Guides-Babiato-Request

1. ## **PHP deobfuscators**:
2.  
3. ## *Online*:
4. * FOPO PHP Deobfuscator [ver. 0.1](https://glot.io/snippets/ee5mzg3zf1) | [ver. 0.2](https://glot.io/snippets/efruafhnez)
5. * [Sucuri's PHP decoder](http://ddecode.com/phpdecoder/)
6. * [Toolki's PHP decoder](http://toolki.com/en/php-decoder/)
7. * [unPHP](https://www.unphp.net/)
8.  
9. ## *Offline*:
10. * [PHP Converter](http://www.kahusecur...nverter_v0.3.7z)
11. * [PHP Script Decoder](http://www.kahusecur...Decoder_v0.1.7z)
12.  
13. *Note*: check out KahuSecurity's site [directly](http://www.kahusecurity.com) for latest versions of these tools.
14.  
15.  
16. ## **PHP beautifiers**:
17. * [Dan's PHP beautify](http://www.cleancss.com/php-beautify/)
18. * [PHP beautifier](http://phpbeautifier.com/)
19. * [PHP formatter](http://beta.phpformatter.com/)
20.  
21.  
22. ## **PHP testers**:
23.  
24.  
25. ## *Online*:
26. * [PHP Editor](http://www.runphponline.com/)
27. * [PHPFiddle](http://phpfiddle.org/)
28. * [PHP Sandbox](http://sandbox.onlinephpfunctions.com/)
29. * [PHP Tester](http://phptester.net/)
30.  
31. ## *Offline*:
32. * [EasyPHP](http://www.easyphp.org/)
33. * [XAMPP](https://www.apachefr....org/index.html)
34.  
35.  
36. ## **Penetration Testing**
37.  
38. A collection of awesome penetration testing resources
39.  
40. - [Online Resources](#online-resources)
41. - [Penetration Testing Resources](#penetration-testing-resources)
42. - [Exploit development](#exploit-development)
43. - [Social Engineering Resources](#social-engineering-resources)
44. - [Lock Picking Resources](#lock-picking-resources)
45. - [Tools](#tools)
46. - [Penetration Testing Distributions](#penetration-testing-distributions)
47. - [Basic Penetration Testing Tools](#basic-penetration-testing-tools)
48. - [Docker for Penetration Testing](#docker-for-penetration-testing)
49. - [Vulnerability Scanners](#vulnerability-scanners)
50. - [Network Tools](#network-tools)
51. - [Wireless Network Tools](#wireless-network-tools)
52. - [SSL Analysis Tools](#ssl-analysis-tools)
53. - [Web exploitation](#web-exploitation)
54. - [Hex Editors](#hex-editors)
55. - [Crackers](#crackers)
56. - [Windows Utils](#windows-utils)
57. - [Linux Utils](#linux-utils)
58. - [DDoS Tools](#ddos-tools)
59. - [Social Engineering Tools](#social-engineering-tools)
60. - [OSInt Tools](#osint-tools)
61. - [Anonymity Tools](#anonymity-tools)
62. - [Reverse Engineering Tools](#reverse-engineering-tools)
63. - [CTF Tools](#ctf-tools)
64. - [Books](#books)
65. - [Penetration Testing Books](#penetration-testing-books)
66. - [Hackers Handbook Series](#hackers-handbook-series)
67. - [Network Analysis Books](#network-analysis-books)
68. - [Reverse Engineering Books](#reverse-engineering-books)
69. - [Malware Analysis Books](#malware-analysis-books)
70. - [Windows Books](#windows-books)
71. - [Social Engineering Books](#social-engineering-books)
72. - [Lock Picking Books](#lock-picking-books)
73. - [Vulnerability Databases](#vulnerability-databases)
74. - [Security Courses](#security-courses)
75. - [Information Security Conferences](#information-security-conferences)
76. - [Information Security Magazines](#information-security-magazines)
77. - [Awesome Lists](#awesome-lists)
78. - [Contribution](#contribution)
79. - [License](#license)
80.  
81.  
82.  
83.  
84.  
85. ## Online Resources
86.  
87.  
88. ## Penetration Testing Resources
89. * [Metasploit Unleashed](https://www.offensiv...loit-unleashed/) - Free Offensive Security Metasploit course
90. * [PTES](http://www.pentest-standard.org/) - Penetration Testing Execution Standard
91. * [OWASP](https://www.owasp.or...x.php/Main_Page) - Open Web Application Security Project
92. * [PENTEST-WIKI](https://github.com/nixawk/pentest-wiki) - A free online security knowledge library for pentesters / researchers.
93.  
94.  
95.  
96. ## Exploit development
97. * [Shellcode Tutorial](http://www.vividmach.../shellcode.html) - Tutorial on how to write shellcode
98. * [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database
99. * [Exploit Writing Tutorials](https://www.corelan....ased-overflows/) - Tutorials on how to develop exploits
100. * [shellsploit](https://github.com/b...ploit-framework) - New Generation Exploit Development Kit
101. * [Voltron](https://github.com/snare/voltron) - A hacky debugger UI for hackers
102.  
103.  
104. ## Social Engineering Resources
105. * [Social Engineering Framework](http://www.social-en...ral-discussion/) - An information resource for social engineers
106.  
107.  
108.  
109. ## Lock Picking Resources
110. * [Schuyler Towne channel](https://www.youtube..../SchuylerTowne/) - Lockpicking videos and security talks
111. * [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations.
