Awesome-Cellular-Hacking
Awesome-Cellular-Hacking
https://github.com/W00t3k/Awesome-Cellular-Hacking
Last synced: 5 days ago
JSON representation
-
ποΈ Rogue Base Stations
-
GSM/CDMA Traffic Impersonation and Interception
-
-
Rogue BTS & CDMA/GSM Traffic Impersonation and Interception
- Traffic Interception for Penetration Testing Engagements - exhaustively we commonly see:"
- OpenBTS software - defined radio to present a standard 3GPP air interface to user devices, while simultaneously presenting those devices as SIP endpoints to the Internet
-
[JAMMING SPECIFC ATTACKS](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf)
-
CERT/Media Alerts
-
5G Cellular Attacks
-
βοΈ Attack Vectors
-
5G Security Research
-
LTE/4G Security Research
- LTRACK: Stealthy Mobile Phone Tracking
- Detecting Fake 4G Base Stations
- LTE Public Warning System Attacks
- Paging Storm Attacks against 4G/LTE Networks
- Analysis of the LTE Control Plane
- BaseSAFE: Baseband Fuzzing
- LTE Security DisabledβMisconfiguration in Commercial Network
- Hiding in Plain Signal: Physical Signal Overshadowing
- All The 4G Modules Could Be Hacked
- Hacking Public Warning System in LTE
- Baseband Attacks: Remote Exploitation
-
Radio Jamming Attacks
-
-
4G/LTE Cellular Attacks
- BaseSAFE: Baseband SAnitized Fuzzing through Emulation
- Forcing a targeted LTE Cellphone Into an Eavesdropping Network
- Hacking Cellular Networks
- White-Stingray: Evaluating IMSI Catchers Detection Applications
- LTE/LTE-A Jamming, Spoofing, and Sniffing - Assessment and Mitigation
- Using OpenBTS - "Experimental_Security_Assessment_of_BMW_Cars by KeenLab"
- Small Tweaks do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G/4G USIM Cards
- 4G Access Level Security Assessment
- LTE security and protocol exploits
- LTE Recon - (Defcon 23)
- LTE Pwnage: Hacking HLR/HSS and MME CoreNetwork Elements
- Modmobjam - Jam tomorrow, jam yesterday, but also jam today
- WiFi IMSI Catcher
- Demystifying the Mobile Network by Chuck McAuley
- NSA PLAYSET GSM
- LTE Security β How Good Is It?
-
SIM Specific Attacks
-
SS7/Telecom Specific
-
Resources
-
Misc
-
π Equipment & Hardware
-
Research Equipment Used in "Over The Air Baseband Exploit"
-
-
π οΈ Software & Tools
-
Base Station Software
-
Configuration Guides
-
Analysis Tools
- LTE-Cell-Scanner - LTE cell detection and analysis
- gr-gsm - GSM analysis with GNU Radio
- IMSI-Catcher Detector - Android app for detecting IMSI catchers
- FALCON LTE - Fast Analysis of LTE Control Channels for real-time analysis
- Kalibrate - GSM base station scanner and frequency calibration tool
- LTE Sniffer - Open-source LTE downlink/uplink eavesdropper
- OsmocomBB - Free firmware for mobile phone baseband processors
- Modmobmap - Mobile network mapping
- Modmobjam - Mobile jamming research
-
-
π€ Conference Talks
-
Black Hat 2021
-
DefCon 32 (2024)
-
Black Hat 2024
-
TROOPERS 2013
-
Additional Conference Resources
-
Black Hat 2022
-
-
5G Cellular Attacks (Soon to be updated)
-
π‘οΈ Detection & Defense
-
IMSI Catcher Detection & Research
-
π¨ Protection from Stingrays & IMSI Catchers
- Website & Documentation
- TestFlight Beta
- CellGuard - **NEW 2024** π₯
-
-
π§ Hardware Setup
-
SDR Hardware Options
-
-
π Recent Updates (2024-2025)
-
Latest Base Station Software & Tools
- LimeNET CrowdCell - in-a-box solution with integrated LimeSDR for small cell deployments
- Amarisoft LTEENB/gNB - grade LTE/5G NR base station software
- DragonOS - based SDR distribution with preinstalled cellular tools
- Magma Core Network
-
-
π Research Papers
-
NDSS 2025
-
2024 Research
- 5GBaseChecker Tool Release - Penn State University
-
-
π¬ Testing & Research Methodologies
-
Vulnerability Research Tools
- certmitm - TLS hacking tool for finding insecure implementations
-
Categories
π οΈ Software & Tools
18
π§ Hardware Setup
17
4G/LTE Cellular Attacks
16
βοΈ Attack Vectors
16
π€ Conference Talks
10
π Equipment & Hardware
6
π‘οΈ Detection & Defense
5
ποΈ Rogue Base Stations
4
π Recent Updates (2024-2025)
4
5G Cellular Attacks (Soon to be updated)
4
Resources
3
5G Cellular Attacks
2
SIM Specific Attacks
2
π Research Papers
2
Rogue BTS & CDMA/GSM Traffic Impersonation and Interception
2
[JAMMING SPECIFC ATTACKS](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf)
2
SS7/Telecom Specific
1
π¬ Testing & Research Methodologies
1
Misc
1
CERT/Media Alerts
1
Sub Categories
SDR Hardware Options
17
LTE/4G Security Research
11
Analysis Tools
9
Research Equipment Used in "Over The Air Baseband Exploit"
6
Base Station Software
6
Latest Base Station Software & Tools
4
5G Security Research
4
Additional Conference Resources
4
GSM/CDMA Traffic Impersonation and Interception
4
π¨ Protection from Stingrays & IMSI Catchers
3
Configuration Guides
3
IMSI Catcher Detection & Research
2
Black Hat 2021
2
NDSS 2025
1
Black Hat 2024
1
Black Hat 2022
1
2024 Research
1
DefCon 32 (2024)
1
Vulnerability Research Tools
1
Radio Jamming Attacks
1
TROOPERS 2013
1