This project is with the purpose of offering easy and fast access to the installation of tools and/or frameworks provided by the cyber security and pentesting laboratory i-Haklab, for the Android operating system under the Termux application.
| Tool | Description |
|---|---|
| i-Haklab | Ciber-security and pentesting laboratory for Termux |
| acccheck | Windows SMB Password Dictionary Attack Tool |
| adbfastboot | Versatile command-line tool that facilitates a variety of device actions |
| adminpanel | Find website's admin panel |
| aircrack-ng | WiFi security auditing tools suite |
| amass | In-depth Attack Surface Mapping and Asset Discovery |
| androbugs | Android vulnerability scanner |
| androidsdk-cli | Official command line Integrated Development Environment (IDE) for Android app development |
| appshark | An static taint analysis platform to scan vulnerabilities in an Android app |
| beef | powerful and intuitive security tool focuses on leveraging browser vulnerabilities to assess the security posture of a target |
| binwalk | Tool for analyzing, reverse engineering, and extracting firmware images |
| bitb | Phishing technique that simulates a browser window within the browser to spoof a legitimate domain. |
| blackbox | A penetration testing framework |
| botgram | Fetch all information about Telegram group members |
| burpsuite | Graphical tool for performing security testing of web applications |
| cewl | Custom word lists spidering a targets website |
| cloudbunny | Capture the real IP of the server that uses a WAF as a proxy or protection |
| code-server | VS Code with Nodejs development environment running on a remote server |
| converter | Easy multimedia file converter |
| credmap | Test the user credentials provided on several popular websites to see if the password has been reused on any of them |
| d-tect | Pentest the Modern Web |
| dos-a-tool | Performs denial of service attacks under the SYN Flood method |
| dex2jar | Toolkit to work with android .dex and java .class files |
| dnsenum | Enumerate DNS information |
| embed | Embed metasploit payload into a legtim APK |
| evilginx2 | Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication. |
| evilurl | Generate unicode domains for IDN Homograph Attack and detect them. |
| exif | Extract information (meta data) from files. |
| exploitdb | The official Exploit Database repository |
| fake-sms | Send messages (sms) anonymously. |
| fbi | Facebook account information gathering |
| fuzzdb | Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery |
| geo-recon | An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. |
| getadusers | Gather data about the domain's users and their corresponding email addresses |
| getnpusers | Attempt to list and get TGTs for those users that have the property 'Do not require Kerberos preauthentication' set |
| getuserspns | Try to find Service Principal Names that are associated with normal user account. |
| ghidra | A software reverse engineering (SRE) framework. |
| ghost | Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. |
| gobuster | Directory/File, DNS and VHost busting tool written in Go |
| gophish | Open-Source advance phishing toolkit |
| hakku | Open-source penetration testing platform used to perform web and network-related penetration testing. |
| hasher | Hash cracker with auto detect hash |
| hashid | Software to identify the different types of hashes used to encrypt data and especially passwords. |
| hatcloud | Make bypass in CloudFlare for discover real IP. |
| hunner | Hacking framework to DOS sites, ftp |
| hydra-gtk | Number one brute forcing tool in ciber security. |
| infoga | Gathering email accounts informations from different public source and check if emails was leaked using haveibeenpwned.com API. |
| ipgeolocations | A tool to retrieve IP Geolocation information. |
| johntheripper | Advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs. |
| jython | The Jython project provides implementations of Python in Java, providing to Python the benefits of running on the JVM and access to classes written in java |
| kerbrute | An script to perform kerberos bruteforcing by using the Impacket library. |
| kalilinux | The Kali-Linux Open-source project for Android devices |
| lockphish | A tool for phishing attacks on the lock screen, designed to grab Windows credentials, Windows, iPhone and Android PIN. |
| maltego | Maltego is a software focused mainly on forensic analysis and developed to make link analysis and data mining more conducive from IP domains, emails, telephones, geographic locations... that is, the starting point of an investigation. |
