In this tutorial we are going to know “how to Penetration Testing our website or server using mobile device?” After this tutorial you can build your own ethical hacking platform. In this platform we can use many tools like as computer. Among them we can use sqlmap, nmap, wpscan, metasploit in our mobile phone. Not only these tools, you can add so many tools as your wish.
(Also we can do that after install kali linux operating system in our mobile device. But it’s not good, because of if we using kali linux in our mobile we got lowest performance and we happened network problems too.)
Today I’m going to build a linux environment using terminal emulator. We need two thing to doing this.
- Android device (Mobile phone or Tablet / rooted or not)
- Internet connection
First we should install terminal emulator. In this case we getting termux app.
You can download this apk from playstore.
Android is also linux Operating system. In this app we give a shell to Transactions with linux kernel. We can use so many commands in here.
After install this app open it. Then you need to update package list. Type this command and hit ‘Enter’.
apt update && upgrade
Then we need to install another app named Busybox.
apt-get install busybox
You can also get this from playstore. This is a single package that combines all of the basic featured of unix.
If you install busybox, we should install scripting languages. Because this scripting languages need to run sqlmap, metasploit and etc tools. I recommend first you need to install python, ruby and perl. These are the most easy scripting languages to learn. If you know scripting language among these you can easily learn other languages.
apt-get install python2
In here you should install python 2.* version. Because of too many tools when our use in python 2.* version. If you need python 3.* version run this code.
apt-get install python3
You can install both of versions. No problem about that.
apt-get install ruby
If you using metasploit, you should install ruby language.
apt-get install perl
apt-get install clang
After installation that tools, now we had to make our mobile phone as a web server. Because if you need to distribute malware and working as honeypot its need web server. For this we install apache, mysql and php.
apt-get install apache2
apt-get install php
apt-get install mysql
(If you install php7, you can control your mobile phone from anywhere. We talk about that future tutorial.)
(Otherwise you need to run metasploit you should install postgreysql without mysql.)
Now our basic tools are ready to work. Let’s see what we can do from above tools. Now you can use it as terminal or command prompt.
Use this command and find ip using termux.
you can find domain details from this command.
If some website protected by cloudflare we can check subdomain using dnsmap package. Type this code an enter.
pkg install dnsmap
In the recon another important tool is dig. You should install dnsutils package before the use this.
pkg install dnsutils
Then we can install nmap tool. Everyone know about nmap, because of we talk about nmap in previous posts.
apt-get install nmap
There are so many tools works in termux. (ssh, beef, reconbee, xssninja & etc) if you need that tools you can install from github.
First download sqlmap for your mobile phone. Type this code and press Enter.
git clone https://github.com/sqlmapproject/sqlmap
Now you can run this with url or your google dork.
Use a google dork
python2 sqlmap.py –g <google dork here>
Ex – python2 sqlmap.py –g index.php?id=
Use a URL
python2 sqlmap.py –u <URL here>
python2 sqlmap.py –u https://secdevil.com/?s=nmap
Now you have some idea about how to works our Mobile phone Ethical Hacking & Penetration Testing platform. So for this day we are going to end our post. Thanks for reading and I hope you will enjoy with this.