It occurred to me that in the mad rush to release for the Smartphone Pentest Framework (SPF) I never wrote anything about it here at GeorgiaWeidman.com, so here is an introduction:

Download the source

Visit the SPF forums.

Smartphone Pentest Framework Pre-release Teaser 1 from Georgia Weidman on Vimeo.

When some people hear about this new tool, they think its about running nmap from a smartphone. Rather this tool allows you to assess the security of the smartphones in your environment in the manner you’ve come to expect with modern penetration testing tools.

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.

SPF Version 0.1 includes a text based management console, a web based GUI, and a management Android app. Additionally, a post exploitation “agent” for the Android platform is included. SPF Version 0.1 was previewed at the Hackers on Planet Earth conference and was shown at Blackhat USA Wednesday and Thursday in the arsenal and is included on the Blackhat delegate CD. An Introduction to SPF talk was given by author Georgia Weidman, CEO of Bulb Security, at Bsides Las Vegas and Defcon Skytalks. Following Blackhat/Defcon/BsidesLV SPF Version 0.1 was released publicly at BulbSecurity.com

SPF is an on going project with plans in the works for support for additional devices, more modules in each attack vector category, integration with existing tools such as Metasploit and SET, etc.