Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD


The word santoku loosely translates as ‘three virtues’ or ‘three uses’. Santoku Linux has been crafted with a plethora of open source tools to support you in three endeavours, mobile forensics, malware analysis and security testing. Boot into Santoku and get to work, with the latest security tools and utilities focused on mobile platforms such as Android and iOS.

Santoku - Mobile Forensics, Malware Analysis, and App Security Testing LiveCD

Pre-installed platform SDKs, drivers, and utilities, plus helpful tools for easy deployment and control of mobile apps. Auto Detection and setup of new connected mobile devices. To make future updating of Santoku WAY easier for users, we’re hosting a repository. Set it up just once and get updates with package management instead of downloading a whole new iso.

Mobile Forensics

Tools to acquire and analyze data

  • Firmware flashing tools for multiple manufacturers
  • Imaging tools for NAND, media cards, and RAM
  • Free versions of some commercial forensics tools
  • Useful scripts and utilities specifically designed for mobile forensics

Mobile Malware

Tools for examining mobile malware

  • Mobile device emulators
  • Utilities to simulate network services for dynamic analysis
  • Decompilation and disassembly tools
  • Access to malware databases

Mobile Security

Assessment of mobile apps

  • Decompilation and disassembly tools
  • Scripts to detect common issues in mobile applications
  • Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more

You can download Santoku here:

santoku_0.5.iso (Direct ISO)
santoku_0.5.iso.torrent (Torrent)

Or read more here.

Posted in: Exploits/Vulnerabilities, Linux Hacking, Malware

, ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


Comments are closed.