112.  
113.  
114. ## Tools
115.  
116. ## Penetration Testing Distributions
117.  
118. * [Kali](https://www.kali.org/) - A Linux distribution designed for digital forensics and penetration testing
119. * [ArchStrike](https://archstrike.org/) - An Arch Linux repository for security professionals and enthusiasts
120. * [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers
121. * [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution
122. * [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo
123. * [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments
124. * [Parrot](https://www.parrotsec.org/) - A distribution similar to Kali, with multiple architecture
125.  
126.  
127.  
128.  
129.  
130. ## Basic Penetration Testing Tools
131. * [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software
132. * [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
133. * [ExploitPack](http://exploitpack.com/) - Graphical tool for penetration testing with a bunch of exploits
134. * [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project
135. * [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform
136. * [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework
137. * [commix](https://github.com/s...nopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool
138. * [routersploit](https://github.com/r...ll/routersploit) - Automated penetration testing software for router
139. * [redsnarf] (https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials
140.  
141.  
142.  
143. ## Docker for Penetration Testing
144. * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.c...i-linux-docker/)
145. * `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy)
146. * `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.c...canteam/wpscan/)
147. * `docker pull pandrew/metasploit` - [docker-metasploit](https://hub.docker.c...rew/metasploit/)
148. * `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.c...tizenstig/dvwa/)
149. * `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.c...rablewordpress/)
150. * `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.c...-cve-2014-6271/)
151. * `docker pull hmlio/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed](https://hub.docker.c...-cve-2014-0160/)
152. * `docker pull opendns/security-ninjas` - [Security Ninjas](https://hub.docker.c...ecurity-ninjas/)
153. * `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security](https://hub.docker.c...bench-security/)
154. * `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd](https://hub.docker.c...curityshepherd/)
155. * `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image](https://hub.docker.c...-owasp-webgoat/)
156. * `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.c...zenstig/nowasp/)
157.  
158.  
159. ## Vulnerability Scanners
160. * [Nexpose](https://www.rapid7.c...oducts/nexpose/) - Vulnerability Management & Risk Management Software
161. * [Nessus](http://www.tenable.c...ability-scanner) - Vulnerability, configuration, and compliance assessment
162. * [Nikto](https://cirt.net/nikto2) - Web application vulnerability scanner
163. * [OpenVAS](http://www.openvas.org/) - Open Source vulnerability scanner and manager
164. * [OWASP Zed Attack Proxy](https://www.owasp.or...k_Proxy_Project) - Penetration testing tool for web applications
165. * [Secapps](https://secapps.com/) - Integrated web application security testing environment
166. * [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework
167. * [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner
168. * [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X
169. * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
170. * [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework
171.  
172.  
173.  
174.  
175. ## Network Tools
176. * [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
177. * [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
178. * [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line
179. * [Wireshark](https://www.wireshark.org/) - A network protocol analyzer for Unix and Windows
180. * [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc
181. * [netsniff-ng](https://github.com/n...-ng/netsniff-ng) - A Swiss army knife for for network sniffing
182. * [Intercepter-NG](http://sniff.su/) - a multifunctional network toolkit
183. * [SPARTA](http://sparta.secforce.com/) - Network Infrastructure Penetration Testing Tool
184. * [dnschef](http://thesprawl.org/projects/dnschef/) - A highly configurable DNS proxy for pentesters
185. * [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service
186. * [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
187. * [dnsmap](https://github.com/makefu/dnsmap/) - Passive DNS network mapper
188. * [dnsrecon](https://github.com/d...rator/dnsrecon/) - DNS Enumeration Script
189. * [dnstracer](http://www.mavetju.o...x/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
190. * [passivedns-client](https://github.com/c...ssivedns-client) - Provides a library and a query tool for querying several passive DNS providers
191. * [passivedns](https://github.com/g...inux/passivedns) - A network sniffer that logs all DNS server replies for use in a passive DNS setup
192. * [Mass Scan](https://github.com/r...dgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
193. * [Zarp](https://github.com/hatRiot/zarp) - Zarp is a network attack tool centered around the exploitation of local networks
194. * [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
195. * [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH
196. * [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols
197. * [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
198. * [pwnat](https://github.com/samyk/pwnat) - punches holes in firewalls and NATs
199. * [dsniff](https://www.monkey.o...dugsong/dsniff/) - a collection of tools for network auditing and pentesting
200. * [tgcd](http://tgcd.sourceforge.net/) - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
201. * [smbmap](https://github.com/ShawnDEvans/smbmap) - a handy SMB enumeration tool
202. * [scapy](https://github.com/secdev/scapy) - a python-based interactive packet manipulation program & library
203. * [Dshell](https://github.com/U...earchLab/Dshell) - Network forensic analysis framework
204. * [Debookee (MAC OS X)](http://www.iwaxx.com/debookee/) - Intercept traffic from any device on your network
205. * [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer
206.  
207.  
208.  
209.  
210.  
211. ## Wireless Network Tools
212. * [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
213. * [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
214. * [Reaver](https://code.google....ve/p/reaver-wps) - Brute force attack against Wifi Protected Setup
215. * [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
216. * [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
217.  
218.  
219.  
220.  
221.  
