Kali Linux NetHunter is the first Android penetration testing platform for Android devices. The NetHunter is an open-source project meaning developers can freely use it without getting copyright infringements or any other related threats. This project allows the supported Android devices to access the kali toolset, thus enabling penetration testing. In addition, there are various unique features offered by Kali NetHunter that are not possible on other hardware platforms.
The NetHunter interface permits users to work efficiently with complex configuration files via a local web interface. Besides this feature, custom kernels that support 802.11 wireless injections and back connect preconfigured VPN service constitute a formidable network security advancement plus discrete dropbox with Kali Linux at your fingertips always.
What does Kali NetHunter provide?
The Kali NetHunter provides us with lots of benefits and features, as shown below:
1. Fully dedicated NetHunter application that provided and optimized graphical user interface touch screen for common attack categories such as:
- Bluetooth attacks
- BadUSB MITM attacks. Your traffic will be relayed via this accessory once you plug in your Kali NetHunter to a ‘victim’ PC.
- Single-click MANA evil AP (access point) setup
- HID USB keyboard attacks offer almost the same services as the Teensy device.
2. Offers complete Kali Linux toolset plus a variety of other available tools through a simple menu system
3. The NetHunter app store that allows us to grow Kali’s NetHunter potential
4. The USB Y-cable comes with the Kali NetHunter kernel. This accessory enables the user to use the OTG cable while charging the device
5. A custom device-specific kernel that supports wireless injection
6. Kex (Kali Desktop Experience)
7. Support HDMI output. This accessory outputs the Kali desktop to external displays, and it only works on supported devices.
The Kali NetHunter is readily available for unrooted devices hence the name (NetHunter Rootless). However, this does not mean that other devices do not support the NetHunter application. For instance, the rooted devices with custom recovery use the (NetHunter Lite) while rooted devices that have custom recovery but with an additional NetHunter specific kernel use (NetHunter)
Despite the differences the three NetHunter editions possess, they still share some things in common, and below are the core of Kali NetHunter:
- A Kali Linux container that has all the applications and tools that Kali Linux provides
- An Android client to provide access to the Kali NetHunter app store
- A Kali NetHunter native app store that contains a dozen of built-in security applications
- The KeX (Kali Desktop Experience) helps run full Kali Linux desktop sessions. It provides support for wireless screencasting and screen mirroring with the help of an HMDI output.
Kali’s NetHunter app store can be accessed via a dedicated client application or through a web interface.
Kali NetHunter Editions
Almost all Android devices on the planet supports either of the three NetHunter editions listed below. If your device is rooted, we recommend you try using the rooted version, and if not, use the rootless version.
Nethunter is provided in three editions:
- NetHunter Rootless
- NetHunter Lite
- NetHunter
Uses of the NetHunter Editions:
- NetHunter Rootless: used by devices that are unmodified or unrooted
- NetHunter Lite: This is the complete Kali NetHunter package for all rooted devices that do not have custom kernels
- NetHunter: This is another complete Kali NetHunter package with a custom kernel for all supported phones.
Functionality differences of the NetHunter Editions
Below is a comparison table that shows the functionality difference of the NetHunter editions
| Feature | NetHunter Rootless | NetHunter Lite | NetHunter |
|---|---|---|---|
| App Store | Yes | Yes | Yes |
| Kali cli | Yes | Yes | Yes |
| All Kali packages | Yes | Yes | Yes |
| KeX | Yes | Yes | Yes |
| Metasploit w/o DB | Yes | Yes | Yes |
| Metasploit with DB | No | Yes | Yes |
| NetHunter App | No | Yes | Yes |
| Requires TWRP | No | Yes | Yes |
| Requires Root | No | No | Yes |
| WiFi Injection | No | No | Yes |
| HID attacks | No | No | Yes |
Both the rooted editions of the Kali NetHunter provide users with additional tools and services. For instance, the custom kernel can extend its functionality via adding extra USB driver gadgets, networks, and WIFI injection support (only for specified WIFI chips)
Kali Linux NetHunter Supported ROMs and Devices
Your device setup will determine whether or not it will support the Kali NetHunter application. All devices that have a custom recovery and are rooted will support the NetHunter Lite edition. A machine with a specific kernel is required for the whole NetHunter experience, which is the primary vision of the Kali NetHunter. You might be wondering how to download the kernels for your device if it meets all the minimum requirements. Don’t anymore since the NetHunter GitLab repo has more than 164 kernels for more than 65 devices. You can check out the repo and give it a try if your device is supported. In addition, the NetHunter download page also publishes more than 25 images for the most popular devices.
How to download NetHunter?
The official NetHunter release images for all supported devices can be downloaded from the Offensive Security NetHunter official project page.
Once you find the image that suits your device, download it to your Downloads folder or another location of your choice. The file is in zip format. Therefore, to use it, extract it and verify the SHA256 of the downloaded image against the values provided on the official page.
