Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal their latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.
The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter application has finally reached maturity and is now a really viable tool that helps manage complex attacks. In addition, the application now allows you to manage your Kali chroot independently, including rebuilding and deleting the chroot as needed. You can also choose to install individual metapackages in your chroot, although the default selected kali-nethunter metapackage should include all the bare necessities.
Yes, you heard right. NetHunter now supports Marshmallow (Android AOSP 6.x) on applicable devices – although we’re not necessarily fans of the “latest is best” philosophy. Our favourite device continues to be the OnePlus One phone due to the combined benefits of size, CPU/RAM resources, as well as Y-Cable charging support.
Our rewrite also included the code that generates the images, completely porting it to Python and optimizing the build time significantly. The build process can now build small NetHunter images (~70MB) that do not include a built-in Kali chroot – allowing you do download a chroot later via the Android application.
We’ve also made it much easier to build ports for new devices that NetHunter can run on and we’ve already seen a couple of interesting PRs regarding Galaxy device support…
We might be somewhat biased regarding our documentation, and perhaps it’s not “fabulous” but just “good”… but still, it’s definitely much better than it was before and can be found in the form of the NetHunter Github Wiki . We’ve included topics such as downloading, building and installing NetHunter, as well as a quick overview of each of the NetHunter Attacks and Features .
We’ve got a new official NetHunter installer that runs natively on Linux or OSX. The installer is made from a set of Bash scripts which you can use to unlock, flash to stock and install the NetHunter image to supported OnePlus One or Nexus devices. Please welcome the NetHunter LRT , created by jmingov .
Supports BadUSB MITM attacks . Plug in your Nethunter to a victim PC, and have your traffic relayed though it.
Contains a full Kali Linux toolset , with many tools available via a simple menu system.
As an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. One way to achieve this trust is by having full transparency and familiarity with the code you are running. You are free to read, investigate, and change our build scripts for the NetHunter images. All of this goodness from the house of Offensive Security and developers of Kali Linux!
The Kali NetHunter configuration interface allows you to easily configure complex configuration files through a local web interface. This feature, together with a custom kernel that supports 802.11 wireless injection and preconfigured connect back VPN services, make the NetHunter a formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are!
NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, Nethunter has a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.
The Kali NetHunter image is currently compatible with the following Nexus devices:
* ** Nexus 4 (GSM) ** – “mako” * ** Nexus 5 (GSM/LTE) ** – “hammerhead” * ** Nexus 7  (Wi-Fi) ** – “nakasi” * ** Nexus 7  (Mobile) ** – “nakasig” * ** Nexus 7  (Wi-Fi) ** – “razor” * ** Nexus 7  (Mobile) ** – “razorg” * ** Nexus 10 (Tablet) ** – “mantaray” * ** OnePlus One 16 GB ** – “bacon” * ** OnePlus One 64 GB ** – “bacon”
This is probably one of the coolest features/tools introduced to Kali in the past month – an updated version of the “ BackDoor Factory (BDF)”, and it’s accompanying “BackDoor Factory Proxy” toolset.
> _ We packaged these tools in Kali especially for use with the NetHunter platform – and our tests with these tools have shown some impressive results. _
To those who are not familiar with the BackDoor Factory framework – written by @midnite_runr , it allows us to inject shellcode of our choice in various binary files while the BFD Proxy allows us to backdoor these binary files over an HTTP connection on the fly. By now, you should be grasping the possibilities of this toolset, especially when combined with a mobile platform such as NetHunter
Simply put, we can now quickly use our NetHunter devices to run MANA, an improved wireless AP client hijacking toolset in conjunction with BDF to produce a mind numbing effect – transparently hijacking wireless client connections and injecting malicious code into any binary files downloaded from the Internet over HTTP. Here’s a video of MANA and BDF proxy in action: