▶ BOJACK K9 SCAN INITIATED — SNIFFING FOR VULNERABILITIES
FEZZY WRLD
Termux Security Tools Collection

Strategy Over Impulse · Bojack Security
105+ open source security tools for Android

105+Real Tools
11Categories
400+Commands
100%Open Source
git clone https://github.com/philfesters/Termux-Security-Tools-Collection.git cd Termux-Security-Tools-Collection chmod +x scripts/install-all.sh ./scripts/install-all.sh
// READ FIRST
⚠️ Ethical Warning

⚠️ EDUCATIONAL PURPOSES ONLY ⚠️

By using this collection you agree to all of the following:

The author (Fezzy WRLD / Bojack Security) is NOT responsible for any misuse, damage, or legal consequences.
STRATEGY OVER IMPULSE → THINK · PLAN · AUTHORIZE · DOCUMENT · REPORT

// SETUP
Installation Guide

Prerequisites

  1. Termux from F-Droid (not Play Store)
  2. 3GB+ free storage
  3. Internet connection
  4. Run termux-setup-storage

Step-by-Step

  1. pkg update && pkg upgrade -y
  2. pkg install git python
  3. Clone this repository
  4. Run ./scripts/install-all.sh
  5. Verify: nmap --version

Proot Distro (Advanced)

  1. pkg install proot-distro
  2. proot-distro install debian
  3. proot-distro login debian
  4. Full apt access inside proot
  5. Install Metasploit here
install-all.sh — Full One-Command Installer 
#!/bin/bash
# FEZZY WRLD — Complete Installer | Strategy Over Impulse

echo "🔥 FEZZY WRLD — Termux Security Tools Collection"
echo "Bojack K9 Scan Initiated..."

pkg update && pkg upgrade -y

pkg install -y git python python-pip wget curl nmap masscan \
  netcat-openbsd hydra john ncrack crunch gobuster ffuf \
  tcpdump tshark ngrep mitmproxy binwalk steghide openssl gnupg ffmpeg

mkdir -p ~/tools && cd ~/tools

# OSINT & Recon
git clone https://github.com/aboul3la/Sublist3r.git
git clone https://github.com/laramies/theHarvester.git
git clone https://github.com/sherlock-project/sherlock.git
git clone https://github.com/s0md3v/Photon.git
git clone https://github.com/smicallef/spiderfoot.git

# Vulnerability & Web Tools
git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/sullo/nikto.git
git clone https://github.com/maurosoria/dirsearch.git
git clone https://github.com/s0md3v/XSStrike.git
git clone https://github.com/commixproject/commix.git
git clone https://github.com/s0md3v/Arjun.git
git clone https://github.com/epinna/tplmap.git
git clone https://github.com/Mebus/cupp.git
git clone https://github.com/drwetter/testssl.sh.git

# pip tools
pip install holehe maigret phoneinfoga wafw00f sslyze \
  yt-dlp gallery-dl spotdl androguard frida-tools shodan \
  --break-system-packages 2>/dev/null || \
pip install holehe maigret phoneinfoga wafw00f sslyze \
  yt-dlp gallery-dl spotdl androguard frida-tools shodan

