Termux Hacks Guide — Turn Your Android Into a Hacking Lab

By /

Termux turns your Android phone into a portable Linux hacking lab. No root required. This guide covers everything from installation to running real cybersecurity tools — all from your pocket.

What Is Termux?

Termux is a free, open-source terminal emulator for Android. It gives you a full Linux environment on your phone — complete with a package manager, shell scripting, and the ability to install hundreds of security tools.

Why hackers love Termux:

  • No root access required — works on any Android device
  • Full Linux command line on your phone
  • Install real security tools: Nmap, Python, Hydra, SQLmap, Metasploit
  • Practice hacking anywhere — on the bus, at lunch, in bed
  • Great for learning Linux commands before moving to a full Kali Linux setup

Important: Termux is a learning tool. Only use these techniques on systems you own or have explicit written permission to test. Unauthorized hacking is illegal.

How to Install Termux

Do NOT install Termux from the Google Play Store — that version is outdated and no longer maintained. Use F-Droid instead.

Step 1: Download F-Droid (the open-source app store) from f-droid.org

Step 2: Open F-Droid and search for “Termux”

Step 3: Install Termux and Termux:API (for accessing phone features)

Step 4: Open Termux and run the initial setup:

pkg update && pkg upgrade -y
termux-setup-storage

The first command updates all packages. The second grants Termux access to your phone’s storage.

Essential Termux Commands

If you’re new to Linux, learn these commands first:

Command What It Does Example
pwd Shows current directory pwd
ls Lists files and folders ls -la
cd Changes directory cd storage/downloads
mkdir Creates a folder mkdir projects
cp Copies a file cp file.txt backup.txt
mv Moves or renames a file mv old.txt new.txt
rm Deletes a file rm file.txt
cat Displays file contents cat notes.txt
nano Text editor nano script.py
chmod Changes file permissions chmod +x script.sh
pkg install Installs a package pkg install python
pkg list-all Lists all available packages pkg list-all

Setting Up Your Hacking Environment

Install Essential Packages

Run this command to install the core tools you’ll need:

pkg install python git wget curl nmap hydra openssh clang make -y

This gives you:

  • Python — for running security scripts and tools
  • Git — for cloning tools from GitHub
  • wget/curl — for downloading files
  • Nmap — network scanner
  • Hydra — password cracking tool
  • OpenSSH — for SSH connections
  • clang/make — for compiling tools from source

Install pip (Python Package Manager)

pip install --upgrade pip

Set Up a Nice Terminal

Make Termux look and feel better:

pkg install zsh
chsh -s zsh
pkg install figlet
figlet "HackeRoyale"

Top 10 Hacking Tools You Can Run in Termux

1. Nmap — Network Scanner

Nmap is the most important network scanning tool in cybersecurity. It discovers hosts, open ports, running services, and operating systems on a network.

# Install
pkg install nmap

# Scan your own network for live hosts
nmap -sn 192.168.1.0/24

# Scan a specific host for open ports
nmap -sV 192.168.1.1

# Aggressive scan (OS detection, scripts, traceroute)
nmap -A 192.168.1.1

Remember: Only scan networks and devices you own or have permission to test.

2. Hydra — Password Cracker

Hydra tests login credentials against various services (SSH, FTP, HTTP, etc.). It’s used in authorized penetration testing to check for weak passwords.

# Install
pkg install hydra

# Test SSH login (against YOUR OWN server only)
hydra -l admin -P wordlist.txt ssh://192.168.1.1

# Test FTP login
hydra -l admin -P wordlist.txt ftp://192.168.1.1

Get a wordlist:

wget https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10k-most-common.txt -O wordlist.txt

3. SQLmap — SQL Injection Tool

SQLmap automates the detection and exploitation of SQL injection vulnerabilities. It’s one of the most powerful tools for database security testing.

# Install
pip install sqlmap

# Test a URL for SQL injection (authorized targets only)
sqlmap -u "http://testsite.com/page?id=1" --dbs

4. Metasploit Framework

The industry-standard exploitation framework. Metasploit is used by professional penetration testers worldwide. It can run in Termux, though it requires some setup.

# Install dependencies
pkg install unstable-repo
pkg install metasploit

# Launch Metasploit
msfconsole

Note: Metasploit is resource-intensive. It works best on phones with 4GB+ RAM.

5. Python Security Scripts

Python is the go-to language for security scripting. Here are essential Python security libraries you can install:

# Install Python security tools
pip install requests scapy shodan paramiko

Simple port scanner in Python:

import socket

target = "192.168.1.1"  # Your own device only
for port in range(1, 1025):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(0.5)
    result = s.connect_ex((target, port))
    if result == 0:
        print(f"Port {port}: OPEN")
    s.close()

6. Subfinder — Subdomain Discovery

# Install Go first
pkg install golang

# Install Subfinder
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

# Find subdomains
subfinder -d example.com

7. WHOIS Lookup

# Install
pkg install whois

# Look up domain information
whois example.com

8. Curl — HTTP Testing

Already installed by default. Essential for testing web applications and APIs.

