Kali Nethunter - Mobile Penetration Testing Platform for Android
Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for un-rooted devices (NetHunter Rootless), for rooted devices that have a custom recovery (NetHunter Lite), and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter). Official images are published by Offensive Security on their download page and are updated every quarter. NetHunter images with custom kernels are published for the most popular supported devices, such as Google Nexus, Samsung Galaxy, LG, Xiaomi and OnePlus. Many more models are supported, and images not published by Offensive Security can be generated using NetHunter build scripts. Kali NetHunter is maintained by a community of volunteers, and is funded by Offensive Security.
Kali NetHunter is available for un-rooted devices (NetHunter Rootless), for rooted devices that have a custom recovery (NetHunter Lite), and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter).
The core of Kali NetHunter, which is included in all three editions, comprises of:
● Kali Linux container that includes all the tools and applications that Kali Linux provides
● Kali NetHunter App Store with dozens of purpose-built security apps
● Android client to access the Kali NetHunter App Store
● Kali NetHunter Desktop Experience (KeX) to run full Kali Linux desktop sessions with support for screen mirroring via HDMI or wireless screen casting
Both rooted editions provide additional tools & services. A custom kernel can extend that functionality by adding additional network and USB gadget drivers as well as wifi injection support for selected wifi chips.
Beyond the penetration testing tools included in Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and many more.
Read more about nethunter here : https://www.kali.org/docs/nethunter/
NetHunter for Supported Devices
Official Release NetHunter Images For Supported Device : kali.org/get-kali/#kali-mobile
Want to see Kali NetHunter progress? Look at the stats page, to see if your device is supported yet.
Here i have OnePlus 3T, one of the supported device for which official release of kali nethunter is available.
before we do anything download all the required files and backup all your data.
Required Files
● Fastboot and ADB
● OnePlus3T Driver
● TWRP for OnePlus3T
● Magisk v23.0
● OnePlus3T Oxygen OS 9.0.6 (Stock Rom) (Android 9.0)
● Kali Nethunter for OnePlus3T
● Boot Patched 9.0.6 OnePlus3T
● Force Encryption Disabler for OOS Pie v1
● Type-C OTG Cable : Amazon India
● USB Flash Drive : Amazon India
● C-Type USB Cable
Unlock Bootloader
first of all we unlock the bootloader of OnePlus3T. to do that simpaly follow these steps :
● Enable Developer Option : Go to Settings > About Phone > Tap on Build Number 7 times.
● Go to Settings > System > Developer Options
● Enable USB Debugging Mode, OEM Unlocking and Advanced Reboot
⚠️ Unlocking Bootloader will completely reset your phone to factory defaults! Backup all your data before doing this.
● Boot OnePlus3T into fastboot mode by long pressing the power button and then select Bootloader Option, or you can also boot your device into fastboot mode by turning off the device then long pressing volume up + power button.
● After that connect your device to PC via USB cable.
● Extract Fastboot and ADB (platform-tools_rxx.x.x-windows.zip)
● Open the Terminal in the extracted Fastboot and ADB folder by pressing Shift + Right Click > Windows Terminal
● Verify the device’s connection by executing the following command : fastboot devices
● Now, unlock the bootloader by typing the following command : fastboot oem unlock
● You will get finished output in the terminal and phone will reboot, let it boot completly and setup your android device.
Flash TWRP Recovery
● After Unlocking Bootloader, reboot and setup your android.
● Again, Enable Developer Option.
● Enable USB Debugging Mode, OEM Unlocking and Advanced Reboot.
● Reboot OnePlus3T into fastboot mode and connect your device to PC via USB cable.
● Move TWRP img file to the extracted Fastboot and ADB folder
⚠️ You can also change the TWRP img file name to twrp.img with the actual filename. just for shorten the command. 😅
● Open the Terminal by pressing Shift + Right Click > Windows Terminal
● Verify the device’s connection by executing the following command : fastboot devices
● Now, Flash TWRP Recovery by executing the following command : fastboot flash recovery twrp.img
● That's it !!! You have successfully installed TWRP Recovery.
● Now, navigate to TWRP Recovery with your volume keys and select it with the power button.
⚠️ You can also create a backup using TWRP and move it to your PC or USB Stick so if anything goes wrong you can restore your stock android.
