Allllllllllllllllllllllllllllllllllllrighty then.

I wrote this guide because most of the documentation requires you to know the basics of flashing ROMs and stuff and just generally how to use Android, which I didn’t know. Maybe you don’t know either.

For some reason I thought it would be a good idea to buy a used Oneplus One (got mine for $120) for the sole reason of installing Kali Linux NetHunter, which can be installed over your Android ROM to give you a bunch of nifty penetration tools in a (more) mobile platform.

I specifically chose the OnePlus One because it’s the recommended device for installing NetHunter, and I’m a total noob at anything Android. And sure enough, installing it was simple as heck.

I used the Kali NetHunter Linux Root Toolkit to install everything.

1. Hunting down CyanogenMod 13

The CyanogenMod project has been dead since 2016, which made it super inconvenient to try and find the ROM. Probably doesn’t help that the phone was released in 2014 either.

After much googling, I found this ROM for CM 13.1.2. Whether or not it’s official is anyone’s guess, BUT THE FILENAME SAYS SIGNED, SO I TRUST IT.

Unfortunately the above link appears to be dead, but I’ve got a copy that I’ve put on my Google Drive. I definitely haven’t fucked with it, make sure to run shell.exe as Administrator or with sudo.

2. Downloading Components

The NetHunter install requires a few different components to work correctly.

TeamWin Recovery Project

TWRP is used as a custom recovery image that lets you flash all sorts of stuff through a handy GUI.

TWRP was found pretty quickly by following the LRT instructions. I downloaded version 3.3.1.


SuperSU lets apps request root permission.

Following the LRT instructions, I downloaded beta version 2.66 (the 2.67 link was dead).

adb and fastboot

I found links to Android Platform Tools here, and then downloaded the latest version for MacOS. After unzipping, I put adb and fastboot in my PATH by running:

cd platform-tools
cp adb /usr/local/bin/
cp fastboot /usr/local/bin/

Kali Linux NetHunter

From the Kali Linux Nethunter download page, I downloaded the latest version for the OnePlus One.

3. Cloning the Kali NetHunter Linux Root Toolkit

Very, very simple. On my Mac, I ran:

git clone
cd kali-nethunter-lrt

4. Preparing the Phone

Enable USB Debugging

Tons of blogs have written about how to do this, so I’ve linked the first result from Google. Make sure you accept the RSA fingerprint when you plug the phone into your computer.

Unlock the Bootloader

Luckily for me, the bootloader on my phone was already unlocked.

The LRT includes a script to unlock the phone too. After connecting the phone with USB debugging enabled, run this script:


Installing Stock Image

This step is optional, but I did it just for a smoother install.

I copied the CM 13 ZIP file previously downloaded into the stockImage folder of the LRT cloned repository and ran the script for OnePlus One (64GB).

cp ../ stockImage/
./ 64gb

This takes about 5 minutes.

With a newly flashed ROM, I then setup the phone and re-enabled USB debugging. This step in itself took the longest, as CM 13 is a bag of dicks full of Microsoft and Google bloatware.

5. Flashing NetHunter

I moved all of the components into their respective folders:

cp ../twrp-3.3.1-0-bacon.img twrpImage/
cp ../ superSu/
cp ../ kaliNethunter/

Then ran the happy little flashing script:


Interaction is required to allow modifications to allow NetHunter to be installed. Otherwise, after about 30 minutes, you’ll boot into a fresh new NetHunter instance!

I’ll be writing another guide on how to flash Kali NetHunter on the top of LineageOS 15.1 if I can ever figure out how to get it working. I’m so so so so close. I think.