πŸ“‘ RF & Network Toolkit

Termux Β· F-Droid Β· WiFi Β· Bluetooth Β· Cellular β€” catalog only, no execution

Legal & safety: This page is a research catalog. Run these tools only against networks, devices, and accounts you own or have written authorization to test. Unauthorized access to wireless networks, IMSI capture, and de-authentication attacks are criminal offenses in most jurisdictions. The app does not execute any of these tools β€” links open the official source.
πŸ”Œ Companion Bridge β€” POST /api/probe

Pipe real probe results from your Termux scripts (nmap, tshark, aircrack-ng…) into the same handshake + bounty pipeline as the in-app simulated traffic. Public unauthenticated JSON endpoint β€” anomalies Οƒ β‰₯ 4 auto-mint bounties on the next /bounties refresh.

# nmap β†’ bridge one-liner (Termux)
TARGET=192.168.1.1
nmap -sS -Pn -p 22,80,443 $TARGET -oG - | awk '/Host:/{print $2}' | while read ip; do
  curl -s -X POST "$ORIGIN/api/probe" \
    -H "Content-Type: application/json" \
    -d "{\"tool\":\"nmap\",\"source_node\":\"$(hostname)-wlan0\",\
\"target_node\":\"$ip\",\"protocol\":\"tcp\",\"status\":\"syn\",\
\"packet_size_bytes\":74,\"device_fingerprint\":\"$(getprop ro.serialno)\"}"
done
πŸ“– GET /api/probe (live schema)πŸ“œ See bridged probes in /audit
⬇ Termux setup script generator

Download a ready-to-run setup.sh that pkg installs every recommended package for the currently selected category. Runs inside Termux, no extra prompts.

⬇ Download setup-all.sh
curl -fsSL "$ORIGIN/api/toolkit/setup.sh" -o setup.sh && bash setup.sh
βš™ Custom-path installer (Metasploit + Nuclei + btlejack)

Git-clones Metasploit, Nuclei, and btlejack into ~/opt and drops thin ~/bin wrappers so each tool resolves on PATH. Includes a Termux:API network check before any clone runs.

⬇ Download termux-rf-installer.sh
curl -fsSL "$ORIGIN/api/toolkit/installer.sh" -o installer.sh && bash installer.sh
πŸ€– OS-BOT API (Termux + curl)

Public, unauthenticated endpoint that lets any party β€” Termux, a bash script, a Python notebook β€” query the same live network agent the in-app chat uses. Grounded in real network_handshakes + flow data; never invents parties or hashes.

One-shot query (plain text)
curl -fsSL "$ORIGIN/api/os-bot?q=any+active+threats%3F"
JSON mode
curl -fsSL "$ORIGIN/api/os-bot?q=explain+the+latest+packet&format=json"
Multi-turn POST
curl -X POST "$ORIGIN/api/os-bot" \
  -H 'Content-Type: application/json' \
  -d '{"messages":[{"role":"user","content":"what algorithms are running?"}]}'
⬇ Install the osbot CLI in Termux
⬇ Download osbot.sh
curl -fsSL "$ORIGIN/api/os-bot.sh" -o /tmp/osbot.sh && bash /tmp/osbot.sh install
osbot "what's connected to me right now?"

F-Droid

πŸ“¦ F-Droid BaseGPLandroid

Open-source app store. Required to safely install Termux + add-ons.

↗ Download F-Droid APK↗ f-droid.org↗ Verify signature
#store#foss

Termux

πŸ“¦ F-Droid BaseGPLandroidtermux

Linux terminal emulator + package manager for Android. The base for everything below.

⚠ Do NOT install Termux from Google Play β€” that build is outdated and unsigned mismatched.
install
# inside Termux
pkg update && pkg upgrade -y
β†— Install via F-DroidπŸ”— Open appβ†— GitHubβ†— Wiki
#shell#android#base

Termux:API

πŸ“¦ F-Droid BaseGPLandroidtermux

Bridge to Android sensors: WiFi scan, telephony info, location, clipboard.

install
pkg install termux-api
# then: termux-wifi-scaninfo | jq
β†— Install Termux:APIpkg: termux-api
#sensors#addon

Termux:Boot

πŸ“¦ F-Droid BaseGPLandroidtermux

Run Termux scripts on device boot β€” useful for long-running probes.

β†— Install Termux:Boot
#addon#automation

nmap

πŸ–₯ Termux StackGPLtermuxlinuxcross

De-facto network scanner. TCP/UDP discovery, OS fingerprinting, NSE scripts.

install
pkg install nmap
nmap -sV -O 192.168.1.0/24
β†— nmap.orgpkg: nmap
#scan#fingerprint

tcpdump

πŸ–₯ Termux StackBSDtermuxlinux

Packet capture from CLI. Pipe to Wireshark for analysis.

install
pkg install tcpdump
tcpdump -i any -w capture.pcap
β†— tcpdump.orgpkg: tcpdump
#capture#pcap

tshark (Wireshark CLI)

πŸ–₯ Termux StackGPLtermuxlinux

Wireshark's CLI. Decode 1000+ protocols including 802.11, BLE, LTE NAS.

install
pkg install tshark
tshark -i wlan0 -Y 'wlan.fc.type_subtype==0x08'
β†— tshark docspkg: tshark
#protocol#analysis

Hydra

πŸ–₯ Termux StackCustom-FOSStermuxlinux

Parallelized login bruteforcer. Use only on systems you own/have authorization for.

