Free security testing tools for Windows handheld devices

We talk a lot about the security testing tools that run on Windows desktops. But what about security testing tools for the Windows Mobile platform? You can and should do some basic security testing from your Windows handheld devices, such as smart phones and PDAs. This comes in handy if you're trying to perform some unannounced security testing and don't want to pique the

    Requires Free Membership to View

Windows security testing
Windows Integrity Control (WIC) in Vista

Metasploit 3.1 updates improve Windows penetration testing

IT Knowledge Exchange

interest of those who manage the systems, or if you just don't have your laptop around.

Now, I will say that these tools won't work on every version/model of Windows handhelds. You'll have to read the fine print to see if your platform is supported. But if it is and you have a wireless network connection on your device with a supported wireless adapter, you should be good to go.

Here are some tools to check out:

General networking

  • NbtstatCE -- a tool for enumerating NetBIOS name tables on remote Windows systems
  • Netcat 4 wince -- a tool for port scanning and establishing outbound and inbound TCP/UDP connections on a Windows system
  • vxUtil -- an all-in-one tool for gathering Windows DNS information, port scanning, ping and traceroute, whois lookups and more

Wi-Fi scanners

  • MiniStumbler -- the handheld version of the popular NetStumbler wardriving tool
  • WiFoFum -- an alternative to MiniStumbler with GPS support as well (compatible with Windows Mobile 6)

Text searching

  • GSFinder+ (and theoretically any search tool on a networked handheld) -- a tool for connecting to Windows network drives and searching for sensitive unstructured information that's not stored securely. I'm a big fan of using text search tools as a security and compliance tool as I outlined in my tip, The problem with unstructured information. It's often overlooked, but unstructured, unprotected information stored in files across the network is a big security problem. Now you can perform this critical task from the palm of your hand.

Outside of the slim pickings, if there's any other downside to mobile security testing tools, it's that they come at a price. Sure, they're "free" in the traditional sense but what you will pay for is battery life. As with anything that accesses hardware on a battery-powered machine -- like these applications do with the wireless connection -- they're going to sap more power out of your systems than you may be used to. Of course, if this was a big issue, you probably wouldn't be using your handheld for security testing to begin with.

You're not going to have a comprehensive testing environment with these tools, but they are a good start if you have a specific need to use a handheld for security testing. So far, there aren't many current applications because the demand hasn't been there and mobile applications can be difficult to code. I suspect both the demand for them and the supply will change.

Imagine a world where we can perform security tests from our mobile devices when we're stuck in meetings or otherwise incapacitated. Sounds like a great-time management tool to me! This is going to be fun.

About the author: Kevin Beaver is an independent information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic LLC where he specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.

This was first published in April 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.