Clone this wiki locally
Kali NetHunter Documentation
The Kali NetHunter is an Android ROM overlay that includes a robust Mobile Penetration Testing Platform. The overlay includes a custom kernel, a Kali Linux chroot, and an accompanying Android application, which allows for easier interaction with various security tools and attacks. Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page. NetHunter is an open-source project developed by Offensive Security and the community.
1.0 Supported Devices and ROMs
The following table lays out NetHunter supported hardware as well as the corresponding ROM or Android versions for which NetHunter is built:
|Nexus 4 (mako)||
|Nexus 5 (hammerhead)||
5.1.1 or 6.0.1
CM 13.0 or CM 14.1
|Nexus 5x (bullhead)||6.0.1|
|Nexus 6 (shamu)||5.1.1 or 6.0.1|
|Nexus 6P (angler)||6.0.1 or 7.1.1|
|Nexus 7 2013 (flo)||
5.1.1 or 6.0.1
|Nexus 9 (flounder)||5.1.1 or 6.0.1|
|Nexus 10 (manta)||5.1.1|
|OnePlus One (oneplus1)||CM 12.1 or 13.0||Our preferred device|
|OnePlus 2 (oneplus2)||CM 12.1 or 13.0|
|OnePlus 3 & 3T (oneplus3)||6.0.1 or 7.0.0||Unified build in 7.0.0 (OxygenOS)|
|OnePlus X (oneplusx)||CM 13.0|
|Galaxy Note 3 (hlte)||
CM 12.1 or 13.0
|Galaxy S5 (klte)||
CM 12.1 or 13.0
TouchWiz 5.1 or 6.0
|Galaxy S7 (herolte)||TouchWiz 6.0.1||Warning: Exynos models only!|
|Galaxy S7 edge (hero2lte)||TouchWiz 6.0.1||Warning: Exynos models only!|
|LG G5 T-Mobile (h830)||7.0.0|
|LG G5 International (h850)||7.0.0|
|LG V20 T-Mobile (h918)||7.0.0||Warning: Requires exploit on v10d firmware to unlock flashing!|
|LG V20 US Unlocked (us996)||7.0.0||Warning: US Cellular branded US996 is not unlocked!|
|HTC One M7 GPE (onem7gpe)||5.1.1||Google Play Edition|
|HTC 10 (htc_pmewl)||6.0.1|
|Sony Xperia ZR (dogo)||6.0.1|
|Sony Xperia Z (yuga)||6.0.1|
|SHIELD tablet (shieldtablet)
SHIELD tablet K1
|ZTE Axon 7 (ailsa_ii)||6.0.1||@jcadduono's preferred device|
2.0 Downloading NetHunter
Official release NetHunter images for your specific supported device can be download from the Offensive Security NetHunter project page located at the following URL:
Once the zip file has downloaded, verify the SHA1 sum of the NetHunter zip image against the values on the Offensive Security NetHunter download page. If the SHA1 sums do not match, do not attempt to continue with the installation procedure.
If you would like to try more up to date images (possibly unstable), you can find nightly releases at the following URL:
The SHA256 sums for each file can be found in the SHA256SUMS file at the top of every download page. You may also enable zip signature verification before flashing and TWRP will verify the entire zip for you before installing.
For a fresh install, you will need a nethunter-generic-[arch]-kalifs-*.zip as well as a kernel-nethunter-[device]-[os]-*.zip. The kernel should be flashed last. The update-nethunter-generic-[arch]-*.zip files are for updating your installation or if you wish to download the Kali rootfs inside the NetHunter app instead.
3.0 Building NetHunter
Those of you who want to build a NetHunter image from our GitHub repository may do so using our Python build scripts. Check out our Building NetHunter page for more information. You can find additional instructions on using the NetHunter installer builder or adding your own device in the README located in the nethunter-installer git directory.
4.0 Installing NetHunter on top of Android
Now that you've either downloaded a NetHunter image or built one yourself, the next steps are to prepare your Android device and then install the image. "Preparing your Android device" includes:
- unlocking your device and updating it to stock AOSP or CM in the case of OPO. (Check point 1.0 for supported roms)
- installing Team Win Recovery Project as a custom recovery.
- Once you have a custom recovery, all that remains is to flash the NetHunter installer zip file onto your Android device.
4.1 Installing from Linux / OSX
4.2 Installing from Windows
Alternatively, if you would like to preform the unlocking, flashing, and rooting from a Windows OS, you can use the Nexus Root Toolkit (for Nexus devices) and the Bacon Root Toolkit (for OnePlus One devices). For further instructions, check the Installing from Windows guide.
5.0 Post Installation Setup
- Open the NetHunter App and start the Kali Chroot Manager.
- Set up Hacker Keyboard.
- Configure Kali Services, such as SSH.
- Set up custom commands.
- Initialize the Exploit Database.
6.0 Kali NetHunter Attacks and Features
Kali NetHunter Application
- Home Screen - General information panel, network interfaces and HID device status.
- Kali Chroot Manager - For managing chroot metapackage installations.
- Check App Update - For checking Kali NetHunter Android App updates.
- Kali Services - Start / stop various chrooted services. Enable or disable them at boot time.
- Custom Commands - Add your own custom commands and functions to the launcher.
- MAC Changer - Change your Wi-Fi MAC address (only on certain devices)
- VNC Manager - Set up an instant VNC session with your Kali chroot.
- HID Attacks - Various HID attacks, Teensy style.
- DuckHunter HID - Rubber Ducky style HID attacks
- BadUSB MITM Attack - Nuff said.
- MANA Wireless Toolkit - Setup a malicious Access Point at the click of a button.
- MITM Framework - Inject binary backdoors into downloaded executables on the fly.
- NMap Scan - Quick Nmap scanner interface.
- Metasploit Payload Generator - Generating Metasploit payloads on the fly.
- Searchsploit - Easy searching for exploits in the Exploit-DB.
3rd Party Android Applications (WIP)
7.0 Porting NetHunter to New Devices:
If you're interested in porting NetHunter to other Android devices, check out the following links. If your port works, make sure to tell us about it so we can include these kernels in our releases!