4b0a402a4e
- Changed base URLs and targets in multiple modules to point to insecure.newploit.com for testing purposes. - Updated README.md to reflect the new domain and provide instructions for setting up the reverse proxy. - Adjusted configurations in AdminFinder, AutoPwn, Banner, DirFuzz, DnsTools, FormBrute, HttpProbe, PortScan, Repeater, Sqli, SslScan, SubEnum, Xploiter, and Xss components.
Pocket Pentester
Offensive security toolkit for Android. Pure Rust + Tauri + Vue. 21 modules. Offline-first. No root required.
Modules
◉ Recon
| # | Tool | What it does |
|---|---|---|
| 01 | port-scan | Async TCP port discovery with service hints |
| 02 | subdomain | 16 passive sources (crt.sh, certspotter, c99, VT, ...) + brute |
| 03 | http-probe | Fingerprint live hosts, status, title, tech stack |
| 21 | domain-grab | Bulk harvest domains by TLD from web sources + IANA catalog |
⚔ Exploitation
| # | Tool | What it does |
|---|---|---|
| 04 | takeover | Subdomain takeover — 18 service fingerprints (S3/GH/Heroku/Azure/+) |
| 05 | sqli | sqlmap-style: error + boolean-blind + union + time-blind + auto-extract |
| 06 | xss | Context-aware reflection: HTML/attr/JS/URL payloads with canary |
| 07 | jwt | alg:none + kid injection + HMAC weak-secret brute + admin forgery |
| 08 | xploiter | YAML template engine — variables, payloads, matchers, chains |
| 09 | auto-pwn | Full chain: recon → probe → exploit, one-button pipeline |
| 12 | dir-fuzz | Content discovery with recursion + wildcard calibration |
| 14 | admin-finder | 320+ admin paths, CMS fingerprint, login form detect |
| 15 | form-brute | Login bruteforce: CSRF aware, regex match, baseline delta |
✎ Manual
| # | Tool | What it does |
|---|---|---|
| 11 | repeater | Burp-lite: method/URL/headers/body editor + preview + curl export |
≋ Network
| # | Tool | What it does |
|---|---|---|
| 10 | lan-map | Discover LAN devices: TCP sweep + mDNS + SSDP/UPnP |
| 16 | dns | A/AAAA/MX/TXT/NS/CNAME/SOA/CAA/SRV + AXFR + DNSSEC |
| 17 | ssl-scan | TLS cert chain, SANs, expiry, weak sig, version audit |
| 18 | banner-grab | TCP banner + service fingerprint (SSH/SMTP/FTP/HTTP/Redis/MySQL) |
⚙ Utility
| # | Tool | What it does |
|---|---|---|
| 13 | payload-gen | 50+ reverse/bind shells + webshells + msfvenom + encoders |
| 19 | encoder | Chainable b64/url/hex/html/rot13/morse/jwt pipeline |
| 20 | hash-tools | Identify 28+ hash types + compute MD5/SHA/CRC32 |
Screenshots
 splash |
arsenal |
 auto-pwn |
 sqli |
 xploiter |
 repeater |
 domain-grab |
 ssl-scan |
 payload-gen |
Quick start
# install
pnpm install
# dev (desktop)
pnpm tauri dev
# dev (android — usb debug)
pnpm tauri android dev
# build apk
pnpm tauri android build --apk --split-per-abi
# → src-tauri/gen/android/app/build/outputs/apk/arm64/release/
Stack
- Frontend — Vue 3 + TypeScript + Vite
- Backend — Rust + Tauri 2
- Async — tokio + reqwest + hickory-dns + rustls
Credits
Created by imtaqin · Powered by Tegal 1337