222. ## SSL Analysis Tools
223. * [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner
224. * [sslstrip](https://www.thoughtc...tware/sslstrip/) - a demonstration of the HTTPS stripping attacks
225. * [sslstrip2](https://github.com/L...doNve/sslstrip2) - SSLStrip version to defeat HSTS
226. * [tls_prober](https://github.com/W...tLtd/tls_prober) - fingerprint a server's SSL/TLS implementation
227.  
228.  
229. ## Web exploitation
230. * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
231. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
232. * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
233. * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
234. * [cms-explorer](https://code.google....p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
235. * [joomscan](https://www.owasp.or...Scanner_Project) - Joomla CMS scanner
236. * [WhatWeb](https://github.com/u...enturer/WhatWeb) - Website Fingerprinter
237. * [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter
238. * [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
239. * [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner
240. * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool
241. * [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool
242.  
243. ## Hex Editors
244. * [HexEdit.js](https://hexed.it) - Browser-based hex editing
245. * [Hexinator](https://hexinator.com/) (commercial) - World's finest Hex Editor
246.  
247.  
248. ## Crackers
249. * [John the Ripper](http://www.openwall.com/john/) - Fast password cracker
250. * [Online MD5 cracker](http://www.md5crack.com/) - Online MD5 hash Cracker
251. * [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker
252.  
253.  
254.  
255. ## Windows Utils
256. * [Sysinternals Suite](https://technet.micr...ernals/bb842062) - The Sysinternals Troubleshooting Utilities
257. * [Windows Credentials Editor](http://www.ampliasec...entials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
258. * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
259. * [PowerSploit](https://github.com/P...fia/PowerSploit) - A PowerShell Post-Exploitation Framework
260. * [Windows Exploit Suggester](https://github.com/G...ploit-Suggester) - Detects potential missing patches on the target
261. * [Responder](https://github.com/S...rLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
262. * [Empire](https://github.com/P...llEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
263. * [Fibratus](https://github.com/r...tstack/fibratus) - Tool for exploration and tracing of the Windows kernel
264.  
265.  
266.  
267. ## Linux Utils
268. * [Linux Exploit Suggester](https://github.com/P...ploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
269.  
270.  
271.  
272. ## DDoS Tools
273. * [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
274. * [JS LOIC](http://metacortexsec...OIC/LOICv1.html) - JavaScript in-browser version of LOIC
275. * [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool
276.  
277.  
278.  
279. ## Social Engineering Tools
280. * [SET](https://github.com/t...ngineer-toolkit) - The Social-Engineer Toolkit from TrustedSec
281.  
282.  
283.  
284. ## OSInt Tools
285. * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
286. * [theHarvester](https://github.com/l...es/theHarvester) - E-mail, subdomain and people names harvester
287. * [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool
288. * [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
289. * [Google Hacking Database](https://www.exploit-...cking-database/) - a database of Google dorks; can be used for recon
290. * [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans
291. * [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
292. * [recon-ng](https://bitbucket.or...SteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
293. * [github-dorks](https://github.com/t...un/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak
294. * [vcsmap](https://github.com/melvinsh/vcsmap) - A plugin-based tool to scan public version control systems for sensitive information
295.  
296.  
297.  
298.  
299.  
300. ## Anonymity Tools
301. * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
302. * [I2P](https://geti2p.net/en/) - The Invisible Internet Project
303. * [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network.
304.  
305.  
306.  
307.  
308.  
309. ## Reverse Engineering Tools
310. * [IDA Pro](https://www.hex-rays.com/products/ida/) - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
311. * [IDA Free](https://www.hex-rays..._freeware.shtml) - The freeware version of IDA v5.0
312. * [WDK/WinDbg](https://msdn.microso...e/hh852365.aspx) - Windows Driver Kit and WinDbg
313. * [OllyDbg](http://www.ollydbg.de/) - An x86 debugger that emphasizes binary code analysis
314. * [Radare2](http://rada.re/r/index.html) - Opensource, crossplatform reverse engineering framework
315. * [x64_dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for windows
316. * [Immunity Debugger](http://debugger.immunityinc.com/) - A powerful new way to write exploits and analyze malware
317. * [Evan's Debugger](http://www.codef00.c...ojects#debugger) - OllyDbg-like debugger for Linux
318. * [Medusa disassembler](https://github.com/wisk/medusa) - An open source interactive disassembler
319. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
320. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB
321.  
322.  
323.  
324.  
325.  
326. ## CTF Tools
327. * [Pwntools](https://github.com/Gallopsled/pwntools) - CTF framework for use in CTFs
328.  
329.  
330.  
331.  
332. ## Books
333.  
334.  
335.  
336. ## Penetration Testing Books
337. * [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm)
338. * [Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011](https://www.nostarch.com/metasploit)
339. * [Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014](https://www.nostarch.com/pentesting)
340. * [Rtfm: Red Team Field Manual by Ben Clark, 2014](http://www.amazon.co.../dp/1494295504/)
341. * [The Hacker Playbook by Peter Kim, 2014](http://www.amazon.co.../dp/1494932636/)
342. * [The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013](https://www.elsevier...8-1-59749-655-1)
343. * [Professional Penetration Testing by Thomas Wilhelm, 2013](https://www.elsevier...8-1-59749-993-4)
344. * [Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012](http://www.packtpub....ate-security-gu)
345. * [Violent Python by TJ O'Connor, 2012](https://www.elsevier...8-1-59749-957-6)
346. * [Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007](http://www.fuzzing.org/)
347. * [Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014](http://www.amazon.co...s/dp/1593275900)
348. * [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http://www.amazon.co...l/dp/1435483677)
349. * [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.co...k/dp/B005DIAPKE)
350. * [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.co...n/dp/0071828362)
351. * [Bug Hunter's Diary by Tobias Klein, 2011](https://www.nostarch.com/bughunter)
352.  
