Home

Awesome

NOTICE DO NOT DOWNLOAD SHELLS FROM EXPLOIT OR PHPSHELL:

The stuff they will download with their shells is listed below.

Email address they used to collect logs is byhero44@gmail.com. All shells from above mentioned sites send email to this email address instantly with your infected url and pass also i shell have any.

PHP-Webshells-Collection Awesome Links Check

Most Wanted Private and Public PHP Web Shells Can Be Downloaded Here. (Educational Purpose Only)

I am not responsible for how you use this stuff.

Default Password for All Shells (if not available in shell description): wso

Tools

PHP deobfuscators:

Online:

Offline:

Note: check out KahuSecurity's site directly for latest versions of these tools.

PHP beautifiers:

PHP testers:

Online:

Offline:

Penetration Testing

A collection of awesome penetration testing resources

Online Resources

Penetration Testing Resources

Exploit development

Social Engineering Resources

Lock Picking Resources

Tools

Penetration Testing Distributions

Basic Penetration Testing Tools

Docker for Penetration Testing

Vulnerability Scanners

Network Tools

Wireless Network Tools

SSL Analysis Tools

Web exploitation

Hex Editors

Crackers

Windows Utils

Linux Utils

DDoS Tools

Social Engineering Tools

OSInt Tools

Anonymity Tools

Reverse Engineering Tools

CTF Tools

Books

Penetration Testing Books

Hackers Handbook Series

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

Vulnerability Databases

Security Courses

Information Security Conferences

Information Security Magazines

Awesome Lists

OSX security related tools

  1. OSX collector - for forensic analysis
  2. MIDAS - Mac Intrusion Detection Analysis System
  3. OSX auditor - for forensic analysis
  4. Santa - binary whitelisting/blacklisting system
  5. Masochist - framework for creating XNU based rootkits
  6. Class-dump - command-line utility to dump Objective-C runtime information
  7. Mach inject - Inter process code injection for Mac OS X
  8. Task vaccine - similar to mach inject
  9. Hopper - Hopper disassembler (not free)
  10. Mach-O diff - mach-o diffing tool
  11. Mac4n6 - A collection of OS X and iOS forensic artifacts
  12. XGuardian scanner - Security Scanner for OSX
  13. Crashwalk
  14. PassiveFuzzFrameworks

iOS security related tools

A collection of ios security related resources

  1. IDB - iOS App Security Assessment Tool
  2. iRET - iOS Reverse Engineering Toolkit
  3. DVIA - Damn Vulnerable iOS App for learning
  4. LibiMobileDevice - A cross-platform protocol library to communicate with iOS devices
  5. Needle - iOS App Pentesting Tool
  6. snoop-it - A tool to assist security assessments and dynamic analysis of iOS Apps

android-security

A collection of android security related resources.

A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.

ONLINE ANALYZERS

  1. AndroTotal

STATIC ANALYSIS TOOLS

  1. Androwarn - detect and warn the user about potential malicious behaviours developped by an Android application.

APP VULNERABILITY SCANNERS

  1. QARK - QARK by LinkedIn is for app developers to scan app for security issues
  2. AndroBugs
  3. Nogotofail

DYNAMIC ANALYSIS TOOLS

  1. Android DBI frameowork
  2. Androl4b- A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

REVERSE ENGINEERING

  1. Smali/Baksmali – apk decompilation

FUZZ TESTING

  1. IntentFuzzer

APP REPACKAGING DETECTORS

  1. FSquaDRA - a tool for detection of repackaged Android applications based on app resources hash comparison.

EXPLOITABLE VULNERABILITIES

  1. Vulnerability Google Doc

SAMPLE SOURCES

  1. Contagio Mini Dump
  2. Android Malware Github repo

READING MATERIAL

  1. Android Security (and Not) Internals

MARKET CRAWLERS

  1. Google play crawler (Java)

MISC TOOLS

  1. smalihook

TUTORIALS

  1. Android Reverse Engineering 101 by Daniele Altomare

License

License

To the extent possible under law, x-o-r-r-o has waived all copyright and related or neighboring rights to this work. He makes no warranties about the work, and disclaims liability for all uses of the work.