Why you should avoid using Termux for hacking

Welcome reader to this article where we are going to discuss why you should avoid using termux for hacking. If you are reading this article is because you would like to know why Termux discouraged hacking. We are going to discuss how you can use termux safely instead of using it as a cyber weapon.

On various Internet resources, Termux is recognized as utility extremely helpful for varieties of purposes like hacking, phishing, and information gathering. This is possible due to the availability of famous pentesting software likeMetasploit Framework, SQLMAP, Aircrack-NG, Nmap, and many others. The best experience could be achieved by using a rooted device andNetHuntermodified kernel.

Why Termux discourages hacking

Most script kiddies are using Termux as a hacking weapon to have fun or to scare their friends by using phishing attacks, information gathering, and so on. Know that is not about the legit use of Termux for authorized pentesting by security specialists.

What is the general purpose of Termux?

Termux has been created as a general-purpose tool suitable for a wide range of use cases. Here are some uses of Termux:

• Automation via shell scripting
• SSH client
• File synchronization and backup
• Running pocket web server
• Development environment
• Hacking is the most used.

The internet is full of examples of bad usages of Termux, people are only interested in privacy violation, fraud, spying, password cracking, and other many bad usages. What is surprising is especially people who are new to command-line software and scripting who often ask questions like how to hack?, how to hack Facebook?

Obviously, this has nothing to do with legit penetration testing. Because of this Termux users don’t get chances to discover other Termux use cases, and this brings to mature communities of Linux enthusiasts to consider the Termux project as a “script kiddie” sandbox, rather than a serious project.

Questions often ask by script kiddies

Here are some questions often ask by script kiddies on social media and others Termux communities.

• How to hack WiFi with Termux?
• How to hack Facebook?
• Also, How to view private photos of someone’s instagram?
• How to clone a website using Termux?
• How to spam with SMS?
• Also, how to hack whatsapp account?
• How to spy someone’s phone?
• How to hack Instagram account?

As I said, this has nothing to do with legit penetration testing. People should know that Termux was not created for privacy violations. Also, know that hacking is far from the Termux community idea.

Also, in Termux repositories there are no again hacking tools like Metasploit, Hasscat, Hydra, and so on. Termux community did this to avoid misuse of the Termux project and not participating in script kiddies foolishness.

Why Termux removed Hacking tools like metasploit, hydra, Nmap in their repositories?

Well, let us see what Termux Community decided about these hacking tools, and about other hacking tools.

Now, we have chosen to not participate in this nonsense. We do not provide hacking tools in our repositories anymore – don’t even ask for them. Several common tools were removed, i.e. Metasploit, Hashcat, Hydra, SQLMAP. Additionally, we have banned these topics in ourcommunity social media: Hacking, Phishing, Spying (including OSINT), Spamming and others describing activity deliberately violating other person’s privacy or is destructive.

From Termux wiki.

Then, as you can see Termux community decided to not participating in hacking activities or answering any questions about hacking. Here is another Termux community rule.

Any kind of representing Termux as a tool for hacking, phishing and other potentially disruptive activity is strongly discouraged. Termux has never been developed for the purpose of being “cyber weapon”. We do not provide assistance with hacking, phishing, denial-of-service attacks, spamming, and so on. If you are interested in such activity – you are on your own. Entirely, without any help from our side.

How to be a hacker

If you have a dream to become a hacker, using just Kali Linux or parrot won’t make you a hacker. Because it requires a huge amount of skills, there are more than 100 videos on youtube that will tell you how to become a hacker in just 1 hour watching a video, what rubbish is that probably you can’t even in one month. You have to know that becoming a hacker takes years of studying and research. if you are interested in how your road map will look, I invite you to check this article: how to become a hacker, get into the penetration testing field.

Now, if you decide to use Termux for hacking purposes, you agree that you are on your own. Because if you get some issues termux community won’t help you to fix them, but you can contact the author of the tool for help.

How to use Termux safely

To use Termux safely you have only to follow some principles. Here are some principles that you can follow for a better experience with Termux.

There are many tutorials on youtube which show you how you can use Termux, make sure when watching you understand the goal and every instruction. Also, make sure you type commands that you know.

Also, if you want root permission only use it when necessary. Avoid running everything, including the current shell, as root. One thing you have to keep in your mind is to install only software from trusted sources because even open-source tools can contain trojan functionality.

Terminology

Script kiddie: a person with poor knowledge of computer systems and programming. he tries to use pentesting software for impressing friends or gaining authority in computer enthusiast communities.

Hacker: a computer expert who uses their technical knowledge to achieve a goal, within a computerized system by non-standard means. often referred to as “power” or “advanced” users. Hackers are not necessarily persons who use their skills to breach computer system security.

Hacking: exploiting weaknesses in computer systems or networks in order to bypass defenses, gain unauthorized access to data.

Ethical Hacking: also known as “Penetration Testing” – a simulated authorized cyberattack on computer units for evaluating the security level of a given system. All uncovered security issues are reported to the owner of the targeted system.

Phishing: a type of fraudulent activity involving the psychological manipulation of people to reveal confidential information. Since phishing exploits human nature instead of computer system weaknesses, it cannot be considered as hacking and moreover, it is never ethical.

Exploit: a fragment of data that is used to take advantage of a software or hardware bug to cause unintended or unanticipated behavior of computer system, leading to a denial of service or attacker’s privilege escalation (e.g. gaining root permissions).

Attacks & actions

DoS attack: an attack causing a denial of service through exhausting computing resources (e.g. network throughput), exploiting software bugs causing abnormal CPU or memory usage, or leading to crash of server software.

DDoS attack: a denial-of-service attack performed by multiple actors, usually by thousands of infected computer systems.

Spamming: sending unsolicited content to messaging systems and social media for the purpose of commercial advertisement, phishing, etc. Spam has nothing to do with hacking, but it doesn’t mean that it is an acceptable activity.

SMS bombing: a destructive variant of spam, involving the continuous sending of a large number of SMS messages in a short time.

Phone call bombing: same as SMS bombing but with phone calls. Under certain cases, it can be even considered rather as a DoS attack than just spam.

Brute force: a way to guess the password by trying every possible combination of characters, numbers, and special symbols. Under perfect conditions and without time constraints, this attack is almost always successful. In reality, it is the most expensive way of gaining unauthorized access as requires a trade-off between consumed computing resources (energy) and time.

Rooting: an activity aiming to gain root privileges on the device. Can involve exploiting vulnerabilities in an operating system, but often this is done in a “legal” way through installing custom firmware.

Root: also known as Superuser – a special user account that has all permissions and thus having full control over the operating system. On modern Linux-based systems, its privileges are defined throughcapabilities, which can be revoked or selectively granted to non-root users. More fine-grained root user permissions control can be achieved through implementing mandatory access control policies, e.g. via SELinux.