353.  
354.  
355. ## Hackers Handbook Series
356. * [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com...0764578014.html)
357. * [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com...047008023X.html)
358. * [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com...0470395362.html)
359. * [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com...1118026470.html)
360. * [iOS Hackers Handbook by Charlie Miller et al., 2012](http://www.wiley.com...1118204123.html)
361. * [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com...111860864X.html)
362. * [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://www.wiley.com...1118662091.html)
363. * [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com...1118958500.html)
364. * [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
365.  
366.  
367. ## Network Analysis Books
368. * [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](https://nmap.org/book/)
369. * [Practical Packet Analysis by Chris Sanders, 2011](https://www.nostarch.com/packet2.htm)
370. * [Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012](http://www.wiresharkbook.com/)
371. * [Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012](http://www.amazon.co.../dp/B008CG8CYU/)
372.  
373.  
374.  
375. ## Reverse Engineering Books
376. * [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
377. * [Hacking the Xbox by Andrew Huang, 2003](https://www.nostarch.com/xbox.htm)
378. * [The IDA Pro Book by Chris Eagle, 2011](https://www.nostarch.com/idapro2.htm)
379. * [Practical Reverse Engineering by Bruce Dang et al., 2014](http://www.wiley.com...1118787315.html)
380. * [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.co...n/dp/0071832386)
381.  
382.  
383.  
384.  
385.  
386. ## Malware Analysis Books
387. * [Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012](https://www.nostarch.com/malware)
388. * [The Art of Memory Forensics by Michael Hale Ligh et al., 2014](http://www.wiley.com...1118825098.html)
389. * [Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010](http://www.wiley.com...0470613033.html)
390.  
391.  
392. ## Windows Books
393. * [Windows Internals by Mark Russinovich et al., 2012](http://www.amazon.co.../dp/0735648735/)
394.  
395.  
396.  
397. ## Social Engineering Books
398. * [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http://www.wiley.com...0471237124.html)
399. * [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com...0764569597.html)
400. * [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachetteb.../9780316134477/)
401. * [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier...8-1-59749-215-7)
402. * [Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010](http://www.wiley.com...0470639539.html)
403. * [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com...1118608577.html)
404. * [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofes...isbn=0071818464)
405.  
406.  
407.  
408.  
409. ## Lock Picking Books
410. * [Practical Lock Picking by Deviant Ollam, 2012](https://www.elsevier...8-1-59749-989-7)
411. * [Keys to the Kingdom by Deviant Ollam, 2012](https://www.elsevier...8-1-59749-983-5)
412. * [CIA Lock Picking Field Operative Training Manual](https://www.scribd.c...Training-Manual)
413. * [Lock Picking: Detail Overkill by Solomon](https://www.dropbox....erkill.pdf?dl=0)
414. * [Eddie the Wire books](https://www.dropbox...._StLPUYm-a?dl=0)
415.  
416.  
417. ## Vulnerability Databases
418. * [NVD](https://nvd.nist.gov/) - US National Vulnerability Database
419. * [CERT](https://www.us-cert.gov/) - US Computer Emergency Readiness Team
420. * [OSVDB](https://blog.osvdb.org/) - Open Sourced Vulnerability Database
421. * [Bugtraq](http://www.securityfocus.com/) - Symantec SecurityFocus
422. * [Exploit-DB](https://www.exploit-db.com/) - Offensive Security Exploit Database
423. * [Fulldisclosure](http://seclists.org/fulldisclosure/) - Full Disclosure Mailing List
424. * [MS Bulletin](https://technet.micr...urity/bulletins) - Microsoft Security Bulletin
425. * [MS Advisory](https://technet.micr...rity/advisories) - Microsoft Security Advisories
426. * [Inj3ct0r](http://www.1337day.com/) - Inj3ct0r Exploit Database
427. * [Packet Storm](https://packetstormsecurity.com/) - Packet Storm Global Security Resource
428. * [SecuriTeam](http://www.securiteam.com/) - Securiteam Vulnerability Information
429. * [CXSecurity](http://cxsecurity.com/) - CSSecurity Bugtraq List
430. * [Vulnerability Laboratory](http://www.vulnerability-lab.com/) - Vulnerability Research Laboratory
431. * [ZDI](http://www.zerodayinitiative.com/) - Zero Day Initiative
432.  
433.  
434.  
435.  
436.  
437. ## Security Courses
438. * [Offensive Security Training](https://www.offensiv...urity-training/) - Training from BackTrack/Kali developers
439. * [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification
440. * [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes
441. * [CTF Field Guide](https://trailofbits.github.io/ctf/) - everything you need to win your next CTF competition
442.  
443.  
444.  
445.  
446.  
