strengthen the security, ethical hackers use their skills to find vulnerabilities, document them, and suggest the ways to rectify them.

Companies that provide online services or those which are connected to the internet, must perform penetration testing by ethical hackers. Penetration testing is another name of ethical hacking. It can be performed manually or through an automation tool.

Ethical hackers work as an information security expert. They try to break the security of a computer system, network, or applications. They identify the weak points and based on that, they give advice or suggestions to strengthen the security.

Programming languages that are used for hacking include PHP, SQL, Python, Ruby, Bash, Perl, C, C++, Java, VBScript, Visual Basic, C Sharp, JavaScript, and HTML.

Few Hacking Certifications include:

  1. CEH
  2. GIAC
  3. OSCP
  4. CREST

Let's Explore!!

#1) Nmap

Nmap

Price: Free

Description:

Nmap is a security scanner, port scanner, as well as a network exploration tool. It is an open source software and is available for free.

It supports cross-platform. It can be used for network inventory, managing service upgrade schedules, and for monitoring host & service uptime. It can work for a single host as well as large networks. It provides binary packages for Linux, Windows, and Mac OS X.

Features: 

  • Nmap suite has:
    • Data transfer, redirection, and debugging tool(Ncat),
    • Scan results comparing utility(Ndiff),
    • Packet generation and response analysis tool (Nping),
    • GUI and Results viewer (Nping)
  • Using raw IP packets it can determine:
    • The available hosts on the network.
    • Their services offered by these available hosts.
    • Their OS.
    • Packet filters they are using.
    • And many other characteristics.

Best for: Nmap is best for scanning network. It is easy to use and fast as well.

Website: Nmap

******************

#2) Netsparker

Netsparker Vulnerability-Assessments-and-Penetration-Tests

Netsparker is a dead accurate ethical hacking tool, that mimics a hacker's moves to identify vulnerabilities such as SQL Injection and Cross-site Scripting in web applications and web APIs. 
 
Netsparker uniquely verifies the identified vulnerabilities proving they are real and not false positives, so you do not need to waste hours manually verifying the identified vulnerabilities once a scan is finished.
 
It is available as a Windows software and an online service.

******************

#3) Acunetix 

Acunetix Dashboard

Acunetix is a fully automated ethical hacking tool that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS.

The Acunetix crawler fully supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex, authenticated applications.

It bakes in advanced Vulnerability Management features right-into its core, prioritizing risks based on data through a single, consolidated view, and integrating the scanner's results into other tools and platforms.

=> Visit Acunetix Official Website

******************

#4) Metasploit

Metasploit

Price: Metasploit Framework is an open source tool and it can be downloaded for free. Metasploit Pro is a commercial product. Its free trial is available for 14 days. Contact the company to know more about its pricing details.

Description:


It is the software for penetration testing. Using Metasploit Framework, you can develop and execute exploit code against a remote machine. It supports cross-platform.

Features: 

  • It is useful for knowing about security vulnerabilities.
  • Helps in penetration testing.
  • Helps in IDS signature development.
  • You can create security testing tools.

Best For Building anti-forensic and evasion tools.

Website: Metasploit

#5) Aircrack-Ng

aircrack-ng

Price: Free

Description:

Aircrack-ng provides different tools for evaluating Wi-Fi network security.

All are command line tools. For Wi-Fi security, it focuses on monitoring, attacking, testing, and cracking. It supports Linux, Windows, OS X, Free BSD, NetBSD, OpenBSD, Solaris, and eComStation 2.

Features:


  • Aircrack-ng can focus on Replay attacks, de-authentication, fake access points, and others.
  • It supports exporting data to text files.
  • It can check Wi-Fi cards and driver capabilities.
  • It can crack WEP keys and for that, it makes use of FMS attack, PTW attack, and dictionary attacks.
  • It can crack WPA2-PSK and for that, it makes use of dictionary attacks.

Best For: Supports any wireless network interface controller.

Website: Aircrack-Ng

#6) Wireshark

Wireshark

Price: Free

Description:

Wireshark is a packet analyzer and can perform deep inspection of many protocols.

It supports cross-platform. It allows you to export the output to different file formats like XML, PostScript, CSV, and Plaintext. It provides the facility to apply coloring rules to packet list so that analysis will be easier and quicker. The above image will show the capturing of packets.

