cSploit – Successor of dSploit, most powerful network penetration testing toolkit

This article is the original content of AppNee. All rights reserved. To repost or reproduce, please make a footnote with our article link!

Two core developers of dSploit went separate ways in the fall of 2014. dSploit’s father merged it into the commercial zANTI 2 with ambition to build a series of security apps on Android platform. Meanwhile, the other founder (now cSploit‘s father) can’t wait the distant promise to open source of zANTI 2. Thus, he decided to fork the killed project and finish all the original dSploit To-Dos on a new core – cSploit, by himself.

No doubt, as successor of dSploit, after adding a lot of new things, cSploit has become currently the most complete and advanced network security analysis and penetration professional toolkit on Android. The biggest change in cSploit is abandoned the old way and adopted a more effective new core to work. In other words, you will find that it runs faster. In short, cSploit enables you to scan all devices in a network, such as smartphone, laptop, and to recognize their operating system, running services and open ports for deeper penetration test. All this will be finished on your smartphone with Android OS.

BTW, By reading the core source code of dSploit and cSploit, you will find that their basic code is the same, and their core functions are all based on other excellent open-source apps, such as: arpspoof/ettercap/tcpdump/hydra/nmap. Anyway, cSploit has become the most powerful network security exploiting (mobile penetration testing) application on mobile device of all time. In my opinion, it may eventually force zANTI 2 to find another way out.

// Main Applications //

  • Map your local network
  • Enumerate local hosts
  • Fingerprint hosts’ operating systems and open ports
  • Find vulnerabilities
  • Find exploits for these vulnerabilities
  • Use those exploits to gain access to the target
  • Crack wifi passwords
  • Install backdoors for later access

// Main MitM Attacks //

  • Image, text, and video replacement– replace your own content on unencrypted web pages
  • JavaScript injection– add your own javascript to unencrypted web pages.
  • password sniffing ( with common protocols dissection )
  • Capture pcap network traffic files
  • Real time traffic manipulation to replace images/text/inject into web pages
  • DNS spoofing to redirect traffic to different domain
  • Break existing connections
  • Redirect traffic to another address
  • Session Hijacking– listen for unencrypted cookies and clone them to take Web session

// System Requirements //

  • Android 2.3+
  • Root privilege required
  • You have to completely install BusyBox, including its all components
  • SuperSU required

// Fan Made Demo Video //

// Installation Notes //

  1. First of all, root your Android OS using SuperSU (if required). Otherwise, you will see error like this:
    • Initialization Error: cannot find a core for this device
    • Core is not installed, the application will just check for updates…
    • Fatal error…
  2. Download and install BusyBox, cSploit
  3. Run BusyBox first, then run cSploit
  4. Follow the instructions to continue…

// Related Links //

// Download URLs //

Stable/Pre Release Nightly Build

(Homepage | GitHub)