What is Kali NetHunter?

To begin this section, let’s a take a walk through the history and evolution of the most popular penetration-testing Linux distribution, Kali Linux. Before the ever-popular Kali Linux, there was its predecessor, known as Backtrack. Backtrack was created by two merger companies, Auditor Security Collection and Whax, back in 2006. The Backtrack operating system was in the form of a live CD and live USB bootable media, which allows a penetration tester, systems administrator, or hacker to use any computer that supported booting from CD/DVD and/or USB drives. Since Backtrack is a Linux-based operating system, live boot simply made any computer into a hacker’s machine on the network.

In 2011, Backtrack evolved into its latest version, known as Backtrack 5. At this time, Backtrack included many tools and utilities that helped penetration testers to do their jobs.  

Some of the tools within Backtrack 5 include the following:

• Metasploit: A famous exploit development framework created by Rapid7 (www.rapid7.com).
• SAINT: A renowned vulnerability-assessment tool developed by SAINT Corporation (www.saintcorporation.com).
• Maltego: An information-gathering tool created by Paterva (www.paterva.com), which takes advantage of data-mining techniques using various resources on the internet.

In 2013, the Backtrack distribution went through a major change; all support had ended while evolving into the Kali Linux penetration-testing Linux distro we all know today. The creators of Kali Linux, Offensive Security (www.offensive-security.com), completely redesigned Backtrack from the ground up, making it Debian-based. The Kali Linux penetration-testing platform comes with over 600 pre-installed tools that can assist penetration testers, security engineers, or forensics personnel in their duties.

Kali Linux was originally designed to run on computer systems similarly to its predecessor, whether Live Boot (CD/DVD or USB) or installed on the local hard disk drive. In 2014, Offensive Security, the creators of Kali Linux, released Kali NetHunter. This platform was released for Android-based devices, which opened up greater opportunities for penetration testers around the world by removing the restriction of using a desktop or laptop computer to test target systems and networks.

Kali NetHunter allows penetration testers to simply walk around with an Android-based device, such as a smartphone or a tablet. Imagine how awesome it would be to be assigned a security audit on a client's systems, specifically their wireless and internal network, and all you need to carry out the audit is a smartphone. 

An example scenario for using NetHunter for penetration testing is auditing wireless security and testing the security for any bring-your-own-device (BYOD) policies within an organization’s network. Being able to conduct penetration testing through a handheld device is important as wireless security configurations have the most security vulnerabilities for a network.

At times, a technician may deploy a wireless router or an access point (AP) on a network while leaving the default configurations, which included default or factory-assigned passwords. During the course of this book, we will take a look at various methodologies for performing a penetration test using Kali NetHunter and how to utilize the arsenal of tools that are available to execute a successful penetration test against a network and system.