Free to download, ready to customize, NetHunter puts the power of a pen-tester’s Linux desktop on a Nexus phone or tablet.

Kali.org

One of the tools we’ve leaned on heavily in some of our lab testing of software privacy and security is Kali Linux. The Debian-based operating system comes packaged with a collection of penetration testing and network monitoring tools curated and developed by the security training company Offensive Security. Today, the Kali developer team and Offensive Security released a new Kali project that runs on a Google Nexus device. Called NetHunter, the distribution provides much of the power of Kali with the addition of a browser-driven set of tools that can be used to launch attacks on wireless networks or on unattended computers via a USB connection.

NetHunter is still in its early stages, but it already includes the ability to have the Nexus device emulate a USB human interface device (HID) and launch keyboard attacks on PCs that can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. It also includes an implementation of the BadUSB man-in-the-middle attack, which can force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the PC’s traffic through it for monitoring purposes.

In a phone interview with Ars, Offensive Security’s lead trainer and developer Mati Aharoni said that while NetHunter can be compiled to run on Android devices other than the Nexus family, “part of the reason we chose Nexus devices was because of the specific kernel sources we were able to get from Google. “The Nexus devices supported by NetHunter include the Nexus 5 (“hammerhead”), Nexus 7 (both 2012 and 2013 versions), and the Nexus 10 (“mantaray”).