⚠ Authorized testing only. Unauthorized use is illegal in most jurisdictions.
β†— GitHubpkg: hydra
#brute-force

Metasploit (unstable on Termux)

πŸ–₯ Termux StackBSDtermuxlinux

Exploit framework. Heavy install on Termux; consider running in a Linux container.

install
# multi-step; follow the GitHub README carefully
β†— Termux install script
#exploit#framework

sqlmap

πŸ–₯ Termux StackGPLtermuxcross

Automated SQL injection detection + exploitation.

install
pkg install sqlmap
sqlmap -u 'https://target/?id=1' --batch
β†— sqlmap.orgpkg: sqlmap
#web#injection

Nuclei

πŸ–₯ Termux StackMITtermuxcross

Template-driven vulnerability scanner. Great for CVE sweeps.

install
pkg install golang
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
β†— GitHub
#scan#cve

Aircrack-ng

πŸ“Ά WiFiGPLlinuxtermux

802.11 WEP/WPA capture + crack suite. Needs monitor-mode capable adapter.

⚠ Most stock Android WiFi chipsets do NOT support monitor mode. External USB OTG adapter usually required.
install
pkg install aircrack-ng
airmon-ng start wlan0
β†— aircrack-ng.orgpkg: aircrack-ng
#wpa#monitor-mode

Kismet

πŸ“Ά WiFiGPLlinux

Passive wireless detector / sniffer / IDS. Detects deauth attacks + rogue APs.

install
pkg install kismet
kismet -c wlan0
β†— kismetwireless.netpkg: kismet
#passive#ids

WiFiAnalyzer (open-source)

πŸ“Ά WiFiGPLandroid

Visualize 2.4 / 5 GHz channels, signal strength, and AP density. F-Droid only.

β†— Install via F-Droid
#scan#passive

bettercap

πŸ“Ά WiFiGPLlinuxtermux

MITM + WiFi/BLE/HID swiss-army knife with a web UI.

⚠ Authorized testing only.
install
pkg install bettercap
bettercap -iface wlan0
β†— bettercap.orgpkg: bettercap
#mitm#ble

WiGLE WiFi Wardriving

πŸ“Ά WiFiCustom-FOSSandroid

Map and contribute WiFi/BT/cell observations to the WiGLE database.

↗ wigle.net↗ APK
#wardrive#geolocation

nRF Connect

πŸ”΅ Bluetooth / BLEProprietaryandroid

Nordic's BLE scanner β€” GATT browser, advertising decoder, sniffer companion.

β†— Vendor page
#ble#gatt

BtleJack

πŸ”΅ Bluetooth / BLEMITlinuxtermux

BLE 4.x sniffing, jamming, and connection hijacking with a Micro:bit.

⚠ Requires compatible BBC Micro:bit hardware.
install
pip install btlejack
β†— GitHub
#ble#hijack

Bluetooth Scanner (open)

πŸ”΅ Bluetooth / BLEGPLandroid

Lightweight classic + BLE device discovery, RSSI logging, vendor lookup.

β†— F-Droid
#discovery

Ubertooth Tools

πŸ”΅ Bluetooth / BLEGPLlinux

Open-source 2.4 GHz BT/BLE sniffing β€” requires Ubertooth One USB hardware.

β†— GitHub
#sniff#hardware

SnoopSnitch

πŸ“‘ Cellular / IMSIGPLandroid

Detects IMSI catchers, SS7 attacks, silent SMS. Requires rooted Qualcomm device.

⚠ Root + Qualcomm baseband required. False positives possible.
↗ SR Labs↗ F-Droid
#imsi-catcher#rooted

CellMapper

πŸ“‘ Cellular / IMSIProprietaryandroid

Crowd-sourced LTE/5G cell tower mapping. Useful for triangulating eNB IDs from handshake fingerprints.

β†— cellmapper.net
#lte#mapping

NetMonster

πŸ“‘ Cellular / IMSIGPLandroid

Detailed serving + neighbor cell info β€” eNB/gNB IDs, bands, signal quality.

β†— F-Droid
#lte#5g

srsRAN

πŸ“‘ Cellular / IMSIApache-2.0linux

Open-source 4G/5G RAN stack. Pair with USRP/LimeSDR for full-stack cellular testing.

⚠ Transmitting on licensed spectrum without authorization is illegal.
β†— srslte.com
#sdr#ran

AIMSICD (community fork)

πŸ“‘ Cellular / IMSIGPLandroid

Heuristic IMSI-catcher / Stingray detector. Project is sporadically maintained.

β†— GitHub
#imsi-catcher