Compiling dynamic Nmap for Android

This document is outdated.

sudo apt-get install gcc-arm-linux-gnueabi g++-arm-linux-gnueabi

And this guide assumes you have a rooted device.
I do not publish guides on rooting devices at this time.
I also assume you have gone to the google app store and installed “busybox” for rooted phones.

export CC=/usr/bin/arm-linux-gnueabi-gcc
export STRIP=/usr/bin/arm-linux-gnueabi-strip
export CFLAGS=”-march=armv7-a -O2 -static”
export LD_FLAGS=”-static”
export NM=/usr/bin/arm-linux-gnueabi-nm
export AR=/usr/bin/arm-linux-gnueabi-ar
export LD=/usr/bin/arm-linux-gnueabi-ld
export CPP=/usr/bin/arm-linux-gnueabi-cpp
export CXX=/usr/bin/arm-linux-gnueabi-g++
export AS=/usr/bin/arm-linux-gnueabi-as

So we make them all one giant command:
export CC=/usr/bin/arm-linux-gnueabi-gcc && export STRIP=/usr/bin/arm-linux-gnueabi-strip && export CFLAGS=”-march=armv7-a -O2 -static” && export LD_FLAGS=”-static” && export NM=/usr/bin/arm-linux-gnueabi-nm && export AR=/usr/bin/arm-linux-gnueabi-ar && export LD=/usr/bin/arm-linux-gnueabi-ld && export CPP=/usr/bin/arm-linux-gnueabi-cpp && export CXX=/usr/bin/arm-linux-gnueabi-g++ && export AS=/usr/bin/arm-linux-gnueabi-as

Next we configure and create the Makefile:
./configure –host=arm-linux –prefix=/arm/nmap –with-libpcap=internal –with-pcap=linux –without-liblua –enable-static

Now run the compilation of the program:
make

Then we : sudo make install
this will dump the program to the directory /arm/nmap
cd to that dir and make a tar archive (tar -cvf archivename.tar * or /arm/nmap)
then do an adb push to the phone:
adb push archivename.tar /data/local/tmp (nmap.tar in my case)

Now we need the libs as the static compile failed.

cd /usr/arm-linux-gnueabi/lib/
sudo tar -cvf libs.tar *
adb push libs.tar /data/local/tmp

You now have nmap and the required libs located in /data/local/tmp
So we need to login to the phone and set things up:

adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 rootfs

busybox mkdir /lib
cd /lib
busybox tar -xvf libs.tar
cd /data/local/tmp
busybox tar -xvf nmap.tar
mine unpacked the subdirs as I created the tar that way, anyhow my nmap is located now at /data/local/tmp/arm/nmap/bin/nmap
cd /data/local/tmp/arm/nmap/bin
busybox cp * /sbin
cd ../share
busybox mkdir /share
busybox cp -R * /share
cd ../lib
busybox cp -R * /lib

now it is ready to go, lets see what it does :)

root@android:/data/local/tmp/arm/nmap/share # nmap -sS -vv -PN 192.168.1.1
Warning: The -PN option is deprecated. Please use -Pn

Starting Nmap 6.49BETA6 ( https://nmap.org ) at 2015-11-12 17:11 UTC
Initiating ARP Ping Scan at 17:11
Scanning 192.168.1.1 [1 port]
Completed ARP Ping Scan at 17:11, 0.14s elapsed (1 total hosts)
mass_dns: warning: Unable to open /etc/resolv.conf. Try using –system-dns or specify valid servers with –dns-servers
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers
Initiating SYN Stealth Scan at 17:11
Scanning 192.168.1.1 [1000 ports]
Discovered open port 443/tcp on 192.168.1.1
Discovered open port 80/tcp on 192.168.1.1
Completed SYN Stealth Scan at 17:11, 0.47s elapsed (1000 total ports)
Nmap scan report for 192.168.1.1
Host is up, received arp-response (0.031s latency).
Scanned at 2015-11-12 17:11:33 UTC for 1s
Not shown: 998 closed ports
Reason: 998 resets
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 64
81/tcp open hosts2-ns syn-ack ttl 64
MAC Address: XX:XX:XX:XX:XX:XX (Unknown)

Read data files from: /sbin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.60 seconds
Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.044KB)

Leave a Reply