Name | drozer JSON |
Version |
3.1.0
JSON |
| download |
home_page | None |
Summary | The Leading Android Security Testing Framework |
upload_time | 2024-08-01 17:48:29 |
maintainer | None |
docs_url | None |
author | None |
requires_python | >=3.8 |
license | BSD 3-Clause License Copyright (c) 2024, WithSecure Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This licence does not apply to the following components: - apktool located at /src/drozer/lib/apktool.jar, released under an Apache2 License and is available at: https://github.com/iBotPeaches/Apktool - BusyBox located at /src/drozer/modules/tools/setup/ Released under a GPLv2 License, and available to download from: http://www.busybox.net/ - BouncyCastle, located at /src/drozer/ssl/bcprov-ext-jdk15on-1.46.jar Released under a modified MIT X11 License, and available to download from: http://www.bouncycastle.org/ - The Google Protocol Buffers support library for Java, located at: /src/drozer/lib/protobuf-java-2.6.1.jar. Owned by Google and available to download from: https://developers.google.com/protocol-buffers/ - Parts of the Android SDK located at: /src/drozer/lib/aapt /src/drozer/lib/d8 /src/drozer/lib/d8.jar /src/drozer/lib/d8.bat /src/drozer/lib/find_java.exe /src/drozer/lib/android.jar; /src/drozer/lib/android-support-v4.jar; /src/drozer/lib/signapk.jar The following bits are part of the Android SDK but have been edited to be used by drozer /src/drozer/lib/find_java.bat Released under an Apache 2 License and is available to download from: http://developer.android.com/ |
keywords |
drozer
android
security
framework
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# drozer
drozer is a security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime, other apps' IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits.
drozer is open source software, maintained by WithSecure, and can be downloaded from: [https://labs.withsecure.com/tools/drozer/](https://labs.withsecure.com/tools/drozer/)
## NOTE
This is an BETA release of a rewritten drozer version; this version is updated to support python3.
Currently, the following known issues are present:
- Building of custom agents functionality will crash the drozer client. This functionality is considered out of scope for the beta release of the revived drozer project.
## Docker Container
To help with making sure drozer can be run on all systems, a Docker container was created that has a working build of drozer.
* The Docker container and basic setup instructions can be found [here](https://hub.docker.com/r/withsecurelabs/drozer).
* Instructions on building your own Docker container can be found [here](https://github.com/WithSecureLabs/drozer/tree/develop/docker).
## Manual Building and Installation
### Software pre-requisites
1. [Python3.8](https://www.python.org/downloads/)
2. [Protobuf](https://pypi.python.org/pypi/protobuf) 4.25.2 or greater
3. [Pyopenssl](https://pypi.python.org/pypi/pyOpenSSL) 22.0.0 or greater
4. [Twisted](https://pypi.python.org/pypi/Twisted) 18.9.0 or greater
4. [Distro](https://pypi.org/project/distro/) 1.8.0 or greater
5. [Java Development Kit](https://adoptopenjdk.net/releases.html) 11 or greater
### Installing
You can use `pip` or `pipx` (preferably, if available) to install the latest release of drozer from our [releases](https://github.com/WithSecureLabs/drozer/releases/tag/latest):
```shell
pipx install ./drozer-*.whl
```
If you haven't already, consider running:
```shell
pipx ensurepath
```
to ensure `pipx`-installed packages appear in your `PATH`
## Building
To build drozer from source you can run.
```shell
git clone https://github.com/WithSecureLabs/drozer.git
cd drozer
pip install .
```
To build the Android native components against a specific SDK you can set the `ANDROID_SDK` environment variable to the path. For example:
**Linux/macOS:**
```shell
export ANDROID_SDK=/home/drozerUser/Android/Sdk/platforms/android-34/android.jar
```
**Windows - PowerShell:**
```powershell
New-Item -Path Env:\ANDROID_SDK -Value 'C:\Users\drozerUser\AppData\Local\Android\sdk\platforms\android-34\android.jar'
```
**Windows - cmd:**
```cmd
set ANDROID_SDK = "C:\Users\drozerUser\AppData\Local\Android\sdk\platforms\android-34\android.jar"
```
The location of the `d8` tool used can also be changed by setting `D8`.
## Usage
### Installing the Agent
drozer can be installed using Android Debug Bridge (adb).
Download the latest drozer Agent [here](https://github.com/WithSecureLabs/drozer-agent/releases/latest).
```shell
adb install drozer-agent.apk
```
### Setup for session
You should now have the drozer Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.
We will use the server embedded in the drozer Agent to do this. First, launch the Agent, select the "Embedded Server" option and tap "Enable" to start the server. You should see a notification that the server has started.
Then, follow one of the options below.