| metasploit-framework | World's leading open-source penetrating framework |
| mimikatz | Mini shell to control a remote mimikatz RPC server. |
| nexphisher | Advanced Phishing tool for Termux. |
| ngrok | Globally distributed reverse proxy fronting your web services running in any cloud or private network, or your machine. |
| nikto | A web server scanner |
| openjdk-21 | Java development kit and runtime |
| osintgram | A OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname. |
| phomber | Infomation grathering tool that reverse search phone numbers and get their details. |
| phonesploit | A tool for remote ADB exploitation for all Machines. |
| PuTTY | Graphical terminal program that supports the SSH, telnet, and rlogin protocols and connecting to serial ports. |
| pybelt | An open source hackers tool belt complete. |
| quack | Toolkit with SMS attack tool, HTTP attack tool and many other attack tools. |
| ransomux | "Simulate a ransomware effects searching to lock and encrypt files into internal |
| recon-ng | Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources. |
| recondog | Reconnaissance Swiss Army Knife |
| red hawk | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. |
| routersploit | Open-source exploitation framework dedicated to embedded devices. |
| saycheese | Grab target's webcam shots by link. |
| sayhello | Capturing audio (.wav) from target using a link. |
| seclists | SecLists it's a collection of multiple types of lists used during security assessments, collected in one place. |
| seeker | Accurately Locate Smartphones using Social Engineering. |
| shc | The Shell Script Compiler (SHC) encodes and encrypts shell scripts into executable binaries. |
| shellsploit | It let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. |
| sherlock | Hunt down social media accounts by username across social networks. |
| slowhttptest | A highly configurable tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections in different ways. |
| sqliv | Massive SQL injection vulnerability scanner. |
| stegsnow | Hide messages in ASCII text by appending whitespaces to the end of lines |
| sublist3r | Fast subdomains enumeration tool for penetration testers. |
| tangalanga | The Zoom conference scanner hacking tool. |
| termux-desktop-xfce | Set up a beautiful xfce desktop in termux. |
| termux-doker-qemu | Provide an additional layer of application virtualization with Linux kernel resource isolation features. |
| trape | OSINT analysis and research tool. |
| unshc | The Shell Script UnCompiler (UNSHC) decode and decrypt SHC file on X86/x64 architecture. |
| userrecon | Find usernames across over 75 social networks. |
| vulnx | An intelligent bot auto shell injector that detects vulnerabilities in multiple types of cms. |
| wbruter | Disable device pin code aslong as usb debugging and brute force methods like dictionary attacks for gmail, ftp, rar, zip and some other file extensions. |
| webscan | A lightweight webscanner tool. |
| websploit | MITM framework. |
| whatweb | Recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. |
| wpscan | WordPress security scanner. |
| xapt-management | X-Desktop graphical interface for advance package tool(APT) written in python. |
| xerosploit | A penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. |
Suggest a tool and/or framework to be add in our Telegram Support Group
To add the list of available tools and/or frameworks to the package manager apt in Termux follow those 5 simple steps:
- Install
wgetpackage:
apt install wget- Create a directory:
mkdir -p $PREFIX/etc/apt/sources.list.d- Download sources file:
wget https://raw.githubusercontent.com/ivam3/termux-packages/gh-pages/ivam3-termux-packages.list -O $PREFIX/etc/apt/sources.list.d/ivam3-termux-packages.list- Download signed key
curl -fsSL "https://raw.githubusercontent.com/ivam3/termux-packages/gh-pages/dists/stable/public_key.gpg" \
|gpg --dearmor|tee "$PREFIX/etc/apt/trusted.gpg.d/ivam3.gpg" >/dev/null
- Update Termux:
apt updateOr just copy & paste this one command line:
yes|apt install wget && \
mkdir -p $PREFIX/etc/apt/sources.list.d && \
wget https://raw.githubusercontent.com/ivam3/termux-packages/gh-pages/ivam3-termux-packages.list -O \
$PREFIX/etc/apt/sources.list.d/ivam3-termux-packages.list && \
curl -fsSL "https://raw.githubusercontent.com/ivam3/termux-packages/gh-pages/dists/stable/public_key.gpg" \
|gpg --dearmor|tee "$PREFIX/etc/apt/trusted.gpg.d/ivam3.gpg" >/dev/null
GNU