NetHunter Hacker I: Installation of rootless Kali NetHunter

NetHunter Hacker I: Installation of rootless Kali NetHunter


If you seek for Kali desktop experience on your smartphone without risks of voiding warranty by rooting it and a chance of sticking in bootloop or even bricking it, this tutorial is for you. If you rather prefer video tutorials, feel free to check installation of rootless NetHunter on YouTube.

To compare pros and cons of having NetHunter on rooted and none-rooted device, feel free to check my previous introduction post.

In this blog post I will demonstrate the process of installing rootless NetHunter on an none-rooted OnePlus 7 Pro running stock OxygenOS 10. Since using full desktop system on smartphone might not be convenient for everyone, I will show you how to setup your Android as portable Kali workstation that can be connected to from any local computer either using SSH or VNC service.

Figure 1. Portable Kali NetHunter running on none rooted Android

Installation process

The installation method is simple, and it shouldn’t surprise you with any issues if you follow these steps. I decided to download Termux from NetHunter App Store. However, you can download it also from F-Droid or GitHub directly. The important thing is not to download it from Google Play, because Termux builds on Google Play store are deprecated and no longer supported.

  1. From NetHunter App Store website download and install NetHunter Store App.
  2. Open NetHunter Store App and install Termux and NetHunter KeX. (Termux from Google Play Store is deprecated)
  3. Open Termux app and type these commands:
-~ termux-setup-storage
-~ pkg update
-~ pkg upgrade
-~ pkg install wget
-~ wget -O nh
-~ chmod +x nh
-~ ./nh

Once you execute downloaded nh script, it will download rootfs (chroot) for your particular device particular architecture, verify its integrity and extract it.

The download and installation process took me around 25 minutes and 13GB of space. However, if you want to save 1.7 GB, at the end of installation you can hit N to delete downloaded rootfs file, therefore it is already unpacked and useless for NetHunter. See Figure 2.

Figure 2. Before installation is finished, user can delete downloaded rootfs to save space

The size of rootless NetHunter can be verified by retrieving storage details of Termux app, as you can see in Figure 3.

Figure 3. Size of rootless NetHunter determined by used Termux storage before installation (left) after (right)

Using NetHunter

After successful installation you will see ASCII art of KALI with commands to start with.

Figure 4. Kali NetHunter for Termux has been installed successfully

If you are fine just with console line interface (CLI), type nethunter or nh to launch command line of Kali. When we print current working directory, it might seem we are in root of Android, but Kali is running under Termux as chroot where all data are stored in /data/data/com.termux/files/home/kali-arm64/home/kali directory. Because of that, a user can be root as well as you can see in Figure 5.

Figure 5 Running command line as user and root

If you are already in NetHunter console, I advise you to update Kali packages using command sudo apt update && sudo apt full-upgrade -y.

If you want to use the graphical interface of Kali NetHunter, you need to setup KeX client with password first, using command nethunter kex passwd.

And start the session using nethunter kex &. This will start a VNC server that we can connect to, using NetHunter KeX client app we installed earlier using a password when we setup KeX client as can be seen in Figure 6.

Figure 6. Start KeX server (left) that we connect to using NetHunter KeX client (right)

Now you should be able to interact with the desktop Kali NetHunter installed on your Android device.

Figure 7. Kali NetHunter desktop experience on Android smartphone

Portable Kali Linux

Let’s be honest, using the desktop version of Kali from a smartphone screen isn’t as convenient as from a computer. To improve using experience, I would suggest connecting an external keyboard and mouse, but still, the screen might be too small for some of you. As an alternative, you can mirror screen over Wi-Fi or use a USB-C to HDMI cable if your device supports it.

Figure 8. Portable NetHunter workstation mirrors screen to monitor and is operated by external keyboard and mouse

However, there is one huge advantage, we can connect to Kali NetHunter from any local computer without the necessity of running a virtual machine. Which means that your smartphone can be used as a portable Kali workstation that you can connect to either via SSH or using a VNC client with GUI experience.

Connect to Kali NetHunter from computer over SSH

From NetHunter terminal you first need to enable SSH from sshd config. I will edit it using nano with command sudo nano /etc/ssh/sshd_config and uncomment the port on line 14 and making sure PermitRootLogin yes is enabled as well. It seemed that default SSH port 22 was not accessible for me to connect to; because of that we need to use another post such as 2222 as you can see in Figure7. Save the config file and start the SSH service using sudo service ssh start. You can test if the SSH service started using sudo service ssh status. If we want to connect to our smartphone, then we need to find out the IP of our device using ifconfig.

Figure 9. Enable and change the SSH port

From computer, we can connect to this IP over SSH using command ssh kali@IP_OF_NETHUNTER -p 2222. Default name and password is kali, kali.

Figure 10. SSH connection from laptop to NetHunter

Connect to Kali NetHunter from computer over VNC

By default, the VNC configuration allows only local connections directly from the device. Because of that, we have to change VNC configuration using nano editor again sudo nano /etc/tigervnc/vncserver-config-defaults and append the line $localhost = ”no”; at the end of the file as you can see in Figure 11.

Figure 11 Enable local computer to connect via VNC

Using ifconfig get the IP of the Kali smartphone and run KeX using a command within NetHunter CLI kex.

On your computer use VNC client, I am using VNC Viewer. In client desktop app, to connect, insert IP of Kali NetHunter device and default 5901 port. In the prompt enter the password you created earlier for the KeX server. If everything goes well, you should be successfully connected to the full version of Kali running on your mobile device.

Figure 12. VNC client running on PC connected to Kali NetHunter


In this tutorial we went through installation of full version of Kali NetHunter chroot on none rooted Android device within Termux app. It gives us either a CLI or a GUI Kali Linux experience on a smartphone. Because NetHunter runs in Termux context (missing kernel driver support), we can’t perform HID, BadUSB and wireless attack scenarios. Since using a graphic interface on a smartphone screen might be inconvenient, it is possible to physically connect either a keyboard and mouse or use an HDMI cable to mirror a screen into a computer. Without using additional hardware, user can locally connect to Kali NetHunter using SSH or VNC.

3 thoughts on “NetHunter Hacker I: Installation of rootless Kali NetHunter

  1. Uday

    Bro I tried this but when I use any tool there is no internet connection what should I do !!

  2. Abduvali

    What laptop are you using?

  3. yogurt

    I love your blog and the way you share your knowledge, a very complete and useful guide, thank you very much, I hope to continue reading more here!

Leave a Reply

Your email address will not be published. Required fields are marked *