├── IOS ├── CVE │ ├── CVE-2015-6974 │ │ └── ff │ ├── CVE-2015-7037 │ │ └── ff │ ├── CVE-2015-7084 │ │ └── ff │ ├── CVE-2016-4655 │ │ └── ff │ ├── CVE-2016-4656 │ │ └── ff │ ├── CVE-2016-4657 │ │ └── ff │ ├── CVE-2016-7637 │ │ └── ff │ ├── CVE-2016-7644 │ │ └── ff │ ├── CVE-2016-7661 │ │ └── ff │ ├── CVE-2019-8641 │ │ └── CVE-2019-8641-POC │ ├── CVE-2019-8646 │ │ └── CVE-2019-8646-POC │ ├── CVE-2019-8647 │ │ └── CVE-2019-8647-POC │ ├── CVE-2019-8660 │ └── CVE-2019-8662 │ │ └── CVE-2019-8662-POC └── IOS脱壳 │ └── dumpdecrypted脱壳 │ └── ff ├── README.md └── 安卓-Android ├── Android APP渗透测试方法大全.pdf ├── App安全检测指南-V1.0.pdf ├── SDK漏洞 └── SDK-ZipperDown-RCE ├── SharedPrefs └── SharedPrefs任意读写 │ └── ff ├── WebView ├── WebView-RCE ├── WebView-XSS ├── WebView-同源绕过 ├── WebView-明文存储 ├── WebView-证书未做校验 └── WebView-镜像克隆 ├── 中间人攻击 ├── Android Accessibility点击劫持 └── ff ├── 安卓-ZipperDown └── ff ├── 安卓安全-客户端安全 ├── ES文件浏览器 │ └── CVE-2019-6447 │ │ └── poc └── ff ├── 安卓安全-服务端安全 ├── Fragment注入 │ └── ff ├── MS12-020 │ └── poc ├── ShellShock │ └── poc ├── Struts2 漏洞 │ └── poc ├── 不安全的反射 │ └── ff ├── 备份标识配置 │ └── ff ├── 心脏滴血 │ └── poc ├── 数据库任意文件读写 │ └── ff ├── 文件任意读写 │ └── ff ├── 调试标识配置 │ └── ff └── 随机数生成函数使用错误 │ └── ff ├── 安卓安全-脱壳篇 ├── Frida脱壳 │ └── ff ├── Xposed+Fdex2脱壳 │ └── ff ├── Xposed+ZjDroid脱壳 │ └── ff └── drizzleDumper脱壳 │ └── ff ├── 安卓安全-通信安全 ├── ff ├── 不安全的加密算法 │ ├── AES-DES弱加密 │ │ └── ff │ └── RSA弱加密 │ │ └── ff ├── 秘钥硬编码 │ └── ff └── 证书安全-SSL Pinning │ └── ff ├── 安卓系统安全 └── 蓝牙 │ └── CVE-2020-0022 │ └── poc ├── 拒绝服务-DOS ├── DOS-Intent └── ff ├── 移动安全_TengXun加固动态脱壳(上篇).pdf ├── 移动安全_TengXun加固动态脱壳(下篇).pdf ├── 记一次APP测试的爬坑经历.pdf ├── 记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务.pdf └── 逻辑漏洞 ├── 手势密码绕过 └── 服务端校验绕过 /IOS/CVE/CVE-2015-6974/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2015-7037/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2015-7084/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2016-4655/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2016-4656/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2016-4657/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2016-7637/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2016-7644/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2016-7661/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2019-8641/CVE-2019-8641-POC: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2019-8646/CVE-2019-8646-POC: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2019-8647/CVE-2019-8647-POC: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2019-8660: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/CVE/CVE-2019-8662/CVE-2019-8662-POC: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /IOS/IOS脱壳/dumpdecrypted脱壳/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 移动安全 2 | -------------------------------------------------------------------------------- /安卓-Android/Android APP渗透测试方法大全.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/7hang/Android-IOS-Security/HEAD/安卓-Android/Android APP渗透测试方法大全.pdf -------------------------------------------------------------------------------- /安卓-Android/App安全检测指南-V1.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/7hang/Android-IOS-Security/HEAD/安卓-Android/App安全检测指南-V1.0.pdf -------------------------------------------------------------------------------- /安卓-Android/SDK漏洞/SDK-ZipperDown-RCE: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/SharedPrefs/SharedPrefs任意读写/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/WebView/WebView-RCE: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/WebView/WebView-XSS: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /安卓-Android/WebView/WebView-同源绕过: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/WebView/WebView-明文存储: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/WebView/WebView-证书未做校验: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/WebView/WebView-镜像克隆: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/中间人攻击/Android Accessibility点击劫持: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/中间人攻击/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓-ZipperDown/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-客户端安全/ES文件浏览器/CVE-2019-6447/poc: -------------------------------------------------------------------------------- 1 | ~~https://baijiahao.baidu.com/s?id=1623258887373376635&wfr=spider&for=pc 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-客户端安全/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/Fragment注入/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/MS12-020/poc: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/ShellShock/poc: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/Struts2 漏洞/poc: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/不安全的反射/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/备份标识配置/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/心脏滴血/poc: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/数据库任意文件读写/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/文件任意读写/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/调试标识配置/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-服务端安全/随机数生成函数使用错误/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-脱壳篇/Frida脱壳/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-脱壳篇/Xposed+Fdex2脱壳/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-脱壳篇/Xposed+ZjDroid脱壳/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-脱壳篇/drizzleDumper脱壳/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-通信安全/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-通信安全/不安全的加密算法/AES-DES弱加密/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-通信安全/不安全的加密算法/RSA弱加密/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-通信安全/秘钥硬编码/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓安全-通信安全/证书安全-SSL Pinning/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/安卓系统安全/蓝牙/CVE-2020-0022/poc: -------------------------------------------------------------------------------- 1 | https://github.com/marcinguy/CVE-2020-0022 2 | 3 | 影响范围: 4 | <9.0系统 5 | -------------------------------------------------------------------------------- /安卓-Android/拒绝服务-DOS/DOS-Intent: -------------------------------------------------------------------------------- 1 | Intent.getXXX() 2 | -------------------------------------------------------------------------------- /安卓-Android/拒绝服务-DOS/ff: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/移动安全_TengXun加固动态脱壳(上篇).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/7hang/Android-IOS-Security/HEAD/安卓-Android/移动安全_TengXun加固动态脱壳(上篇).pdf -------------------------------------------------------------------------------- /安卓-Android/移动安全_TengXun加固动态脱壳(下篇).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/7hang/Android-IOS-Security/HEAD/安卓-Android/移动安全_TengXun加固动态脱壳(下篇).pdf -------------------------------------------------------------------------------- /安卓-Android/记一次APP测试的爬坑经历.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/7hang/Android-IOS-Security/HEAD/安卓-Android/记一次APP测试的爬坑经历.pdf -------------------------------------------------------------------------------- /安卓-Android/记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/7hang/Android-IOS-Security/HEAD/安卓-Android/记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务.pdf -------------------------------------------------------------------------------- /安卓-Android/逻辑漏洞/手势密码绕过: -------------------------------------------------------------------------------- 1 | ~ 2 | -------------------------------------------------------------------------------- /安卓-Android/逻辑漏洞/服务端校验绕过: -------------------------------------------------------------------------------- 1 | ~ 2 | --------------------------------------------------------------------------------