# Check HTTP headers
curl -I https://example.com

# Send a POST request
curl -X POST -d "username=test&password=test" https://example.com/login

# Follow redirects and show headers
curl -vL https://example.com

9. Nikto — Web Server Scanner

# Install
pkg install perl
cpan install LWP::UserAgent
git clone https://github.com/sullo/nikto.git
cd nikto/program

# Scan a web server (your own only)
perl nikto.pl -h http://192.168.1.1

10. John the Ripper — Password Hash Cracker

# Install
pkg install john

# Crack a password hash file
john --wordlist=wordlist.txt hashes.txt

5 Practical Termux Projects for Beginners

Project 1: Scan Your Home Network

Discover all devices connected to your wifi network:

# Find your network range
ifconfig wlan0

# Scan for all live devices
nmap -sn 192.168.1.0/24

This shows every device on your network — phones, laptops, smart TVs, IoT devices. You might be surprised how many devices are connected.

Project 2: Build a Simple Keylogger Detector

Write a Python script that checks for suspicious processes:

import subprocess
suspicious = ['keylog', 'spy', 'monitor', 'capture', 'record']
output = subprocess.check_output(['ps', 'aux']).decode()
for proc in output.split('\n'):
    for word in suspicious:
        if word.lower() in proc.lower():
            print(f"SUSPICIOUS: {proc}")

Project 3: Automate Reconnaissance

Create a bash script that runs basic recon on a target domain:

#!/bin/bash
echo "=== Recon Script ==="
echo "Target: $1"
echo ""
echo "=== WHOIS ==="
whois $1
echo ""
echo "=== DNS Records ==="
nslookup $1
echo ""
echo "=== HTTP Headers ==="
curl -sI https://$1

Save it as recon.sh, make it executable with chmod +x recon.sh, and run it with ./recon.sh example.com.

Project 4: Set Up an SSH Server on Your Phone

Access your phone’s terminal from your laptop:

# Install SSH server
pkg install openssh

# Set a password
passwd

# Start the SSH server
sshd

# Connect from your laptop (replace with your phone's IP)
# ssh user@192.168.1.x -p 8022

Project 5: Create a Network Monitor

Monitor your network traffic in real time:

pkg install tcpdump

# Capture packets on your wifi interface
tcpdump -i wlan0 -c 50

Termux Tips and Tricks

Useful Shortcuts

Shortcut Action
Volume Up + Q Show extra keys bar
Volume Up + E Escape key
Volume Up + T Tab key
Volume Up + W/A/S/D Arrow keys (Up/Left/Down/Right)
Volume Up + L Pipe (|) character
Volume Up + V Paste from clipboard

Quality of Life Improvements

# Install a better file manager
pkg install mc

# Install a process viewer
pkg install htop

# Install a download accelerator
pkg install aria2

# Install a modern text editor
pkg install vim-python

Back Up Your Termux Setup

After spending time configuring Termux, back it up:

# Backup
tar -czf /sdcard/termux-backup.tar.gz -C /data/data/com.termux/files ./

# Restore
tar -xzf /sdcard/termux-backup.tar.gz -C /data/data/com.termux/files/

Termux vs Kali Linux — Which Should You Use?

Feature Termux Kali Linux
Platform Android phone PC/laptop/VM
Root required No No
Tools available 100+ security tools 600+ security tools
Performance Limited by phone hardware Full PC performance
Portability Always in your pocket Requires laptop
Best for Learning, quick recon, practice Professional pentesting
Cost Free Free

Verdict: Use Termux for learning and quick tasks. Use Kali Linux for serious penetration testing. Many hackers use both — Termux on the go, Kali at their desk.

Staying Legal and Ethical

This is critical — the tools in this guide are powerful, and using them irresponsibly can result in serious legal consequences:

  • Only test your own devices and networks — scanning someone else’s network without permission is illegal in most countries
  • Get written authorization before testing any system you don’t own
  • Never access, modify, or steal other people’s data
  • Use these skills for defense — to understand how attacks work so you can protect against them
  • Consider bug bounty hunting — a legal way to hack and get paid for it

For a complete guide to getting started in ethical hacking, read our ethical hacking beginners guide.

Frequently Asked Questions

Is Termux legal?
Yes. Termux itself is a completely legal app — it’s just a Linux terminal. What matters is how you use the tools. Using them on your own devices is legal. Using them on others’ devices without permission is not.

Do I need to root my phone?
No. Termux works without root access. Some advanced features (like packet sniffing on wifi) may require root, but most tools work perfectly without it.

Can I hack WiFi passwords with Termux?
Termux has limited WiFi hacking capabilities without root access. Tools like Aircrack-ng require root and a compatible wireless adapter. For WiFi security testing, use Kali Linux on a laptop instead.

Is Termux available for iPhone?
No. Termux is Android only. iOS alternatives include iSH and a-Shell, but they’re more limited. For full hacking capabilities on Apple devices, use Kali Linux on a Mac.

Why shouldn’t I install Termux from Google Play Store?
The Play Store version is outdated and no longer maintained by the developers. The F-Droid version receives regular updates and has the latest security patches. Always install from F-Droid.

Can Termux replace Kali Linux?
Not entirely. Termux is great for learning and quick tasks, but it can’t match Kali’s full tool suite and hardware capabilities. Think of Termux as a portable practice environment and Kali as your full workstation.

What to Learn Next

  1. Master the basics — get comfortable with Linux commands and Nmap
  2. Learn Python scripting — automate your recon and build custom tools
  3. Move to Kali Linux — set up a full hacking lab on your computer
  4. Start bug bounty hunting — use your skills to earn money legally
  5. Get certified — validate your skills with industry certifications

Last updated: March 2026

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top