Drozer

Drozer is a security testing framework for Android applications that operates through an agent-based remote execution model. It combines a client-server command routing system with a device-side agent, enabling security assessments by mapping inter-process communication (IPC) attack surfaces and running dynamic exploit modules directly on Android devices.

The framework distinguishes itself through its ability to discover and enumerate exported Android components by analyzing manifest data and crafting Intents to probe for vulnerabilities. It supports content provider query injection to detect SQL injection and directory traversal vulnerabilities, dynamic Java code injection for runtime security testing, and rendezvous-based network tunneling that establishes connections through NAT and firewalls without requiring device IP knowledge. The platform is extensible through custom modules that can be loaded from local or remote sources.

Additional capabilities include automated security testing for common vulnerabilities, package inspection to retrieve application metadata and permissions, and interaction with exported activities and services. The framework provides shell access on the device, module and namespace management, and the ability to query content providers and read files through file system-backed providers.

Features

Android Security Tools - Provides a complete framework for auditing Android application security through dynamic exploit modules.

Android Agent-Based Remote Execution - Provides agent-based remote execution on Android devices for security testing through firewalls.

Android Remote Execution Agents - Provides a client-server system that routes commands to an Android device agent for firewall-bypassing security testing.

Attack Surface Mapping - Discovers exported Android components by analyzing manifest data and crafting Intents to probe for vulnerabilities.

Android Component Discovery - Discovers exported Android components to identify injection entry points for security testing.

Android Component Mappers - Maps the attack surface of Android apps by reporting exported components and debuggable status.

Content Provider Auditing - Probes Android content providers by injecting SQL to detect and exploit database vulnerabilities.

Vulnerability Scanners - Ships a dedicated scanner module that probes content providers for SQL injection and directory traversal flaws.

Vulnerability Probing Modules - Executes specialized security modules to probe for vulnerabilities and gather information on Android devices.

Content Provider Injectors - Tests for SQL injection by injecting SQL into Android content provider projection and selection fields.

Android Command Routing - Routes commands from a console to an Android device agent via a central server for session management.

Android Activity Launchers - Launches exported Android activities by crafting Intents to bypass authorization checks.

Agent-Console Infrastructure Deployments - Connects consoles and agents through a central server to traverse NAT and firewalls without knowing device IPs.

Package Inventory Inspection - Lists installed Android packages to identify target applications for security assessment.

Android Package Listings - Lists all installed Android packages to identify target applications for security assessment.

Android Runtime Code Injections - Executes arbitrary Java code on Android devices to test for runtime security weaknesses.

Rendezvous Servers - Establishes connections through NAT and firewalls by having agents and consoles rendezvous at a known server.

Device Shell Access - Spawns an interactive Linux shell on the device within the agent process for direct command execution.

File System-Backed Provider Auditing - Accesses files through file system-backed Android content providers to enable directory traversal attacks.

Automated Security Scanners - Runs scanner modules to automatically test for common vulnerabilities like SQL injection and directory traversal.

Android Runtime - Executes Java code and specialized security modules directly on an Android device to test for systemic weaknesses.

Android Service Probers - Interacts with exported Android services to probe for vulnerabilities and extract sensitive data.

Module-Based Extensions - Loads and runs custom security modules from local or remote sources to extend testing capabilities.

ReversecLabsdrozer

Features

Star history