awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
ReversecLabs avatar

ReversecLabs/drozer

0
View on GitHub↗
4,542 Stars·837 Forks·Python·5 Aufrufelabs.reversec.com/tools/drozer↗

Drozer

Drozer is a security testing framework for Android applications that operates through an agent-based remote execution model. It combines a client-server command routing system with a device-side agent, enabling security assessments by mapping inter-process communication (IPC) attack surfaces and running dynamic exploit modules directly on Android devices.

The framework distinguishes itself through its ability to discover and enumerate exported Android components by analyzing manifest data and crafting Intents to probe for vulnerabilities. It supports content provider query injection to detect SQL injection and directory traversal vulnerabilities, dynamic Java code injection for runtime security testing, and rendezvous-based network tunneling that establishes connections through NAT and firewalls without requiring device IP knowledge. The platform is extensible through custom modules that can be loaded from local or remote sources.

Additional capabilities include automated security testing for common vulnerabilities, package inspection to retrieve application metadata and permissions, and interaction with exported activities and services. The framework provides shell access on the device, module and namespace management, and the ability to query content providers and read files through file system-backed providers.

Features

  • Android Security Tools - Provides a complete framework for auditing Android application security through dynamic exploit modules.
  • Android Agent-Based Remote Execution - Provides agent-based remote execution on Android devices for security testing through firewalls.
  • Android Remote Execution Agents - Provides a client-server system that routes commands to an Android device agent for firewall-bypassing security testing.
  • Attack Surface Mapping - Discovers exported Android components by analyzing manifest data and crafting Intents to probe for vulnerabilities.
  • Android Component Discovery - Discovers exported Android components to identify injection entry points for security testing.
  • Android Component Mappers - Maps the attack surface of Android apps by reporting exported components and debuggable status.
  • Content Provider Auditing - Probes Android content providers by injecting SQL to detect and exploit database vulnerabilities.
  • Vulnerability Scanners - Ships a dedicated scanner module that probes content providers for SQL injection and directory traversal flaws.
  • Vulnerability Probing Modules - Executes specialized security modules to probe for vulnerabilities and gather information on Android devices.
  • Content Provider Injectors - Tests for SQL injection by injecting SQL into Android content provider projection and selection fields.
  • Android Command Routing - Routes commands from a console to an Android device agent via a central server for session management.
  • Android Activity Launchers - Launches exported Android activities by crafting Intents to bypass authorization checks.
  • Agent-Console Infrastructure Deployments - Connects consoles and agents through a central server to traverse NAT and firewalls without knowing device IPs.
  • Package Inventory Inspection - Lists installed Android packages to identify target applications for security assessment.
  • Android Package Listings - Lists all installed Android packages to identify target applications for security assessment.
  • Android Runtime Code Injections - Executes arbitrary Java code on Android devices to test for runtime security weaknesses.
  • Rendezvous Servers - Establishes connections through NAT and firewalls by having agents and consoles rendezvous at a known server.
  • Device Shell Access - Spawns an interactive Linux shell on the device within the agent process for direct command execution.
  • File System-Backed Provider Auditing - Accesses files through file system-backed Android content providers to enable directory traversal attacks.
  • Automated Security Scanners - Runs scanner modules to automatically test for common vulnerabilities like SQL injection and directory traversal.
  • Android Runtime - Executes Java code and specialized security modules directly on an Android device to test for systemic weaknesses.
  • Android Service Probers - Interacts with exported Android services to probe for vulnerabilities and extract sensitive data.
  • Module-Based Extensions - Loads and runs custom security modules from local or remote sources to extend testing capabilities.

Star-Verlauf

Star-Verlauf für reverseclabs/drozerStar-Verlauf für reverseclabs/drozer

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Open-Source-Alternativen zu Drozer

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Drozer.
  • fsecurelabs/drozerAvatar von FSecureLABS

    FSecureLABS/drozer

    4,541Auf GitHub ansehen↗

    Drozer is a security testing framework and runtime analyzer for Android applications and devices. It functions as an exploit management framework and a security toolset used to identify vulnerabilities, misconfigurations, and leaks within the Android operating system and its installed applications. The framework enables the simulation of application behavior and the interaction with communication endpoints to detect security flaws. It manages the execution, analysis, and sharing of public exploits for mobile security research. The system provides capabilities for application auditing, vulner

    Python
    Auf GitHub ansehen↗4,541
  • mwrlabs/drozerAvatar von mwrlabs

    mwrlabs/drozer

    4,535Auf GitHub ansehen↗

    Drozer is an Android security assessment framework and vulnerability scanner. It serves as a security auditor for Android devices and their installed software, providing a specialized environment for analyzing inter-process communication mechanisms and auditing application endpoints. The framework focuses on Android inter-process communication analysis, allowing for the interrogation of system services and application components. It enables the execution of specialized security modules and custom scripts to identify vulnerabilities and test the security of runtime interfaces. The system prov

    Python
    Auf GitHub ansehen↗4,535
  • karma9874/androratAvatar von karma9874

    karma9874/AndroRAT

    4,847Auf GitHub ansehen↗

    AndroRAT is a remote administration tool and surveillance framework for Android devices. It consists of a Python-based command server and a Java-based client agent that establish persistent socket connections to enable remote control and data extraction. The project includes a payload generator to create signed installation packages configured with specific network addresses and ports for deployment. Once active, the framework provides a central interface to manage multiple connected devices, maintaining access via a background service that restarts upon device boot. The system covers remote

    Javaandroidandroid-applicationandroid-rat
    Auf GitHub ansehen↗4,847
  • fuzion24/justtrustmeAvatar von Fuzion24

    Fuzion24/JustTrustMe

    5,329Auf GitHub ansehen↗

    JustTrustMe is an Android security auditing tool and mobile application penetration testing utility. Its primary purpose is to bypass hardcoded certificate requirements and disable SSL pinning in mobile applications to allow the inspection of encrypted API requests and responses. The project functions as a dynamic method hooking module that integrates with the Xposed framework. It uses system-level instrumentation to intercept Java runtime function calls and override security checks within third-party Android applications. The tool covers a range of capabilities including the disabling of SS

    Java
    Auf GitHub ansehen↗5,329
Alle 30 Alternativen zu Drozer anzeigen→

Häufig gestellte Fragen

Was macht reverseclabs/drozer?

Drozer is a security testing framework for Android applications that operates through an agent-based remote execution model. It combines a client-server command routing system with a device-side agent, enabling security assessments by mapping inter-process communication (IPC) attack surfaces and running dynamic exploit modules directly on Android devices.

Was sind die Hauptfunktionen von reverseclabs/drozer?

Die Hauptfunktionen von reverseclabs/drozer sind: Android Security Tools, Android Agent-Based Remote Execution, Android Remote Execution Agents, Attack Surface Mapping, Android Component Discovery, Android Component Mappers, Content Provider Auditing, Vulnerability Scanners.

Welche Open-Source-Alternativen gibt es zu reverseclabs/drozer?

Open-Source-Alternativen zu reverseclabs/drozer sind unter anderem: fsecurelabs/drozer — Drozer is a security testing framework and runtime analyzer for Android applications and devices. It functions as an… mwrlabs/drozer — Drozer is an Android security assessment framework and vulnerability scanner. It serves as a security auditor for… karma9874/androrat — AndroRAT is a remote administration tool and surveillance framework for Android devices. It consists of a Python-based… fuzion24/justtrustme — JustTrustMe is an Android security auditing tool and mobile application penetration testing utility. Its primary… arkadiyt/bounty-targets-data — This project is a bug bounty target dataset and security asset list. It serves as a structured repository of reachable… findomain/findomain — Findomain is a subdomain discovery tool and DNS resolver used for mapping an organization's external attack surface.…