#### Option 1: Connect to the phone via network
By default, the drozer Agent listens for incoming TCP connections on all interfaces on port 31415. In order to connect to the Agent, run the following command:
```
drozer console connect --server <phone's IP address>
```
If you are using the Docker container, the equivalent command would be:
```
docker run --net host -it withsecurelabs/drozer console connect --server <phone's IP address>
```
#### Option 2: Connect to the phone via USB
In some scenarios, connecting to the device over the network may not be viable. In these scenarios, we can leverage `adb`'s port-forwarding capabilities to establish a connection over USB.
First, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, drozer uses port 31415
```shell
adb forward tcp:31415 tcp:31415
```
You can now connect to the drozer Agent by connecting to `localhost` (or simply not specifying the target IP)
```shell
drozer console connect
```
### Confirming a successful connection
You should be presented with a drozer command prompt:
```
Selecting ebe9fcc0c47b28da (Google sdk_gphone64_x86_64 12)
.. ..:.
..o.. .r..
..a.. . ....... . ..nd
ro..idsnemesisand..pr
.otectorandroidsneme.
.,sisandprotectorandroids+.
..nemesisandprotectorandroidsn:.
.emesisandprotectorandroidsnemes..
..isandp,..,rotecyayandro,..,idsnem.
.isisandp..rotectorandroid..snemisis.
,andprotectorandroidsnemisisandprotec.
.torandroidsnemesisandprotectorandroid.
.snemisisandprotectorandroidsnemesisan:
.dprotectorandroidsnemesisandprotector.
drozer Console (v3.0.0)
dz>
```
The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.
You are now ready to start exploring the device.
### Command Reference
| Command | Description |
| ------------- |:-------------|
| run | Executes a drozer module
| list | Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run. |
| shell | Start an interactive Linux shell on the device, in the context of the Agent process. |
| cd | Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module. |
| clean | Remove temporary files stored by drozer on the Android device. |
| contributors | Displays a list of people who have contributed to the drozer framework and modules in use on your system. |
| echo | Print text to the console. |
| exit | Terminate the drozer session. |
| help | Display help about a particular command or module. |
| load | Load a file containing drozer commands, and execute them in sequence. |
| module | Find and install additional drozer modules from the Internet. |
| permissions | Display a list of the permissions granted to the drozer Agent. |
| set | Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by drozer. |
| unset | Remove a named variable that drozer passes to any Linux shells that it spawns. |
## License
drozer is released under a 3-clause BSD License. See LICENSE for full details.
## Contacting the Project
drozer is Open Source software, made great by contributions from the community.
For full source code, to report bugs, suggest features and contribute patches please see our Github project:
<https://github.com/WithSecureLabs/drozer>
Bug reports, feature requests, comments and questions can be submitted [here](https://github.com/WithSecureLabs/drozer/issues).
Raw data
{
"_id": null,
"home_page": null,
"name": "drozer",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "drozer, android, security, framework",
"author": null,
"author_email": "WithSecure <drozer@withsecure.com>",
"download_url": "https://files.pythonhosted.org/packages/f7/36/9b606438e49e9349e57e45ef5f76c14c7fc0bef172038fbc76cf155213ca/drozer-3.1.0.tar.gz",
"platform": null,
"description": "# drozer\r\n\r\ndrozer is a security testing framework for Android.\r\n\r\ndrozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime, other apps' IPC endpoints and the underlying OS.\r\n\r\ndrozer provides tools to help you use, share and understand public Android exploits.\r\n\r\ndrozer is open source software, maintained by WithSecure, and can be downloaded from: [https://labs.withsecure.com/tools/drozer/](https://labs.withsecure.com/tools/drozer/)\r\n\r\n## NOTE\r\n\r\nThis is an BETA release of a rewritten drozer version; this version is updated to support python3.\r\n\r\nCurrently, the following known issues are present:\r\n\r\n- Building of custom agents functionality will crash the drozer client. This functionality is considered out of scope for the beta release of the revived drozer project.\r\n\r\n## Docker Container\r\n\r\nTo help with making sure drozer can be run on all systems, a Docker container was created that has a working build of drozer.\r\n\r\n* The Docker container and basic setup instructions can be found [here](https://hub.docker.com/r/withsecurelabs/drozer).