Note: you only proceed to build NetHunter once you verify that the SHA256 sum matches the one provided on NetHunter’s official page. If the sum does not match, do not proceed to the next step since you might end up breaking your device.
How to build NetHunter?
The python build scripts provided in the Gitlab repository are handy for building a NetHunter image. You can refer to the “Building NetHunter” page for more information on building NetHunter. That documentation site will help you understand the procedures and steps involved in making NetHunter.
How to install NetHunter on top of Android?
We now believe you have built your NetHunter or downloaded it from the websites provided in this article since the following steps will involve Android device preparation and image installation.
Android device preparation involves:
- Unlock your device and install a stock or custom ROM such as LineageOS (CM)
- Install custom recovery. In this case, we recommend the Team Win Recovery Project
- Root your device by installing Magisk
- Disable force encryption that will be of use when TWRP fails to access the data partition
- Once you have fully prepared your Android device by following the steps mentioned above, you are ready to flash the NetHunter installer file onto your Android phone.
How to perform post-installation?
- Launch the NetHunter application and start the Kali Chroot Manager
- Install the Hacker Keyboard. This keyboard is available in the NetHunter store; hence to get it, launch the NetHunter app store and install it.
- Configure SSH and other Kali services that might be required
- Complete the custom commands setup
- Initialize the exploit database
- Proceed and install any other relevant applications from the app store just like we did for the Hacker Keyboard.
Kali NetHunter features and attacks
- Searchsploit – Allows the user to search for exploits from the exploit database quickly.
- NMAP scan – Nmamp scanner interface
- DuckHunter HID – performs rubber ducky style HID attacks
- MAC Changer – allows the user to change the WiFi mac address (All devices do not support this feature)
- Home Screen – This is the general info panel, HID device status, and network interface status.
- Kali Services – starting and stopping the chrooted services while giving the user ability to enable or disable the services at boot time
- Metasploit Payload Generator – Generates Metasploit payloads on the fly
- BadUSB MITM Attack – Nuff said
- KeX Manager – enables instant VNC session setup with the aid of the Kali chroot
- Custom Commands – enables users to add their custom functions and commands to the launcher.
- Kali Chroot Manager – Manages chroot meta-package installations
- MITM Framework – Injects backdoor binaries into the executables downloaded on the fly
- USB Arsenal – controls all USB configuration gadgets
- Mana Wireless Toolkit – Malicious AP (Access point) setup with just a click of a button
- HID Attacks – many HID attacks, such as the Teensy style
Installing NetHunter
Follow the procedures provided below to install NetHunter on your device:
1. Put your device in “Developer mode.”
Before you start the installation process, you must first enable the developer mode on your Android device. This can be quickly done by going to Settings>About> and tapping the Build number about eight times. Once the process is successful, you will receive a notification message stating, “Developer mode has been enabled, or you are now a developer.” Now navigate back to the main settings page, and when you scroll down, you will find an additional section labeled “Developer options.” Tap on this newly added section and enable the Android debugging option and Advanced reboot. Now you are good to go to the next step.
2. Unlock, root, and install a custom recovery on your device
As mentioned earlier, NetHunter supports more than 65 different Android devices running various Android versions from KitKat to Android Q. the installation procedure has been standardized to unlock, root, and install the custom recovery. Of course, this might differ on other devices or Android versions. However, never say never until you try. In this case, we shall use the TWRP custom recovery. Also, we shall be using Magisk, which is the preferred software for rooting our device. If you have no idea how to root or unlock your device, you can check out the additional info on the provided links.
3. Flash the ForceEncrypt disabler and Universal DM-Verity
Before installing NetHunter, it is crucial for Android 9,10, and 11 users to ensure they flash the ForceEncrypt Disabler and Universal DM-Verity. In addition, they should also format their data partitions. Unfortunately, the Magisk application used previously to root our device does not support user context change on encrypted data partitions, resulting in errors when connecting the Kali rootfs via SSH.
4. Install the NetHunter image
After performing all the three steps mentioned above, your Android device is now ready for installation. Copy the NeHunter Image to the phone and reboot in recovery mode. Once in recovery mode, flash the NetHunter zip image onto your phone. After getting a success notification, reboot your phone and launch the NetHunter application to complete the installation setup.
Note: It is vital for Android 10 and 11 users to update their NetHunter application after completing the flashing process from the NetHunter app store. Also, it is essential for Android 10 and 11 users to know that the “scoped storage” was introduced on these Android versions, which prevents NetHunter from using the local storage used initially to save configuration files to store the current configuration files. However, this problem should not last for long since dev-ops are already working to find a solution.
Conclusion
This is an in-depth tutorial guide on Kali Linux NetHunter. All the useful links have been provided in the article to help you navigate through easily. We believe you now understand everything about Kali Linux NetHunter and if you encounter any challenges, feel free to reach out via the comments section. Thanks for reading.