echo "✅ Done! Tools in ~/tools | Strategy Over Impulse"
// ARSENAL
Tools Index — 105+ Security Tools
TOOLDESCRIPTIONCOMMAND
nmapNetwork/port scannernmap -sV target
sublist3rSubdomain enumerationpython sublist3r.py -d domain
amassSubdomain discoveryamass enum -d domain
subfinderFast subdomain findersubfinder -d domain
assetfinderAsset/subdomain discoveryassetfinder --subs-only domain
masscanFast port scannermasscan -p1-65535 target
theHarvesterEmail/domain OSINTtheHarvester -d domain -b google
sherlockUsername search (300+ sites)python sherlock username
holeheEmail OSINTholehe email@example.com
maigretUsername OSINTmaigret username
phoneinfogaPhone number OSINTphoneinfoga scan -n +1234567890
spiderfootOSINT automationpython sf.py -l 127.0.0.1:5001
recon-ngWeb recon framework./recon-ng
photonFast web crawlerpython photon.py -u domain
twintTwitter/X OSINTpython -m twint -u username
instaloaderInstagram OSINTinstaloader profile username
whatwebWeb tech detectionwhatweb domain
gowitnessWebsite screenshotsgowitness single https://domain
gauURL gatheringgau domain
waybackurlsHistorical URLswaybackurls domain
hakrawlerURL crawlerecho domain | hakrawler
gospiderSpider toolgospider -s domain
aquatoneDomain visualizationcat domains.txt | aquatone
shodan-cliShodan searchshodan search "apache"
maltegoGraph OSINTAPK — maltego.com
TOOLDESCRIPTIONCOMMAND
sqlmapSQL injection automationsqlmap -u "domain/page?id=1" --dump
niktoWeb server scannerperl nikto.pl -h domain
wpscanWordPress scannerwpscan --url domain
nucleiTemplate-based scanningnuclei -u domain
dirsearchDirectory brute forcepython dirsearch.py -u domain
gobusterDir/file brute forcegobuster dir -u domain -w wordlist
ffufWeb fuzzerffuf -u domain/FUZZ -w wordlist
commixCommand injectionpython commix.py --url domain
wafw00fWAF detectionwafw00f domain
testsslSSL/TLS scanner./testssl.sh domain
sslyzeSSL scannersslyze domain
arjunParameter discoveryarjun -u domain/page.php
TOOLDESCRIPTIONCOMMAND
metasploitExploitation frameworkmsfconsole (via proot-distro)
routersploitRouter exploitspython3 rsf.py
beefBrowser exploitation./beef
crackmapexecCredential testingcrackmapexec smb target
empirePost-exploitation./empire
setSocial Engineering Toolkitpython setoolkit
sliverC2 framework./sliver-server
veilPayload generatorveil
ghostAndroid ADB backdoorpip install ghost
sn1perAutomated pentest./sniper -t target
TOOLDESCRIPTIONCOMMAND
xsstrikeXSS detection suitepython xsstrike.py -u "domain?q=test"
sstimapSSTI scannerpython sstimap.py -u "domain?name=test"
tplmapTemplate injectionpython tplmap.py -u "domain?name=test"
graphqlmapGraphQL testingpython graphqlmap.py -u domain/graphql
kiterunnerAPI route testing./kr scan domain -w routes-large
lfisuiteLFI scannerpython lfisuite.py
fimapLFI/RFI scannerpython fimap.py -u "domain?file=test"
wfuzzWeb fuzzerwfuzz -z file,wordlist domain/FUZZ
httpxHTTP probinghttpx -l urls.txt