Wipe All Data and Flash Stock Rom and Patches
● Reboot to TWRP Recovery
● TWRP Recovery
● Format DALVIK, SYSTEM, CACHE : Wipe > Swipe to Factory Reset
⚠️ Don't Reboot !!
● Copy all files to the USB Stick :
- OnePlus3TOxygen_28_OTA_086_all_1911042121_9156030ead54e.zip
- boot-patched-9.0.6-OP3T.img
- Force_Encryption_Disabler_For_OOS_Pie_v1.zip
- Magisk-v23.0.zip
- nethunter-2021.3-oneplus3-any-pie-kalifs-full.zip
● Connect The USB Stick with Android Device using OTG Cable.
● Mount OTG by going to Mount > Select USB-OTG Partition
● Select Storage USB-OTG by going to Mount > Select Storage > Select USB-OTG
● Flash OnePlus3T Stock Rom : Install > Select OnePlus3TOxygen_28_OTA_086_all_1911042121_9156030ead54e.zip file > Swipe to Install
⚠️ Don't Reboot !!
● Flash boot-patched-9.0.6-OP3T.img : Install > Install Image > Select boot-patched-9.0.6-OP3T.img file > Swipe to Install
⚠️ Flash boot-patched-9.0.6-OP3T.img to disable DM-Verity
● Go back and Flash Force_Encryption_Disabler_For_OOS_Pie_v1.zip : Install > Select Force_Encryption_Disabler_For_OOS_Pie_v1.zip file > Swipe to Install
● Again go back and Flash Magisk-v23.0.zip : Install > Select Magisk-v23.0.zip > Swipe to Install
● Now reboot to system and setup your android device.!!
Flashing Nethunter
● Once you setup your device again reboot to Recovery.
● Go To Advance > Terminal
● Type df system -h and look at the free space in system partition, make sure you have atleast 100MB free space.
● If you don't have enough free space then mount system in TWRP : Mount > Select System
● Go to File Manager > System > Apps and free some space by deleting some unwanted apps like play games, play movies, youtube, duo etc. (Don't Delete System Apps)
⚠️ If there is low space on your system partition that fstab file flashing fails resulting in blank fstab file and you will end up in bootloop.
● Then check again the free space from terminal, Once you have confirmed that you have atleast 100MB of free space left in system partition follow the next step
● Now Flash nethunter-2021.3-oneplus3-any-pie-kalifs-full.zip : Install > Select nethunter-2021.3-oneplus3-any-pie-kalifs-full.zip > Swipe to Install
● This process can take up to 25 minutes so keep patience.
● Once the flash is successful, Flash Magisk-v23.0.zip Again : Install > Select Magisk-v23.0.zip > Swipe to Install
That's It. Reboot Your Device.
Things To Do After Installation
● Update NetHunter App after flashing.
● Open the NetHunter App and start the Kali Chroot Manager.
● Install the Hacker Keyboard from the NetHunter Store using the NetHunter Store app.
● Install any other apps from the NetHunter Store as required.
● Set up Nethunter KeX.
● Configure Kali Services, such as SSH.
● Set up custom commands.
● Initialize the Exploit-Database.
● If you want you can also Add Metapackage.
● Open Nethunter Terminal and Update and Upgrade Kali.
That's it !!! if you face any issue feel free to ask..
NetHunter for Non-Supported Devices
NetHunter Rootless Edition (For Unrooted Devices)
⚠️ No Root Required
Install Kali NetHunter on any stock, unrooted Android device without voiding the warranty.
Install the NetHunter-Store app from https://store.nethunter.com
From the NetHunter Store, install Termux, NetHunter-KeX client, and Hacker's keyboard Note: The button "install" may not change to "installed" in the store client after installation - just ignore it. Starting termux for the first time may seem stuck while displaying "installing" on some devices - just hit enter.
