Mobile phone Ethical Hacking & Penetration Testing platform (Termux)

In this tutorial we are going to know β€œhow to Penetration Testing our website or server using mobile device?” After this tutorial you can build your own ethical hacking platform. In this platform we can use many tools like as computer. Among them we can use sqlmap, nmap, wpscan, metasploit in our mobile phone. Not only these tools, you can add so many tools as your wish.

(Also we can do that after install kali linux operating system in our mobile device. But it’s not good, because of if we using kali linux in our mobile we got lowest performance and we happened network problems too.)

Today I’m going to build a linux environment using terminal emulator. We need two thing to doing this.

  1. Android device (Mobile phone or Tablet / rooted or not)
  2. Internet connection

First we should install terminal emulator. In this case we getting termux app.

You can download this apk from playstore.

Termux form playstore

Android is also linux Operating system. In this app we give a shell to Transactions with linux kernel. We can use so many commands in here.

After install this app open it. Then you need to update package list. Type this command and hit β€˜Enter’.

apt update && upgrade

Then we need to install another app named Busybox.

apt-get install busybox

You can also get this from playstore. This is a single package that combines all of the basic featured of unix.

If you install busybox, we should install scripting languages. Because this scripting languages need to run sqlmap, metasploit and etc tools. I recommend first you need to install python, ruby and perl. These are the most easy scripting languages to learn. If you know scripting language among these you can easily learn other languages.

Install python

apt-get install python2

In here you should install python 2.* version. Because of too many tools when our use in python 2.* version. If you need python 3.* version run this code.

apt-get install python3

You can install both of versions. No problem about that.

Install ruby

apt-get install ruby

If you using metasploit, you should install ruby language.

Install perl

apt-get install perl

Install C

apt-get install clang

After installation that tools, now we had to make our mobile phone as a web server. Because if you need to distribute malware and working as honeypot its need web server. For this we install apache, mysql and php.

apt-get install apache2

apt-get install php

apt-get install mysql

(If you install php7, you can control your mobile phone from anywhere. We talk about that future tutorial.)

(Otherwise you need to run metasploit you should install postgreysql without mysql.)

Now our basic tools are ready to work. Let’s see what we can do from above tools. Now you can use it as terminal or command prompt.

Ping command

Use this command and find ip using termux.

ping www.secdevil.com

whois command

you can find domain details from this command.

whois www.secdevil.com

If some website protected by cloudflare we can check subdomain using dnsmap package. Type this code an enter.

pkg install dnsmap

In the recon another important tool is dig. You should install dnsutils package before the use this.

pkg install dnsutils

Install Nmap

Then we can install nmap tool. Everyone know about nmap, because of we talk about nmap in previous posts.

Nmap Port Scanning tool (Basic Tutorial for Beginers) – 001

Nmap network scanning (Basic Tutorial for Beginers) – 002

apt-get install nmap

There are so many tools works in termux. (ssh, beef, reconbee, xssninja & etc) if you need that tools you can install from github.

install SQLmap

First download sqlmap for your mobile phone. Type this code and press Enter.

git clone https://github.com/sqlmapproject/sqlmap

Now you can run this with url or your google dork.

Use a google dork

python2 sqlmap.py –g <google dork here>

Ex – python2 sqlmap.py –g index.php?id=

Use a URL

python2 sqlmap.py –u <URL here>

python2 sqlmap.py –u https://secdevil.com/?s=nmap

Now you have some idea about how to works our Mobile phone Ethical Hacking & Penetration Testing platform. So for this day we are going to end our post. Thanks for reading and I hope you will enjoy with this.

Leave a Reply

Your email address will not be published. Required fields are marked *