\r\n* Instructions on building your own Docker container can be found [here](https://github.com/WithSecureLabs/drozer/tree/develop/docker).\r\n\r\n## Manual Building and Installation\r\n\r\n### Software pre-requisites\r\n\r\n1. [Python3.8](https://www.python.org/downloads/)\r\n2. [Protobuf](https://pypi.python.org/pypi/protobuf) 4.25.2 or greater\r\n3. [Pyopenssl](https://pypi.python.org/pypi/pyOpenSSL) 22.0.0 or greater\r\n4. [Twisted](https://pypi.python.org/pypi/Twisted) 18.9.0 or greater\r\n4. [Distro](https://pypi.org/project/distro/) 1.8.0 or greater\r\n5. [Java Development Kit](https://adoptopenjdk.net/releases.html) 11 or greater\r\n\r\n### Installing\r\n\r\nYou can use `pip` or `pipx` (preferably, if available) to install the latest release of drozer from our [releases](https://github.com/WithSecureLabs/drozer/releases/tag/latest):\r\n\r\n```shell\r\npipx install ./drozer-*.whl\r\n```\r\n\r\nIf you haven't already, consider running:\r\n```shell\r\npipx ensurepath\r\n```\r\n\r\nto ensure `pipx`-installed packages appear in your `PATH`\r\n\r\n## Building\r\n\r\nTo build drozer from source you can run.\r\n\r\n```shell\r\ngit clone https://github.com/WithSecureLabs/drozer.git\r\ncd drozer\r\npip install .\r\n```\r\n\r\nTo build the Android native components against a specific SDK you can set the `ANDROID_SDK` environment variable to the path. For example:\r\n\r\n**Linux/macOS:**\r\n```shell\r\nexport ANDROID_SDK=/home/drozerUser/Android/Sdk/platforms/android-34/android.jar\r\n```\r\n\r\n**Windows - PowerShell:**\r\n```powershell\r\nNew-Item -Path Env:\\ANDROID_SDK -Value 'C:\\Users\\drozerUser\\AppData\\Local\\Android\\sdk\\platforms\\android-34\\android.jar'\r\n```\r\n\r\n**Windows - cmd:**\r\n```cmd\r\nset ANDROID_SDK = \"C:\\Users\\drozerUser\\AppData\\Local\\Android\\sdk\\platforms\\android-34\\android.jar\"\r\n```\r\n\r\n The location of the `d8` tool used can also be changed by setting `D8`.\r\n\r\n## Usage\r\n\r\n### Installing the Agent\r\n\r\ndrozer can be installed using Android Debug Bridge (adb).\r\n\r\nDownload the latest drozer Agent [here](https://github.com/WithSecureLabs/drozer-agent/releases/latest).\r\n\r\n```shell\r\nadb install drozer-agent.apk\r\n```\r\n\r\n### Setup for session\r\n\r\nYou should now have the drozer Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you\u2019re ready to start exploring.\r\n\r\nWe will use the server embedded in the drozer Agent to do this. First, launch the Agent, select the \"Embedded Server\" option and tap \"Enable\" to start the server. You should see a notification that the server has started. \r\n\r\nThen, follow one of the options below.\r\n\r\n#### Option 1: Connect to the phone via network\r\n\r\nBy default, the drozer Agent listens for incoming TCP connections on all interfaces on port 31415. In order to connect to the Agent, run the following command:\r\n\r\n```\r\ndrozer console connect --server <phone's IP address>\r\n```\r\n\r\nIf you are using the Docker container, the equivalent command would be:\r\n\r\n```\r\ndocker run --net host -it withsecurelabs/drozer console connect --server <phone's IP address>\r\n```\r\n\r\n#### Option 2: Connect to the phone via USB\r\n\r\nIn some scenarios, connecting to the device over the network may not be viable. In these scenarios, we can leverage `adb`'s port-forwarding capabilities to establish a connection over USB.\r\n\r\nFirst, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, drozer uses port 31415\r\n\r\n```shell\r\nadb forward tcp:31415 tcp:31415\r\n```\r\n\r\nYou can now connect to the drozer Agent by connecting to `localhost` (or simply not specifying the target IP)\r\n\r\n```shell\r\ndrozer console connect\r\n```\r\n\r\n### Confirming a successful connection\r\n\r\nYou should be presented with a drozer command prompt:\r\n\r\n```\r\nSelecting ebe9fcc0c47b28da (Google sdk_gphone64_x86_64 12)\r\n\r\n .. ..:.\r\n ..o.. .r..\r\n ..a.. . ....... . ..nd\r\n ro..idsnemesisand..pr\r\n .otectorandroidsneme.\r\n .,sisandprotectorandroids+.\r\n ..nemesisandprotectorandroidsn:.\r\n .emesisandprotectorandroidsnemes..\r\n ..isandp,..,rotecyayandro,..,idsnem.\r\n .isisandp..rotectorandroid..snemisis.\r\n ,andprotectorandroidsnemisisandprotec.\r\n .torandroidsnemesisandprotectorandroid.\r\n .snemisisandprotectorandroidsnemesisan:\r\n .dprotectorandroidsnemesisandprotector.\r\n\r\ndrozer Console (v3.0.0)\r\ndz>\r\n```\r\nThe prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.\r\n\r\nYou are now ready to start exploring the device.