Other Commands for Nethunter in Termux :
| Command | Details |
|---|---|
| nethunter | start NetHunter |
| nethunter kex passwd | configure KeX password (only needed before 1st use) |
| nethunter kex & | start NetHunter Desktop Experience as user |
| nethunter kex stop | stop NetHunter Desktop Experience as user |
| nethunter [command] | run in NetHunter environment |
| nethunter -r | start NetHunter cli as root |
| nethunter -r kex passwd | configure the KeX password for root |
| nethunter -r kex & | start NetHunter Desktop Experience as root |
| nethunter -r kex stop | stop NetHunter Desktop Experience root sessions |
| nethunter -r kex kill | Kill all KeX sessions |
| nethunter -r [command] | run [command] in NetHunter environment as root |
NOTE : The command nethunter can be abbreviated to nh. Tip: If you run kex in the background (&) without having set a password, bring it back to the foreground first when prompted to enter the password, i.e. via fg [job id] - you can later send it to the background again via Ctrl + z and bg [job id]
To use KeX, start the KeX client, enter your password and click connect. For a better viewing experience, enter a custom resolution under "Advanced Settings" in the KeX Client
TIPS :
● Run sudo apt update && sudo apt full-upgrade first thing after installation. If you have plenty of storage space available you might want to run apt install kali-linux-default as well.
● All of the penetration testing tools should work but some might have restrictions, e.g. metasploit works but doesn't have database support. If you discover any tools that don't work, please post it in nethunter forums.
● Some utilities like "top" won't run on unrooted phones.
● Non-root users still have root access in the chroot. That's a proot thing. Just be aware of that.
● Galaxy phone's may prevent non-root users from using sudo. Just use su -c instead.
● Perform regular backups of your rootfs by stopping all nethunter sessions and typing the following in a termux session: tar -cJf kali-arm64.tar.xz kali-arm64 && mv kali-arm64.tar.xz storage/downloads That will put the backup in your Android download folder. Note: on older devices, change "arm64" to "armhf"
● Please join us in kali forums to exchange tips and ideas and be part of a community that strives to make NetHunter even better.
Unofficial Rom / Build Nethunter Rom (Root Required)
⚠️ Root Required : https://magiskapp.com/
Nethunter Unofficial Rom :
The best resource of cybersecurity are the people on its community, and because of such people we get a lot of help.. if you don't have a device that supports nethunter rom then you can simpaly search on Google or you can also search on XDA Forum for "Nethunter Rom for Your Device" and there is a chance that maybe someone has already build the nethunter rom for your device so you can simpaly download and flash that rom by provided installation instruction or you can follow same steps as we did on supported devices..
⚠️ The only bad thing in unofficial rom is INSTABILITY. It may happen that you have to face difficulties like "App is not responding", "Auto Reboot", "Bootloop", "Lags / Freezes", etc. in running tools and commands.
Build Nethunter Rom :
Those of you who want to build a NetHunter image from nethunter Gitlab repository may do so using nethunter Python build scripts. Check out nethunter Building NetHunter page for more information. You can find additional instructions on using the NetHunter installer builder or adding your own device in the README located in the nethunter-installer git directory.
Building NetHunter : https://www.kali.org/docs/nethunter/building-nethunter/
Now that you've either downloaded a NetHunter image or built one yourself, the next steps are to prepare your Android device and then install the image. "Preparing your Android device" includes:
● unlocking your device and updating it to stock AOSP or LineageOS (CM). (Check point 2.0 for supported roms)
● installing Team Win Recovery Project as a custom recovery.
● installing Magisk to root the device
● disabling force encryption may be required if TWRP cannot access the data partition
● Once you have a custom recovery, all that remains is to flash the nethunter rom and reboot.
● After reboot, open the NetHunter App and start the Kali Chroot Manager.
that's it.. once the installation process completed,
● Install the Hacker Keyboard from the NetHunter Store using the NetHunter Store app.
● Install any other apps from the NetHunter Store as required.
● Configure Kali Services, such as SSH.
● Set up custom commands.
● Initialize the Exploit Database.
Note : Offensive Security does not provide technical support for NetHunter. Support for NetHunter can be obtained via various methods listed on the Kali Linux Community page.
Links
Website : https://www.kali.org/get-kali/#kali-mobile
Documentation : https://kali.org/docs/nethunter
NetHunter Store : https://store.nethunter.com
NetHunter Forum : https://forums.kali.org
ROM for Supported Devices : https://www.kali.org/get-kali/#kali-mobile
Fastboot and ADB : https://developer.android.com/studio/releases/platform-tools
TWRP Recovery : https://twrp.me
Magisk : https://magiskapp.com
That's It.. ✌🏾 If You Like This Post, Please Share This With Your Friends.