Features:

  • It can decompress the gzip files on the fly.
  • It can decrypt many protocols like IPsec, ISAKMP, and SSL/TLS etc.
  • It can perform live capture and offline analysis.
  • It allows you to browse the captured network data using GUI or TTY-mode TShark utility.

Best For: Analyzing data packets.

Website: Wireshark

#7) Ettercap

Ettercap

Price: Free.

Description:

Ettercap supports cross-platform. Using Ettercap's API, you can create custom plugins. Even with the proxy connection, it can do sniffing of HTTP SSL secured data.

Features:

  • Sniffing of live connections.
  • Content filtering.
  • Active and passive dissection of many protocols.
  • Network and host analysis.

Best For: It allows you to create custom plugins.

Website: Ettercap

#8) Maltego

Maltego

Price: The Community version, Maltego CE is available for free. Price for Maltego Classic is $999. Price for Maltego XL is $1999. These two products are for the desktop. Price for the server products like CTAS, ITDS, and Comms starts at $40000, which includes training as well.

Description:

Maltego is a tool for link analysis and data mining. It supports Windows, Linux, and Mac OS.

For the discovery of data from open sources and visualizing the information in graphical format, it provides the library of transforms. It performs real-time data-mining and information gathering.

Features:

  • Represents the data on node-based graph patterns.
  • Maltego XL can work with large graphs.
  • It will provide you the graphical picture, thereby telling you about the weak points and abnormalities of the network.

Best For: It can work with very large graphs.

Website: Maltego

#9) Nikto

Nikto

Price: Free

Description:

Nikto is an open source tool for scanning the web server.

It scans the web server for dangerous files, outdated versions, and particular version related problems. It saves the report in a text file, XML, HTML, NBE, and CSV file formats. Nikto can be used on the system which supports basic Perl installation. It can be used on Windows, Mac, Linux, and UNIX systems.

Features:

  • It can check web servers for over 6700 potentially dangerous files.
  • It has full HTTP proxy support.
  • Using Headers, favicons, and files, it can identify the installed software.
  • It can scan the server for outdated server components.

Best For: As a Penetration Testing tool.

Website: Nikto

#10) Burp Suite

BurpSuite

Price: It has three pricing plans. Community edition can be downloaded for free. Pricing for Enterprise edition starts at $3999 per year. Price of the Professional edition starts at $399 per user per year.

Description:

Burp Suite has a web vulnerability scanner and has advanced and essential manual tools.

It provides many features for web application security. It has three editions, community, enterprise, and professional. With community editions, it provides essential manual tools. With the paid versions it provides more features like Web vulnerabilities scanner.

Features:

  • It allows you to schedule and repeats the scan.
  • It scans for 100 generic vulnerabilities.
  • It uses out-of-band techniques (OAST).
  • It provides detailed custom advisory for the reported vulnerabilities.
  • It provides CI Integration.

Best For: Security testing.

Website: Burp Suite

#11) John The Ripper

John-the-Ripper

Price: Free

Description:

John the Ripper is a tool for password cracking. It can be used on Windows, DOS, and Open VMS. It is an open source tool. It is created for detecting weak UNIX passwords.

Features:

  • John the Ripper can be used to test various encrypted passwords.
  • It performs dictionary attacks.
  • It provides various password crackers in one package.
  • It provides a customizable cracker.

Best For: It is fast in password cracking.

Website:  John the Ripper

#12) Angry IP Scanner

AngryIPScanner

Price: Free

Description:

Angry IP Scanner is a tool for scanning the IP addresses and ports. It can scan both on local network and Internet. It supports Windows, Mac, and Linux operating systems.

Features:

  • It can export the result in many formats.
  • It is a command-line interface tool.
  • It is extensible with many data fetchers.

Website:  Angry IP Scanner

Conclusion

As explained here, Nmap is used for computer security and network management. It is good for scanning the network. Metasploit is also for security and is good for building anti-forensic and evasion tools.

Aircrack-Ng is a free packet sniffer & injector and supports cross-platform. Wireshark is a packet analyzer and is good in analyzing data packets. As per the reviews available online, people recommend using Nmap instead of Angry IP scanner as Angry IP Scanner comes with unwanted applications.

John the Ripper is fast in password cracking. Nikto is a good open source tool for penetration testing. Maltego presents the data in a graphical form and will give you information about weak points and abnormalities.

This was all about the ethical hacking and the top ethical hacking tools. Hope you will find this article to be much useful!!

