Did you like the way Elliot executed a PenTesting tool just by tapping a shortcut on his home screen? Well I'm going to show how to do this yourself. Now, there are a couple of ways this can be done, but the approach we're going to take here presumes you have a working installation of Kali Linux on your android. Without further delay, let's get to it!
The Requirements
- A working installation of Kali Linux on your Android smartphone (as shown here)
- ConnectBot ssh client for Android
- Tasker for Android (Yes, I know, it costs 3€)
Preparation
- First we have to do away with the password requirement during ssh log-in
- To do that we will use ssh keys instead
- Open Linux Deploy (Make sure you have Kali's profile selected)
- Press "Start"
- Open ConnectBot
- Press your phone's menu button
- Select "Manage Pubkeys"
- You should see an empty screen (If you haven't already created another key, that is)
- Press your phone's menu button
- Select Generate
- Give a unique nickname to your key
- Select type and strength (I used RSA 4096bits)
- Leave the password blank
- Select "Load key in start"
- Now a key should appear in the previously empty screen
- Now we need to export the public key in order to provide it to the guest OS
- Long press on the key we just generated
- Select copy public key
- Now the public key is in the clipboard
- Go back and ssh into kali (with your password)
- Now in Kali run the following
mkdir ~/.ssh
nano ~/.ssh/authorized_keys
- Long press on the screen and paste the public key
- Send Ctrl+O
- Tap once on the screen a small bar appears just above the keyboard
- On the far left there is a button that says ctrl, keep pressing that
- Press O from the on-screen keyboard
- You will be prompted for a file name just press enter
- Send Ctrl+X (the same way as Ctrl+O)
sudo service ssh restart
- Press your phone's menu button
- Select Disconnect
- Second is the log-in automation and command execution
- On ConnectBot
- Type android@localhost in the field below and press Enter (this will create a new profile)
- You will be taken to the log-in prompt ignore it and go back to ConnectBot's main screen
- Long press on the profile that reads android@localhost
- Select Edit host
- In this example we will create a simple nmap execution
- So change the nickname to nmap (be careful to give each profile a unique nickname)
- Select Use pubkey authentication
- In the prompt select the key we created earlier
- Select Post-login automation (here you will write the commands the shortcut will execute)
- For our example
nmap 192.168.1.0/24
- Add a new line in the end (i.e. press Enter)
- Press ok
- Now to test it go back to ConnectBot's main screen and tap on the profile named nmap
- If everything was done correctly it will log-in automatically and run an nmap scan on the 192.168.1.0/24 subnet
- And third is the home screen shortcut
- Open Tasker
- Go to the Tasks tab
- Press the + Sign
- Name your task (this name will show on the home screen)
- In Task edit press the + sign
- Select System
- Select send Intent
- Action : android.intent.action.VIEW
- Cat : Default
- Data : ssh://android@localhost/#nmap (in the position of nmap you put the ConnectBot profile you want to use each time)
- Target : Activity
- Go back to Task edit
- Press the play button (this will run the macro)
- If everything was done correctly you will see ConnectBot opening logging into Kali and executing the nmap scan we set earlier
- If a prompt appears about what app to use select ConnectBot and press Always
- Go to your home screen
- Go to your add widget menu
- Select Task Shortcut
- Place the widget on the screen
- Tasker will open
- From Task Selection select nmap (or the task you want to add)
- Press the menu-like icon on the lower-right corner to select an icon
- Select the icon you prefer
- Press back
- You should now be able to see the icon you selected earlier on the screen
- Tap it
- If everything went well it will open ConnectBot log into Kali and execute the nmap command we set up earlier.
Limitations/Considerations
Unfortunately this method doesn't come without its flaws. For starters, Kali Linux has to be manually started through Linux Deploy (although it should be possible to make a one-tap task to automate that too so if anyone reading this has done it please leave a comment bellow). Secondly, if you close Tasker (not exit the interface, Close by selecting disable) tapping the shortcuts will do nothing so you will have to have Tasker running.
Hope you found this guide helpful and easy to follow, if you have any suggestions/additions/corrections feel free to leave a comment bellow.