447. ## Information Security Conferences
448. * [DEF CON](https://www.defcon.org/) - An annual hacker convention in Las Vegas
449. * [Black Hat](http://www.blackhat.com/) - An annual security conference in Las Vegas
450. * [BSides](http://www.securitybsides.com/) - A framework for organising and holding security conferences
451. * [CCC](https://events.ccc.de/congress/) - An annual meeting of the international hacker scene in Germany
452. * [DerbyCon](https://www.derbycon.com/) - An annual hacker conference based in Louisville
453. * [PhreakNIC](http://phreaknic.info/) - A technology conference held annually in middle Tennessee
454. * [ShmooCon](http://shmoocon.org/) - An annual US east coast hacker convention
455. * [CarolinaCon](http://www.carolinacon.org/) - An infosec conference, held annually in North Carolina
456. * [SummerCon](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer
457. * [Hack.lu](https://2016.hack.lu/) - An annual conference held in Luxembourg
458. * [HITB](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands
459. * [Troopers](https://www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany
460. * [Hack3rCon](http://hack3rcon.org/) - An annual US hacker conference
461. * [ThotCon](http://thotcon.org/) - An annual US hacker conference held in Chicago
462. * [LayerOne](http://www.layerone.org/) - An annual US security conference held every spring in Los Angeles
463. * [DeepSec](https://deepsec.net/) - Security Conference in Vienna, Austria
464. * [SkyDogCon](http://www.skydogcon.com/) - A technology conference in Nashville
465. * [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul)
466. * [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
467. * [AppSecUSA](https://appsecusa.org/) - An annual conference organised by OWASP
468. * [BruCON](http://brucon.org) - An annual security conference in Belgium
469. * [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK
470. * [Nullcon](http://nullcon.net/website/) - An annual conference in Delhi and Goa, India
471. * [RSA Conference USA](https://www.rsaconference.com/) - An annual security conference in San Francisco, California, USA
472. * [Swiss Cyber Storm](https://www.swisscyberstorm.com/) - An annual security conference in Lucerne, Switzerland
473. * [Virus Bulletin Conference](https://www.virusbul...onference/index) - An annual conference going to be held in Denver, USA for 2016
474. * [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
475. * [44Con](https://44con.com/) - Annual Security Conference held in London
476. * [BalCCon](https://www.balccon.org) - Balkan Computer Congress, annualy held in Novi Sad, Serbia
477. * [FSec](http://fsec.foi.hr) - FSec - Croatian Information Security Gathering in Varaždin, Croatia
478.  
479.  
480.  
481.  
482.  
483. ## Information Security Magazines
484. * [2600: The Hacker Quarterly](https://www.2600.com...DigitalEditions) - An American publication about technology and computer "underground"
485. * [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine
486.  
487.  
488.  
489.  
490.  
491. ## Awesome Lists
492. * [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
493. * [SecTools](http://sectools.org/) - Top 125 Network Security Tools
494. * [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
495. * [.NET Programming](https://github.com/q.../awesome-dotnet) - A software framework for Microsoft Windows platform development
496. * [Shell Scripting](https://github.com/a...y/awesome-shell) - Command-line frameworks, toolkits, guides and gizmos
497. * [Ruby Programming by @dreikanter](https://github.com/d.../ruby-bookmarks) - The de-facto language for writing exploits
498. * [Ruby Programming by @markets](https://github.com/m...ts/awesome-ruby) - The de-facto language for writing exploits
499. * [Ruby Programming by @Sdogruyol](https://github.com/S...ol/awesome-ruby) - The de-facto language for writing exploits
500. * [JavaScript Programming](https://github.com/s...some-javascript) - In-browser development and scripting
501. * [Node.js Programming by @sindresorhus](https://github.com/s.../awesome-nodejs) - JavaScript in command-line
502. * [Node.js Programming by @vndmtrx](https://github.com/v.../awesome-nodejs) - JavaScript in command-line
503. * [Python tools for penetration testers](https://github.com/d...n-pentest-tools) - Lots of pentesting tools are written in Python
504. * [Python Programming by @svaksha](https://github.com/svaksha/pythonidae) - General Python programming
505. * [Python Programming by @pruned_56278917](https://github.com/v.../awesome-python) - General Python programming
506. * [Android Security](https://github.com/a...ecurity-awesome) - A collection of android security related resources
507. * [Awesome Awesomness](https://github.com/b...ome-awesomeness) - The List of the Lists
508. * [AppSec](https://github.com/p.../awesome-appsec) - Resources for learning about application security
509. * [CTFs](https://github.com/a...hal/awesome-ctf) - Capture The Flag frameworks, libraries, etc
510. * [Hacking](https://github.com/c...awesome-hacking) - Tutorials, tools, and resources
511. * [Honeypots](https://github.com/p...esome-honeypots) - Honeypots, tools, components, and more
512. * [Infosec](https://github.com/o...awesome-infosec) - Information security resources for pentesting, forensics, and more
513. * [Malware Analysis](https://github.com/r...alware-analysis) - Tools and resources for analysts
514. * [PCAP Tools](https://github.com/c...esome-pcaptools) - Tools for processing network traffic
515. * [Security](https://github.com/s...wesome-security) - Software, libraries, documents, and other resources
516. * [Awesome List](https://github.com/s...esorhus/awesome) - A curated list of awesome lists
517. * [SecLists](https://github.com/d...essler/SecLists) - Collection of multiple types of lists used during security assessments
518. * [Security Talks](https://github.com/P...esome-sec-talks) - A curated list of security conferences
519.  
520.  
521.  
522.  
523.  