\r\n\r\n### Command Reference\r\n\r\n| Command | Description |\r\n| ------------- |:-------------|\r\n| run | Executes a drozer module\r\n| list | Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run. | \r\n| shell | Start an interactive Linux shell on the device, in the context of the Agent process. | \r\n| cd | Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module. | \r\n| clean | Remove temporary files stored by drozer on the Android device. | \r\n| contributors | Displays a list of people who have contributed to the drozer framework and modules in use on your system. | \r\n| echo | Print text to the console. | \r\n| exit | Terminate the drozer session. | \r\n| help | Display help about a particular command or module. | \r\n| load | Load a file containing drozer commands, and execute them in sequence. | \r\n| module | Find and install additional drozer modules from the Internet. | \r\n| permissions | Display a list of the permissions granted to the drozer Agent. | \r\n| set | Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by drozer. | \r\n| unset | Remove a named variable that drozer passes to any Linux shells that it spawns. | \r\n\r\n## License\r\n\r\ndrozer is released under a 3-clause BSD License. See LICENSE for full details.\r\n\r\n## Contacting the Project\r\n\r\ndrozer is Open Source software, made great by contributions from the community.\r\n\r\nFor full source code, to report bugs, suggest features and contribute patches please see our Github project:\r\n\r\n <https://github.com/WithSecureLabs/drozer>\r\n\r\nBug reports, feature requests, comments and questions can be submitted [here](https://github.com/WithSecureLabs/drozer/issues).\r\n",
"bugtrack_url": null,
"license": "BSD 3-Clause License Copyright (c) 2024, WithSecure Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This licence does not apply to the following components: - apktool located at /src/drozer/lib/apktool.jar, released under an Apache2 License and is available at: https://github.com/iBotPeaches/Apktool - BusyBox located at /src/drozer/modules/tools/setup/ Released under a GPLv2 License, and available to download from: http://www.busybox.net/ - BouncyCastle, located at /src/drozer/ssl/bcprov-ext-jdk15on-1.46.jar Released under a modified MIT X11 License, and available to download from: http://www.bouncycastle.org/ - The Google Protocol Buffers support library for Java, located at: /src/drozer/lib/protobuf-java-2.6.1.jar. Owned by Google and available to download from: https://developers.google.com/protocol-buffers/ - Parts of the Android SDK located at: /src/drozer/lib/aapt /src/drozer/lib/d8 /src/drozer/lib/d8.jar /src/drozer/lib/d8.bat /src/drozer/lib/find_java.exe /src/drozer/lib/android.jar; /src/drozer/lib/android-support-v4.jar; /src/drozer/lib/signapk.jar The following bits are part of the Android SDK but have been edited to be used by drozer /src/drozer/lib/find_java.bat Released under an Apache 2 License and is available to download from: http://developer.android.com/ ",
"summary": "The Leading Android Security Testing Framework",
"version": "3.1.0",
"project_urls": {
"Documentation": "https://labs.withsecure.com/tools/drozer/",
"Homepage": "https://labs.withsecure.com/tools/drozer/",
"Issues": "https://github.com/WithSecureLabs/drozer/issues",
"Repository": "https://github.com/WithSecureLabs/drozer.git"
},
"split_keywords": [
"drozer",
" android",
" security",
" framework"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c16cf4d13269407ac87a28f6bf229c25bad006157eb9194f763bf6c725d7e222",
"md5": "6792f64bf0f6f2d529cd1ba4f7a94618",
"sha256": "c56b4f3ac332d07a047d87e12e329cc4ae121a24d5e95a11fd21e6956a2633fc"
},
"downloads": -1,
"filename": "drozer-3.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6792f64bf0f6f2d529cd1ba4f7a94618",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 55827498,
"upload_time": "2024-08-01T17:48:25",
"upload_time_iso_8601": "2024-08-01T17:48:25.283902Z",
"url": "https://files.pythonhosted.org/packages/c1/6c/f4d13269407ac87a28f6bf229c25bad006157eb9194f763bf6c725d7e222/drozer-3.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "f7369b606438e49e9349e57e45ef5f76c14c7fc0bef172038fbc76cf155213ca",
"md5": "36c6355e5430310617258ede6ed218e3",
"sha256": "acfa100af0c45db1ef6167d261cfa2f107b10ae1d2814f74f015302a5d908632"
},
"downloads": -1,
"filename": "drozer-3.1.0.tar.gz",
"has_sig": false,
"md5_digest": "36c6355e5430310617258ede6ed218e3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 55694026,
"upload_time": "2024-08-01T17:48:29",
"upload_time_iso_8601": "2024-08-01T17:48:29.712500Z",
"url": "https://files.pythonhosted.org/packages/f7/36/9b606438e49e9349e57e45ef5f76c14c7fc0bef172038fbc76cf155213ca/drozer-3.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-01 17:48:29",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "WithSecureLabs",
"github_project": "drozer",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "drozer"
}