How To Scan Websites For Vulnerabilities Using Android | Easy Method!

The ability to hack something doesn’t depend on how powerful your devices are, it depends on how powerful your skills are.

Android is one of the most used Operating Systems in the world and loved by developers. The best thing about Android is, it has very fewer restrictions in comparison to iOS.

This unlocks the opportunity to customize it according to the user. We can make it a portable hacking machine.

A portable device gives us more power to do something different when we are surrounded by unexpected people where you can’t use your regular devices such as laptops.

Here we are going to unlock the ability of Android to scan websites for vulnerability. We are going to use some apps who help to do this task.

Try out these apps and use your android in a smart way.

1. DroidSQLi

This application may be the best application among these applications we are discussing here. It analyzes websites for every SQL vulnerability one by one.

How would you find a SQL vulnerable site?

Search for the latest google dorks for SQL vulnerable sites and pick one and search the dork on the Google search bar(in the Google Homepage). For example, we took a dork that is ’ news.php?id= '. Now select a site from the search result.

Let’s consider the site is . Now add a Boolean value at the end of the URL like this- and search for it. If the loaded webpage comes with a SQL error warning, Boom! the site is vulnerable to SQL injection.


Now open up the DroidSQLi app and put the URL of the target site and click on the ’ Inject ’ at the top right corner. It will start every possible SQL injection method such as Time Based Injection, Error Based Injection, Evasion method, Blind injection and also normal Injection.

If the site is vulnerable, you will get the Database Information and Database list of the website. After that, you can access and manipulate the gathered database.

2. AnDOSid

This app is really a dangerous app! it is used to DDOS websites. It can perform DDOS very effectively.

But DDOS can be more effective if we perform it from multiple devices at one time. It depends on you.


The app comes with a very simple interface. You just need to set the URL of the target website, size of payloads and the time between the posts.

The tool shows a popup at the startup which warns you that the app is illegal and you must take permission from the owner of the target site.

Be safe! and take written permission before you do the test.

3. Nipper Toolkit Web

This tool is really an awesome tool. It has the features for information gathering, searching for exploits via ExploitDB and Bruteforcing Wordpress Admin login panel.


The interface is tried to make it as easy as possible. You just need to put the URL of the target website and you are ready to go. The tool collects basic information such as Server IP address, hosting details, etc. If you want more information, you can use the DNS Lookup and Nmap.


In the three dots at the top left corner, You will find the options to search for exploits via exploit DB and Bruteforce WP Admin login panel.

4. Admin Panel Finder

This application has a big role in the category we are discussing. There are many websites whose Admin panel is hidden from others to protect it from attacks.

For example, you know the site owner and that is why you know how vulnerable the site is or how weak the login details. If you get the login to the Admin you don’t need to find other options to hack the site but where is the login panel?


In this situation, we can use these types of tools. Thanks to the creator of the app for making these things possible for Android.

Now open up the app and put the URL of the target website. The app will scan the website for all the possible queries and if the queries match it will show the admin page.


Nmap may be one of the best highly used tools used by hackers and pen-testers. It has a great role in the field of Ethical Hacking. If we don’t talk about this application, the list will be incomplete.


NDroidMap is the Nmap version for Android and it is available on Google play store. Open up the application and put the URL of the target website and hit Run. It will scan for all the ports available on the website.


Instead of limiting your thinking in your Laptops, We want you to use your every portable device. Obviously for a good purpose, to help people, to raise security awareness.

Android is really an amazing operating system, you just need to understand it. Also if you are a Linux lover then you might know that Android is also built on the Linux platform.


The applications listed above and their tutorials are only for educational purposes. Illegal use of them can lead to punishment. Use them at your own risk. If you are using them for pen-testing, make sure you’ve taken written permission from the owner.



are those tool need root access …