Skip to content
Weaponize Sailfish OS with Kali linux
Branch: master
Clone or download

Latest commit

Latest commit 9319108 Jan 15, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
deploy/configs new easy_pwn mountpoint,moved Jan 8, 2020
mount added evil twin attack Jan 15, 2020
src added wizard Jan 5, 2020 added license Dec 27, 2019 fix readme Jan 15, 2020 added evil twin attack Jan 15, 2020 new easy_pwn mountpoint,moved Jan 8, 2020


easy_pwn is a set of automated scripts designed to setup and run kali linux's chroot environment on Sailfish OS devices.
It allows to start kali desktop (xfce4) on Xwayland with touch screen support (even undercover mode works), without VNC or other ugly stuff behind.
Currently rogue access point and EvilTwin attack scripts are implemented, feel free to contribute.

Usage [action] [kali-rootfs-path] 

available actions:

  • create download latest kalifs-armhf from nethunter's repositories, mount it,then install the following packages :
    • kali-desktop-xfce : kali default DE (undercover mode works too)
    • Xwayland : required to run X
    • kali-linux-nethunter : nethunter's default tools metapackage
    • mousetweaks : for touch right-click attempt
    • matchbox-keyboard : default virtual keyboard
    • bettercap and bettercap-ui
  • script let you run custom scripts, default available scripts are:
    • wifi_rogue_ap : set up an open access point, redirect traffic from wlan to mobile data then attach bettercap
    • wifi_eviltwin_ap : Evil Twin Attack implementation using hostapd-wpe
  • desktop set some required environment variables, chroot kali and start xfce desktop
  • shell run chrooted shell session on fingerterm
  • update update desktop icons and chroot with latest easy_pwn scripts
  • ssh start a ssh server inside the chroot on port 2244
  • bettercap start bettercap web-ui on
  • kill kills all chroot processes
  • quit umount chroot




create a kali-chroot

$ git clone
$ cd easy_pwn
$ devel-su
  (insert root password)
# ./ create /path/to/kali/chroot

start kali desktop

After the "create" process, an icon called "chrootname" should appaer on sfos's app drawer, so the script can be executed directly from sfos as a normal application.
To start the script manually:

# ./ desktop /path/to/kali/chroot

start kali shell on fingerterm

# ./ shell /path/to/kali/chroot

It is also possible to start a desktop session, in portrait mode, from the shell by running "/opt/easy_pwn/" script.

run scripts (example: wifi_rogue_ap)

Make sure to have mobile data enabled and wifi enabled and not connected to any access point before proceed.

# ./ script /path/to/kali/chroot wifi_rogue_ap


it is possible to edit default settings for easy_pwn and scripts on mount/

todo / known issues

  • Audio doesn't work (fix in progress)
  • included in the script if your chroot is located under an external sdcard, you may need to remount the sd partition with suid enabled as follows
     # mount -o remount,suid /media/sdcard/your-partition-name
  • Thunar file manager (kali default) crash the session, anyway nautilus works fine.
  • mousetweaks longpress works with long double tab No right click on touch-only devices (long press on nautilus seems to work)(fix in progress)
  • firefox-esr tabs crash with sounds however chromium works very well
  • multiarch support
  • done. custom scripts


easy_pwn so far was tested on:

  • Xperia X Compact with Sailfish OS (Nuuksio)
  • Jolla Phone with Sailfish OS (Nuuksio)
You can’t perform that action at this time.