Using a VPN Server on Android device in order to perform remote vulnerability scan

I am working on an Android Java application that performs a vulnerability scan of the network where the mobile device is. Since I cannot install any type of vulnerability scan tool on Android I would like to send the vulnerability scan packets from a back-end server (running open-vas) to my android device and then make the android device forward them to the destination hosts inside his network. The easiest way to do that would be to create a VPN Server on the android device, but I don't think it's possible with the VpnService APIs. From what I have found it looks like someone managed to forward traffic with VPN Service: Android VpnService - How to forward intercepted internet traffic . Another idea was to create a sort of packet wrapping: I can wrap the original packet coming from the back-end server inside a standard TCP packet, send it to the android device, unwrap it and forward it to the host inside the device's network. Although I don't know if this would really work in my case for 2 main reasons: 1. I will probably receive RAW packets from the server (since vulnerability scanners forges specific RAW packets for vulnerability testing) and Java does not have any support for manipulating packets 2. Even if I am able to unwrap the packet I will still have a RAW packet to send and from what I have seen Java does not have any support for RAW sockets for security reasons. So do you guys have an idea if there is a way to create a VPN Server on Android to do this remote vulnerability scan? Thanks! PS Maybe rooting the device will give some more alternatives but I am reserving this as last chance.