Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD


The word santoku loosely translates as ‘three virtues’ or ‘three uses’. Santoku Linux has been crafted with a plethora of open source tools to support you in three endeavours, mobile forensics, malware analysis and security testing. Boot into Santoku and get to work, with the latest security tools and utilities focused on mobile platforms such as Android and iOS.

Santoku - Mobile Forensics, Malware Analysis, and App Security Testing LiveCD

Pre-installed platform SDKs, drivers, and utilities, plus helpful tools for easy deployment and control of mobile apps. Auto Detection and setup of new connected mobile devices. To make future updating of Santoku WAY easier for users, we’re hosting a repository. Set it up just once and get updates with package management instead of downloading a whole new iso.

Mobile Forensics

Tools to acquire and analyze data

  • Firmware flashing tools for multiple manufacturers
  • Imaging tools for NAND, media cards, and RAM
  • Free versions of some commercial forensics tools
  • Useful scripts and utilities specifically designed for mobile forensics

Mobile Malware

Tools for examining mobile malware

  • Mobile device emulators
  • Utilities to simulate network services for dynamic analysis
  • Decompilation and disassembly tools
  • Access to malware databases

Mobile Security

Assessment of mobile apps

  • Decompilation and disassembly tools
  • Scripts to detect common issues in mobile applications
  • Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more

You can download Santoku here:

santoku_0.5.iso (Direct ISO)
santoku_0.5.iso.torrent (Torrent)

Or read more here.

Posted in: Exploits/Vulnerabilities, Linux Hacking, Malware

, ,


Latest Posts:


OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.


Comments are closed.