524. ## OSX security related tools
525.  
526. 1. [OSX collector](https://github.com/Yelp/OSXCollector) - for forensic analysis
527. 2. [MIDAS](https://github.com/etsy/MIDAS) - Mac Intrusion Detection Analysis System
528. 3. [OSX auditor](https://github.com/jipegit/OSXAuditor) - for forensic analysis
529. 4. [Santa](https://github.com/google/santa) - binary whitelisting/blacklisting system
530. 5. [Masochist](https://github.com/squiffy/Masochist) - framework for creating XNU based rootkits
531. 6. [Class-dump](http://stevenygard.c...cts/class-dump/) - command-line utility to dump Objective-C runtime information
532. 7. [Mach inject](https://github.com/r...sch/mach_inject) - Inter process code injection for Mac OS X
533. 8. [Task vaccine](https://github.com/r...vd/task_vaccine) - similar to mach inject
534. 8. [Hopper](http://www.hopperapp.com/) - Hopper disassembler (not free)
535. 9. [Mach-O diff](https://github.com/s...shall/machodiff) - mach-o diffing tool
536. 10. [Mac4n6](https://github.com/pstirparo/mac4n6) - A collection of OS X and iOS forensic artifacts
537. 11. [XGuardian scanner](https://github.com/o...anner/XGuardian) - Security Scanner for OSX
538. 12. [Crashwalk](https://github.com/bnagy/crashwalk)
539. 13. [PassiveFuzzFrameworks](https://github.com/S...uzzFrameworkOSX)
540.  
541.  
542.  
543.  
544.  
545. ## iOS security related tools
546.  
547. A collection of ios security related resources
548.  
549. 1. [IDB](https://github.com/dmayer/idb) - iOS App Security Assessment Tool
550. 2. [iRET](https://github.com/S3Jensen/iRET) - iOS Reverse Engineering Toolkit
551. 3. [DVIA](http://damnvulnerableiosapp.com/) - Damn Vulnerable iOS App for learning
552. 4. [LibiMobileDevice](https://github.com/l...ibimobiledevice) - A cross-platform protocol library to communicate with iOS devices
553. 5. [Needle](https://github.com/mwrlabs/needle) - iOS App Pentesting Tool
554. 6. [snoop-it](https://code.google....ive/p/snoop-it/) - A tool to assist security assessments and dynamic analysis of iOS Apps
555.  
556. android-security
557.  
558.  
559.  
560. ========================
561.  
562.  
563.  
564. A collection of android security related resources.
565.  
566. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
567.  
568. ## ONLINE ANALYZERS
569.  
570. 1. [AndroTotal](http://andrototal.org/)
571. * [Dexter](https://dexter.dexlabs.org/)
572. * [Tracedroid](http://tracedroid.few.vu.nl/)
573. * [Visual Threat](http://www.visualthreat.com/)
574. * [Mobile Malware Sandbox](http://www.mobilemal...is/index_en.php)
575. * [MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp)
576. * [IBM Security AppScan Mobile Analyzer](https://appscan.blue.../mobileAnalyzer) - not free
577. * [NVISO ApkScan](https://apkscan.nviso.be/)
578. * [AVC UnDroid](http://www.av-compar...g/avc-analyzer/)
579. * [Fireeye](https://fireeye.ijinshan.com/)- max 60MB 15/day
580. * [habo](https://habo.qq.com/) 10/day
581. * [Virustotal](https://www.virustotal.com/)-max 128MB
582. * [Fraunhofer App-ray](https://www.app-ray.com) - not free
583. * [AppCritique](http://appcritique.io/) - Upload your Android APKs and receive comprehensive free security assessments.
584. * ~~[CopperDroid](http://copperdroid.i...copperdroid/)~~
585. * ~~[SandDroid](http://sanddroid.xjtu.edu.cn/)~~
586. * ~~[Stowaway](http://www.android-permissions.org/)~~
587. * ~~[Anubis](http://anubis.iseclab.org/)~~
588. * ~~[Mobile app insight](http://www.mobile-app-insight.org)~~
589. * ~~[Mobile-Sandbox](http://mobile-sandbox.com)~~
590. * ~~[Ijiami](http://safe.ijiami.cn/)~~
591. * ~~[Comdroid](http://www.comdroid.org/)~~
592. * ~~[Android Sandbox](http://www.androidsandbox.net/)~~
593. * ~~[Foresafe](http://www.foresafe.com/scan)~~
594.  
595.  
596.  
597.  
598.  
599. ## STATIC ANALYSIS TOOLS
600.  
601. 1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developped by an Android application.
602. * [ApkAnalyser](https://github.com/s...dev/ApkAnalyser)
603. * [APKInspector](https://github.com/h...t/apkinspector/)
604. * [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org...ols/didfail.cfm)
605. * [DroidLegacy](https://bitbucket.org/srl/droidlegacy)
606. * [Several tools from PSU](http://siis.cse.psu.edu/tools.html)
607. * [Smali CFG generator](https://github.com/E...elfa/Smali-CFGs)
608. * [FlowDroid](https://blogs.uni-pa...ools/flowdroid/)
609. * [Android Decompiler](https://www.pnfsoftware.com/) – not free
610. * [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis
611. * [Amandroid](http://amandroid.sireum.org/)
612. * [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis
613. * [CFGScanDroid](https://github.com/d...rd/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications
614. * [Madrolyzer](https://github.com/m...oid/maldrolyzer) - extracts actionable data like C&C, phone number etc.