@EVERYTHING NT

Related news


  1. Hack Tools Mac
  2. Hack Tools Online
  3. Hacking Tools Download
  4. Pentest Tools Windows
  5. Hacking Tools
  6. Hacking Tools 2020
  7. Pentest Tools Find Subdomains
  8. New Hack Tools
  9. Hack Tools
  10. Physical Pentest Tools
  11. Bluetooth Hacking Tools Kali
  12. Blackhat Hacker Tools
  13. Pentest Tools Framework
  14. Easy Hack Tools
  15. Wifi Hacker Tools For Windows
  16. Hack App
  17. Hacker Tools Mac
  18. Pentest Box Tools Download
  19. Hacker Tools For Ios
  20. Hack Tools Mac
  21. Hack And Tools
  22. World No 1 Hacker Software
  23. Pentest Tools Find Subdomains
  24. Android Hack Tools Github
  25. Hacker Tools Apk
  26. Hack Tools For Mac
  27. Hacker Tools 2020
  28. Hackers Toolbox
  29. Hacking Tools Kit
  30. New Hack Tools
  31. Pentest Tools Online
  32. Pentest Tools Linux
  33. Hacking Tools For Games
  34. Hack Tools For Windows
  35. Pentest Tools Windows
  36. Hacking Tools Github
  37. Pentest Tools Bluekeep
  38. Pentest Tools
  39. Pentest Tools Subdomain
  40. Pentest Tools Github
  41. Growth Hacker Tools
  42. Top Pentest Tools
  43. Pentest Tools Download
  44. Pentest Tools Alternative
  45. Pentest Tools Url Fuzzer
  46. Hacking Tools Pc
  47. Nsa Hacker Tools
  48. Pentest Tools Bluekeep
  49. Hack Tools
  50. Hacking Tools
  51. Hacking Tools And Software
  52. Hacker Tools Linux
  53. Pentest Tools Find Subdomains
  54. Hacker Tools Online
  55. Free Pentest Tools For Windows
  56. Hacking Tools Software
  57. Hacking Tools Name
  58. Kik Hack Tools
  59. Best Pentesting Tools 2018
  60. Hack Tools Download
  61. Hacking Tools Mac
  62. Hacking Tools Windows 10
Posted by at No comments:

SubOver - A Powerful Subdomain Takeover Tool


Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.

Installing
You need to have Python 2.7 installed on your machine. The following additional requirements are required -
  • dnspython
  • colorama
git clone https://github.com/Ice3man543/SubOver.git .
cd SubOver
# consider installing virtualenv
pip install -r requirements.txt
python subover.py -h

Usage
python subover.py -l subdomains.txt -o output_takeovers.txt
  • -l subdomains.txt is the list of target subdomains. These can be discovered using various tool such as sublist3r or others.
  • -o output_takeovers.txtis the name of the output file. (Optional & Currently not very well formatted)
  • -t 20 is the default number of threads that SubOver will use. (Optional)
  • -V is the switch for showing verbose output. (Optional, Default=False)

Currently Checked Services
  • Github
  • Heroku
  • Unbounce
  • Tumblr
  • Shopify
  • Instapage
  • Desk
  • Tictail
  • Campaignmonitor
  • Cargocollective
  • Statuspage
  • Amazonaws
  • Cloudfront
  • Bitbucket
  • Squarespace
  • Smartling
  • Acquia
  • Fastly
  • Pantheon
  • Zendesk
  • Uservoice
  • WPEngine
  • Ghost
  • Freshdesk
  • Pingdom
  • Tilda
  • Wordpress
  • Teamwork
  • Helpjuice
  • Helpscout
  • Cargo
  • Feedpress
  • Freshdesk
  • Surge
  • Surveygizmo
  • Mashery
Count : 36

FAQ
Q: What should my wordlist look like?
A: Your wordlist should include a list of subdomains you're checking and should look something like:
backend.example.com
something.someone.com
apo-setup.fxc.something.com

Your tool sucks!
Yes, you're probably correct. Feel free to:
  • Not use it.
  • Show me how to do it better.

Contact
Twitter: @Ice3man543

Credits


Read more
Posted by at No comments:
Subscribe to: Posts (Atom)

Remember...

If you want more information on any of these news updates, do feel free to call the office at any time! 02890673379
or email office@summermadness.co.uk
....or check out the rest of the SM website

Blog Archive