Kali Linux NetHunter

ID N0WHERE:22272
Type n0where
Reporter N0where
Modified 2016-01-07T10:17:44



Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal their latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

Nethunter 3.0. Released

What’s New in Kali NetHunter 3.0

  • NetHunter Android Application Rewrite

The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter application has finally reached maturity and is now a really viable tool that helps manage complex attacks. In addition, the application now allows you to manage your Kali chroot independently, including rebuilding and deleting the chroot as needed. You can also choose to install individual metapackages in your chroot, although the default selected kali-nethunter metapackage should include all the bare necessities.

  • Android Lollipop and Marshmallow Support

Yes, you heard right. NetHunter now supports Marshmallow (Android AOSP 6.x) on applicable devices – although we’re not necessarily fans of the “latest is best” philosophy. Our favourite device continues to be the OnePlus One phone due to the combined benefits of size, CPU/RAM resources, as well as Y-Cable charging support.

  • New Build Scripts, Easier Integration for New Devices

Our rewrite also included the code that generates the images, completely porting it to Python and optimizing the build time significantly. The build process can now build small NetHunter images (~70MB) that do not include a built-in Kali chroot – allowing you do download a chroot later via the Android application.

We’ve also made it much easier to build ports for new devices that NetHunter can run on and we’ve already seen a couple of interesting PRs regarding Galaxy device support…

  • Fabulous NetHunter Documentation

We might be somewhat biased regarding our documentation, and perhaps it’s not “fabulous” but just “good”… but still, it’s definitely much better than it was before and can be found in the form of the NetHunter Github Wiki . We’ve included topics such as downloading, building and installing NetHunter, as well as a quick overview of each of the NetHunter Attacks and Features .

  • NetHunter Linux Root Toolkit Installer

We’ve got a new official NetHunter installer that runs natively on Linux or OSX. The installer is made from a set of Bash scripts which you can use to unlock, flash to stock and install the NetHunter image to supported OnePlus One or Nexus devices. Please welcome the NetHunter LRT , created by jmingov .

Kali Linux NetHunter

  • 802.11 Wireless Injection and AP mode support with multiple supported USB wifi cards.
  • Capable of running USB HID Keyboard attacks , much like the Teensy device is able to do.
  • Supports BadUSB MITM attacks . Plug in your Nethunter to a victim PC, and have your traffic relayed though it.

  • Contains a full Kali Linux toolset , with many tools available via a simple menu system.

  • USB Y-cable support in the Nethunter kernel – use your OTG cable while still charging your Nexus device!
  • Software Defined Radio support . Use Kali Nethunter with your HackRF to explore the wireless radio space.


As an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. One way to achieve this trust is by having full transparency and familiarity with the code you are running. You are free to read, investigate, and change our build scripts for the NetHunter images. All of this goodness from the house of Offensive Security and developers of Kali Linux!


The Kali NetHunter configuration interface allows you to easily configure complex configuration files through a local web interface. This feature, together with a custom kernel that supports 802.11 wireless injection and preconfigured connect back VPN services, make the NetHunter a formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are!


NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, Nethunter has a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.

Supported Devices

The Kali NetHunter image is currently compatible with the following Nexus devices:

  * ** Nexus 4 (GSM) ** – “mako” 
  * ** Nexus 5 (GSM/LTE) ** – “hammerhead” 
  * ** Nexus 7 [2012] (Wi-Fi) ** – “nakasi” 
  * ** Nexus 7 [2012] (Mobile) ** – “nakasig” 
  * ** Nexus 7 [2013] (Wi-Fi) ** – “razor” 
  * ** Nexus 7 [2013] (Mobile) ** – “razorg” 
  * ** Nexus 10 (Tablet) ** – “mantaray” 
  * ** OnePlus One 16 GB ** – “bacon” 
  * ** OnePlus One 64 GB ** – “bacon”

Backdooring Executables Over HTTP

backkali This is probably one of the coolest features/tools introduced to Kali in the past month – an updated version of the “ BackDoor Factory (BDF)”, and it’s accompanying “BackDoor Factory Proxy” toolset.

> _ We packaged these tools in Kali especially for use with the NetHunter platform – and our tests with these tools have shown some impressive results. _

To those who are not familiar with the BackDoor Factory framework – written by @midnite_runr , it allows us to inject shellcode of our choice in various binary files while the BFD Proxy allows us to backdoor these binary files over an HTTP connection on the fly. By now, you should be grasping the possibilities of this toolset, especially when combined with a mobile platform such as NetHunter

Simply put, we can now quickly use our NetHunter devices to run MANA, an improved wireless AP client hijacking toolset in conjunction with BDF to produce a mind numbing effect – transparently hijacking wireless client connections and injecting malicious code into any binary files downloaded from the Internet over HTTP. Here’s a video of MANA and BDF proxy in action:

Kali Linux NetHunter

  • Kali NetHunter runs within a chroot environment on the Android device so, for example, if you start an SSH server via an Android application, your SSH connection would connect to Android and not Kali Linux. This applies to all network services.
  • When configuring payloads, the IP address field is the IP address of the system where you want the shell to return to. Depending on your scenario, you may want this address to be something other than the NetHunter.
  • Due to the fact that the Android device is rooted, Kali NetHunter has access to all hardware, allowing you to connect USB devices such as wireless NICs directly to Kali using an OTG cable.

Source && Download

Kali Linux NetHunter download