615. * [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://types.cs.washington.edu/checker-framework/)
616. * [ConDroid](https://github.com/J...huette/ConDroid) - Performs a combination of symoblic + concrete execution of the app
617.  
618.  
619.  
620.  
621.  
622. ## APP VULNERABILITY SCANNERS
623.  
624. 1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues
625. 2. [AndroBugs](https://github.com/A...oBugs_Framework)
626. 3. [Nogotofail](https://github.com/google/nogotofail)
627.  
628.  
629.  
630.  
631.  
632. ## DYNAMIC ANALYSIS TOOLS
633.  
634. 1. [Android DBI frameowork](http://www.mulliner....roiddbiv02.html)
635. 2. [Androl4b](https://github.com/sh4hin/Androl4b)- A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
636. * [Android Malware Analysis Toolkit](http://www.mobilemal...t/download.html) - (linux distro) Earlier it use to be an [online analyzer](http://dunkelheit.com.br/amat/analysis/index_en.php)
637. * [Mobile-Security-Framework MobSF](https://github.com/a...Framework-MobSF) - Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
638. * [AppUse](https://appsec-labs.com/AppUse/) – custom build for pentesting
639. * [Cobradroid](https://thecobraden....cts/cobradroid/) – custom image for malware analysis
640. * [ViaLab Community Edition](https://www.nowsecur...munity-edition/)
641. * [Droidbox](https://github.com/pjlantz/droidbox)
642. * [Mercury](https://labs.mwrinfo.../03/16/mercury/)
643. * [Drozer](https://labs.mwrinfo...m/tools/drozer/)
644. * [Xposed](https://forum.xda-de...d.php?t=1574401) - equivalent of doing Stub based code injection but without any modifications to the binary
645. * [Android Hooker](https://github.com/A...idHooker/hooker) - Dynamic Java code instrumentation (requires the Substrate Framework)
646. * [ProbeDroid](https://github.com/ZSShen/ProbeDroid) - Dynamic Java code instrumentation
647. * [Android Tamer](https://androidtamer.com/) - Virtual / Live Platform for Android Security Professionals
648. * [DECAF](https://github.com/sycurelab/DECAF) - Dynamic Executable Code Analysis Framework based on QEMU (DroidScope is now an extension to DECAF)
649. * [CuckooDroid](https://github.com/i...86/cuckoo-droid) - Android extension for Cuckoo sandbox
650. * [Mem](https://github.com/M...icsResearch/mem) - Memory analysis of Android (root required)
651. * [Crowdroid](http://www.ida.liu.s...11-burguera.pdf) – unable to find the actual tool
652. * [AuditdAndroid](https://github.com/n...d/AuditdAndroid) – android port of auditd, not under active development anymore
653. * [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore
654. * [Android Reverse Engineering](https://redmine.hone...ojects/are/wiki) – ARE (android reverse engineering) not under active development anymore
655. * [Aurasium](https://github.com/xurubin/aurasium) – Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
656. * [Android Linux Kernel modules](https://github.com/s...re/android-lkms)
657. * [Appie](https://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines.
658. * [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.
659. * [DroidAnalytics](https://github.com/z.../DroidAnalytics) - incomplete
660. * [Vezir Project](https://github.com/o...l/Vezir-Project) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis
661. * [MARA](https://github.com/x.../MARA_Framework) - Mobile Application Reverse engineering and Analysis Framework
662. * [NowSecure Lab Automated](https://www.nowsecur...-lab-automated/) - Enterprise tool for mobile app security testing both Android and iOS mobile apps. Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes.
663. * ~~[Taintdroid](https://appanalysis....ownload.html)~~ - requires AOSP compilation
664.  
665.  
666.  
667.  
668.  
669. ## REVERSE ENGINEERING
670.  
671. 1. [Smali/Baksmali](https://github.com/JesusFreke/smali) – apk decompilation
672. * [emacs syntax coloring for smali files](https://github.com/s...ere/Emacs-Smali)
673. * [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim)
674. * [AndBug](https://github.com/swdunlop/AndBug)
675. * [Androguard](https://github.com/a...uard/androguard) – powerful, integrates well with other tools
676. * [Apktool](https://ibotpeaches.github.io/Apktool/) – really useful for compilation/decompilation (uses smali)
677. * [Android Framework for Exploitation](https://github.com/appknox/AFE)
678. * [Bypass signature and permission checks for IPCs](https://github.com/i...ermAndSigChecks)
679. * [Android OpenDebug](https://github.com/i...droid-OpenDebug) – make any application on device debuggable (using cydia substrate).