httprobeLive host detectioncat domains.txt | httprobe
smugglerHTTP smugglingpython smuggler.py -u domain
breacherAdmin panel finderpython breacher.py -u domain
ssrf-finderSSRF detectionpython ssrf-finder.py -u domain
linkfinderJS endpoint finderpython linkfinder.py -i domain
dirbusterDirectory brute forceAPK available
TOOLDESCRIPTIONCOMMAND
hydraLogin brute forcehydra -l user -P pass.txt target ssh
johnHash crackerjohn --format=raw-md5 hash.txt
hashcatGPU hash crackerhashcat -m 0 hash.txt wordlist.txt
ncrackNetwork auth crackerncrack -U users.txt -P pass.txt target:22
medusaParallel brute forcermedusa -h target -U users.txt -P pass.txt -M ssh
crunchWordlist generatorcrunch 4 6 abc123 -o wordlist.txt
cuppProfile-based wordlistpython cupp.py -i
cewlWebsite wordlist spidercewl -d 2 -w wordlist.txt domain
kwprocessorKeyboard walk generator./kwp basechars.txt keymaps.txt routes.txt
princeprocessorWordlist mutations./pp64.bin -o output.txt < wordlist.txt
TOOLDESCRIPTIONCOMMAND
nmapNetwork scannernmap -sV -O target
masscanFast port scannermasscan -p80,443 target/24
zmapInternet scannerzmap -p 80 target/24
netcatTCP/IP swiss army knifenc -l -p 4444
bettercapNetwork attack frameworkbettercap
ettercapMITM frameworkettercap -T -M arp:remote /target//
hping3Packet craftinghping3 -S -p 80 target
tracerouteRoute tracingtraceroute target
whoisDomain infowhois target.com
digDNS enumerationdig target.com ANY +short
TOOLDESCRIPTIONCOMMAND
tcpdumpPacket capturetcpdump -i wlan0 -w capture.pcap
wiresharkGUI traffic analysiswireshark (Termux:X11)
tsharkCLI Wiresharktshark -i wlan0
ngrepNetwork grepngrep -d any 'password'
mitmproxyHTTP/HTTPS interceptormitmproxy -p 8080
ettercapARP spoofing/sniffingettercap -G
TOOLDESCRIPTIONCOMMAND
aircrack-ngWiFi cracking suiteairmon-ng start wlan0
wifiteWiFi auditorwifite
fluxionWiFi phishing./fluxion.sh
reaverWPS attackreaver -i wlan0mon -b BSSID
kismetWiFi sniffer/IDSkismet
TOOLDESCRIPTIONCOMMAND
binwalkFirmware analysisbinwalk firmware.bin
foremostFile carvingforemost -i image.dd
testdiskData recoverytestdisk
exiftoolMetadata extractionexiftool image.jpg
steghideSteganographysteghide extract -sf file.jpg
gpgEncryption/signinggpg --gen-key
opensslCrypto toolkitopenssl enc -aes-256-cbc -in file
TOOLDESCRIPTIONCOMMAND
androguardAPK analysisandroguard decompile app.apk
apktoolAPK decompileapktool d app.apk
dex2jarDEX to JARd2j-dex2jar app.dex
fridaDynamic instrumentationfrida -U -l script.js app
mobsfMobile security frameworkpython manage.py runserver
TOOLDESCRIPTIONCOMMAND
yt-dlpYouTube/video downloaderyt-dlp URL
gallery-dlSocial media downloadergallery-dl URL
ffmpegMedia converterffmpeg -i input.mp4 output.avi
spotdlSpotify downloaderspotdl "track_url"
httrackWebsite copierhttrack URL
wgetFile downloaderwget URL
curlHTTP clientcurl -s URL
python http.serverLocal file sharingpython -m http.server 8000
// PLAYBOOKS
Workflow Guides

