Let’s take a look at how we can use android for hacking and when it comes to hacking the most important part is information gathering, in this tutorial I will show you how you can use your android for information gathering.
To get started you need termux and kali Linux or parrot os installed inside termux if you don’t know how to install kali Linux or parrot os see the old article.
Read: How to install kali Linux in mobile without root
once you have kali Linux or parrot installed start it with the right command see the start command below.
For kali linux
./starts-kali.shFor parrot os
./starts-parrot.shLet’s start installing some tools for information gathering
Whois lookup
Whois lookup is one of the most important things to have, it gives details about the IP and domain name like who is the owner of the domain where it’s hosted, name servers, in some case email and phone number of the owner. if you use kali Linux or other Linux os whois lookup will be preinstalled in your system but for mobile, you have to install it by yourself to install it type the following command in your termux kali Linux or parrot.
apt install whoisRead: What is Whois Lookup
Once it’s installed you can test it with the following command:
whois allabouthack.comRedHawk
RedHawk is another great tool for information gathering, it allow to do soo many things like whois lookup, Cloudflare detection, IP address, cms detection like WordPress or blogger, banner grabbing, DNS lookup, etc. it’s a php based tool so we have to install php also, to install the RedHawk in your termux Linux follow the command below
git clone https://github.com/Tuhinshubhra/RED_HAWK
cd RED_HAWK
apt install php
apt install php-curl
apt install php-xml
php rhawk.php
Now with the above commands, everything will be installed and will start the RedHawk, once it starts you will need to enter the website and it will give you the list of all available options.
NMAP
Nmap is the most popular and powerful network scanner with different techniques, with the help of nmap one can bypass the firewall to find open services and ports on the target device, for pc based kali Linux or parrot os it will be preinstalled in your system but here as we are using termux for Linux we have to install it.
apt install nmap
nmap --helpRead: Basic Nmap
With above command nmap will be installed in your system will show you the help to use it
DNSRECON
Dnsrecon is another great tool for DNS footprinting. it allow you to find AAA A TXT MX record for the target domain. it can be very helpful during DNS testing or vulnerability based on the information gathered from the DNS, installation is simple
apt install dnsrecon
dnsrecon --help
dnsrecon allabouthack.comyou can use DNS recon in the more advanced way with help command to see all the available options.
Sublist3r
Sublist3r is the most popular subdomain enumeration tool used by many penetration testers and bug bounty hunters. sublist3r is a python based tool for the subdomain enumeration. to install it we need python in our termux based Linux.
with the above command, it will install the sublister, Now look at the last command which will scan for the subdomains for the particular domain and -o to save them with subdomain.txt namer in our current directory. and pwd to get the current directory. ( change the domain allabouthack don’t have any subdomain)
remember this because we will need it (subdomain.txt) for our next tool.
HTTPROBE
Httprobe is a very useful tool if you use a sublister for the subdomain. the problem with subdomain is they are too many in some case and some subdomain doesn’t work. here the httprobe tool comes, first you have saved the subdomain in a text file which we didi already in sublister as subdomain.txt file and httprobe will go through all the subdomain and check if they are listing for port 80 and 443.
cd httprobe
apt install golang
go build main.go
mv main httprobe
cat /root/Sublist3r/subdomain.txt | ./httprobe -c 50
with the last command, cat will print all the subdomain for the file which we saved earlier in with file location | will grab the output from the cat command and then httprobe will be run on that output. and will print all the subdomain listing for 80 and 443 you can manually change the port if you think the target is not using the default port. check their Github page for more details.
There are some tools I personally use for my work. there are some other tools also I use but doesn't work with mobile if I found other tools which work in android I will write it down.