680. * [Dare](http://siis.cse.psu....dare/index.html) – .dex to .class converter
681. * [Dex2Jar](https://github.com/pxb1988/dex2jar) - dex to jar converter
682. * [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google
683. * [Dedexer](http://dedexer.sourceforge.net)
684. * [Fino](https://github.com/sysdream/fino)
685. * [Frida](http://www.frida.re/) - inject javascript to explore applications and a [GUI tool](https://github.com/antojoseph/diff-gui) for it
686. * [Indroid](https://bitbucket.or...mjakhar/indroid) – thread injection kit
687. * [IntentSniffer](https://www.nccgroup...intent-sniffer/)
688. * [Introspy](https://github.com/i...ntrospy-Android)
689. * [Jad]( http://varaneckas.com/jad/) - Java decompiler
690. * [JD-GUI](https://github.com/j...compiler/jd-gui) - Java decompiler
691. * [CFR](http://www.benf.org/other/cfr/) - Java decompiler
692. * [Krakatau](https://github.com/S...yeller/Krakatau) - Java decompiler
693. * [Procyon](https://bitbucket.or...Java Decompiler) - Java decompiler
694. * [FernFlower](https://github.com/fesh0r/fernflower) - Java decompiler
695. * [Redexer](https://github.com/plum-umd/redexer) – apk manipulation
696. * [Smali viewer](http://blog.avlyun.c...SmaliViewer.zip)
697. * ~~[ZjDroid](https://github.com/B...Labs/ZjDroid)~~, ~~[fork/mirror](https://github.com/yangbean9/ZjDroid)~~
698. * [Simplify Android deobfuscator](https://github.com/C...Fenton/simplify)
699. * [Bytecode viewer](https://github.com/K...bytecode-viewer)
700. * [Radare2](https://github.com/radare/radare2)
701.  
702.  
703.  
704.  
705.  
706. ## FUZZ TESTING
707.  
708. 1. [IntentFuzzer](https://www.nccgroup.../intent-fuzzer/)
709. * [Radamsa Fuzzer](https://github.com/a...radamsa-android)
710. * [Honggfuzz](https://github.com/google/honggfuzz)
711. * [An Android port of the melkor ELF fuzzer](https://github.com/a.../melkor-android)
712. * [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA)
713. * [AndroFuzz](https://github.com/jonmetz/AndroFuzz)
714.  
715.  
716.  
717.  
718.  
719. ## APP REPACKAGING DETECTORS
720.  
721. 1. [FSquaDRA](https://github.com/zyrikby/FSquaDRA) - a tool for detection of repackaged Android applications based on app resources hash comparison.
722.  
723.  
724.  
725.  
726.  
727. ## EXPLOITABLE VULNERABILITIES
728.  
729. 1. [Vulnerability Google Doc](https://docs.google....d=0&output=html)
730. * [Root Exploits (from Drozer issue #56)](https://github.com/m...rozer/issues/56)
731.  
732.  
733.  
734.  
735.  
736. ## SAMPLE SOURCES
737.  
738. 1. [Contagio Mini Dump](http://contagiominidump.blogspot.com)
739. 2. [Android Malware Github repo](https://github.com/a...android-malware)
740. * [Open Source database](https://code.google....AndroidMalwares)
741. * [Drebin](http://user.informat...e/~darp/drebin/)
742. * [Admire](http://admire.necst.it/)
743. * [MalGenome](http://www.malgenome...org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose.
744. * [VirusTotal Malware Intelligence Service](https://www.virustot.../about/contact/) - powered by VirusTotal,not free
745.  
746.  
747.  
748.  
749.  
750. ## READING MATERIAL
751.  
752. 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html)
753. * [Android security related presentations](https://github.com/j...o/AndroidSlides)
754. * [A good collection of static analysis papers](https://tthtlc.wordp...d-applications/)
755.  
756.  
757.  
758.  
759.  
760. ## MARKET CRAWLERS
761.  
762. 1. [Google play crawler (Java)](https://github.com/A...le-play-crawler)
763. * [Google play crawler (Python)](https://github.com/e.../googleplay-api)
764. * [Google play crawler (Node) ](https://github.com/d...ode-google-play) - get app details and download apps from official Google Play Store.
765. * [Aptoide downloader (Node)](https://github.com/d...in/node-aptoide) - download apps from Aptoide third-party Android market
766. * [Appland downloader (Node)](https://github.com/d...in/node-appland) - download apps from Appland third-party Android market
767.  
768.  
769.  
770.  
771.  
772. ## MISC TOOLS
773.  
774. 1. [smalihook](http://androidcracki...ava-source.html)
775. * [APK-Downloader](http://codekiem.com/...apk-downloader/)
776. * [AXMLPrinter2](http://code.google.c...XMLPrinter2.jar) - to convert binary XML files to human-readable XML files
777. * [adb autocomplete](https://github.com/m...roid-completion)
778. * [Dalvik opcodes](http://pallergabor.u...ik_opcodes.html)
779. * [Opcodes table for quick reference](http://www.xchg.info...odes_tables.pdf)
780. * [ExploitMe Android Labs](http://securitycompa...Labs/setup.html) - for practice
781. * [GoatDroid](https://github.com/j...atDroid-Project) - for practice
782. * [mitmproxy](https://github.com/mitmproxy/mitmproxy)
783. * [dockerfile/androguard](https://github.com/d...file-androguard)
784. * [Android Vulnerability Test Suite](https://github.com/A...VTS/android-vts) - android-vts scans a device for set of vulnerabilities
785.  
786.  
787.  
788.  
789.  
790. ## TUTORIALS
791. 1. [Android Reverse Engineering 101 by Daniele Altomare](http://www.fasteque....ing-101-part-1/)
792.  
793.  
794.  
795. # License
796. [](https://creativecommons.org/publicdomain/zero/1.0/)
797.  
798. To the extent possible under law, [x-o-r-r-o](https://github.com/x-o-r-r-o/) has waived all copyright and related or neighboring rights to this work. He makes no warranties about the work, and disclaims liability for all uses of the work.