🔎 Recon Workflow

  1. whois + dig target domain
  2. subfinder/sublist3r for subdomains
  3. nmap -sV for port/service scan
  4. whatweb for tech fingerprinting
  5. theHarvester for email harvest
  6. gowitness for screenshots

🛡️ Vuln Assessment

  1. wafw00f to check for WAF
  2. gobuster/dirsearch for dirs
  3. nikto web server scan
  4. nuclei with CVE templates
  5. sqlmap on any ?id= params
  6. wpscan if WordPress detected

🔑 Password Testing

  1. cewl to spider target site
  2. cupp for custom wordlist
  3. hydra for online brute force
  4. john for offline hash cracking
  5. hashcat for GPU acceleration
  6. ncrack for network services

🌐 SSH Tunneling

  1. nmap -p 22 -sV target
  2. hydra brute force if needed
  3. ssh -D 1080 user@target
  4. Configure proxychains
  5. Route tools through tunnel
  6. Document all findings

⚡ Quick Reference

TASKCOMMAND
Scan networknmap 192.168.1.0/24
Find subdomainssubfinder -d example.com
SQL injectionsqlmap -u target.com?id=1
Dir brute forcegobuster dir -u target -w wordlist
Brute force SSHhydra -L users.txt -P pass.txt ssh://target
Crack hashhashcat -m 0 hash.txt wordlist.txt
Find usernamepython sherlock username
Capture packetstcpdump -i wlan0 -w cap.pcap
XSS scanpython xsstrike.py -u "target?q=test"
Email OSINTholehe email@example.com
Phone OSINTphoneinfoga scan -n +1234567890
Generate wordlistcupp -i
APK decompileapktool d app.apk
Extract metadataexiftool image.jpg
HTTP file serverpython -m http.server 8000
// AUTOMATION
Scripts
update-all.sh — Update Everything 
#!/bin/bash
# FEZZY WRLD — Update all tools
echo "🔥 Updating all tools..."
cd ~/tools
for dir in */; do
  [ -d "$dir/.git" ] && echo "↻ $dir" && cd "$dir" && git pull --quiet && cd ..
done
pip install --upgrade yt-dlp gallery-dl holehe maigret wafw00f \
  --break-system-packages 2>/dev/null || \
pip install --upgrade yt-dlp gallery-dl holehe maigret wafw00f
echo "✅ All tools updated. Strategy Over Impulse."
install-category.sh — Install by Category 
#!/bin/bash
# Usage: ./install-category.sh [osint|web|passwords|network|forensics|utilities]
CATEGORY=$1
mkdir -p ~/tools && cd ~/tools
case "$CATEGORY" in
  osint)
    git clone https://github.com/sherlock-project/sherlock.git
    git clone https://github.com/aboul3la/Sublist3r.git
    git clone https://github.com/laramies/theHarvester.git
    pip install holehe maigret phoneinfoga shodan --break-system-packages ;;
  web)
    git clone https://github.com/sqlmapproject/sqlmap.git
    git clone https://github.com/s0md3v/XSStrike.git
    git clone https://github.com/maurosoria/dirsearch.git
    pkg install gobuster ffuf ;;
  passwords)
    pkg install hydra john ncrack crunch
    git clone https://github.com/Mebus/cupp.git ;;
  network)
    pkg install nmap masscan netcat-openbsd bettercap mitmproxy ;;
  forensics)
    pkg install binwalk steghide openssl gnupg
    pip install androguard frida-tools --break-system-packages ;;
  utilities)
    pkg install ffmpeg wget curl
    pip install yt-dlp gallery-dl spotdl --break-system-packages ;;
  *)
    echo "Usage: $0 [osint|web|passwords|network|forensics|utilities]" ;;
esac
echo "✅ $CATEGORY tools installed! Strategy Over Impulse."
// FIXES
Troubleshooting
Permission denied
chmod +x script.sh
Package not found
pkg update && pkg upgrade
Storage not accessible
termux-setup-storage
Python module missing
pip install module --break-system-packages
pip externally-managed error
Add --break-system-packages flag
git clone fails
git config --global http.sslverify false
Metasploit not found
proot-distro install debian → apt install metasploit-framework
Out of storage
Install only the categories you need
Command not found after install
source ~/.bashrc or restart Termux
Python2 vs Python3 conflict
Use python3 explicitly or alias python=python3
Hashcat GPU not working
Use CPU mode: hashcat --force
Wireless tools need root?
Most work rootless — monitor mode needs supported hardware
// DEPLOYMENT
How to Push to GitHub

CREATE REPO ON GITHUB

github.com → New repository → Name: Termux-Security-Tools-Collection → Public → No README → Create

CONFIGURE GIT IN TERMUX

pkg install git git config --global user.email "your@email.com" git config --global user.name "philfesters"

INIT REPO & COPY FILES

mkdir Termux-Security-Tools-Collection cd Termux-Security-Tools-Collection git init

Copy all files (README.md, index.html, scripts/, categories/, etc.) into this folder

STAGE & COMMIT

git add . git commit -m "FEZZY WRLD: 100+ Termux security tools — Strategy Over Impulse"

PUSH TO GITHUB

git branch -M main git remote add origin https://github.com/philfesters/Termux-Security-Tools-Collection.git git push -u origin main

When prompted for password → use your Personal Access Token from github.com/settings/tokens

ENABLE GITHUB PAGES

Repo → Settings → Pages → Source: main → / (root) → Save
Live at: philfesters.github.io/Termux-Security-Tools-Collection

// FULL PUSH ONE-LINER
cd Termux-Security-Tools-Collection && git init && git add . && git commit -m "FEZZY WRLD: Termux Security Tools" && git branch -M main && git remote add origin https://github.com/philfesters/Termux-Security-Tools-Collection.git && git push -u origin main