When some people hear about this new tool, they think its about running nmap from a smartphone. Rather, this tool allows you to assess the security of the smartphones in your environment in the manner you’ve come to expect with modern penetration testing tools.



The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.


SPF Version 0.1

SPF Version 0.1 includes a text based management console, a web based GUI, and a management Android app. Additionally, a post exploitation “agent” for the Android platform is included. SPF Version 0.1 was previewed at the Hackers on Planet Earth conference and will be shown at Blackhat USA Wednesday and Thursday in the arsenal and is included on the Blackhat delegate CD. An Introduction to SPF talk will be given by author Georgia Weidman, CEO of Bulb Security, at Bsides Las Vegas and Defcon Skytalks. Following Blackhat/Defcon/BsidesLV SPF Version 0.1 will be released publicly at


SPF is an on going project, with plans in the works to support additional devices, more modules in each attack vector category, integration with existing tools such as Metasploit, SET, and more!