一、列出drozer当前可用的所有模块dz> list

dz> list

app.activity.forintent                   Find activities that can handle the given intent

app.activity.info                        Gets information about exported activities.

app.activity.start                       Start an Activity

app.broadcast.info                       Get information about broadcast receivers

app.broadcast.send                       Send broadcast using an intent

app.broadcast.sniff                      Register a broadcast receiver that can sniff particular intents

app.package.attacksurface                Get attack surface of package

app.package.backup                       Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP)

app.package.debuggable                   Find debuggable packages

app.package.info                         Get information about installed packages

app.package.launchintent                 Get launch intent of package

app.package.list                         List Packages

app.package.manifest                     Get AndroidManifest.xml of package

app.package.native                       Find Native libraries embedded in the application.

app.package.shareduid                    Look for packages with shared UIDs

app.provider.columns                     List columns in content provider

app.provider.delete                      Delete from a content provider

app.provider.download                    Download a file from a content provider that supports files

app.provider.finduri                     Find referenced content URIs in a package

app.provider.info                        Get information about exported content providers

app.provider.insert                      Insert into a Content Provider

app.provider.query                       Query a content provider

app.provider.read                        Read from a content provider that supports files

app.provider.update                      Update a record in a content provider

app.service.info                         Get information about exported services

app.service.send                         Send a Message to a service, and display the reply

app.service.start                        Start Service

app.service.stop                         Stop Service

auxiliary.webcontentresolver             Start a web service interface to content providers.

exploit.jdwp.check                       Open @jdwp-control and see which apps connect

exploit.pilfer.general.apnprovider       Reads APN content provider

exploit.pilfer.general.settingsprovider  Reads Settings content provider

information.datetime                     Print Date/Time

information.deviceinfo                   Get verbose device information

information.permissions                  Get a list of all permissions used by packages on the device

scanner.activity.browsable               Get all BROWSABLE activities that can be invoked from the web browser

scanner.misc.native                      Find native components included in packages

scanner.misc.readablefiles               Find world-readable files in the given folder

scanner.misc.secretcodes                 Search for secret codes that can be used from the dialer

scanner.misc.sflagbinaries               Find suid/sgid binaries in the given folder (default is /system).

scanner.misc.writablefiles               Find world-writable files in the given folder

scanner.provider.finduris                Search for content providers that can be queried from our context.

scanner.provider.injection               Test content providers for SQL injection vulnerabilities.

scanner.provider.sqltables               Find tables accessible through SQL injection vulnerabilities.

scanner.provider.traversal               Test content providers for basic directory traversal vulnerabilities.

shell.exec                               Execute a single Linux command.

shell.send                               Send an ASH shell to a remote listener.

shell.start                              Enter into an interactive Linux shell.

tools.file.download                      Download a File

tools.file.md5sum                        Get md5 Checksum of file

tools.file.size                          Get size of file

tools.file.upload                        Upload a File

tools.setup.busybox                      Install Busybox.

tools.setup.minimalsu                    Prepare 'minimal-su' binary installation on the device.                        

dz>
  • 获取所有安装包列表 run app.package.list
dz> run app.package.list

android (Android 绯荤粺)

com.adobe.flashplayer (Adobe Flash Player 11.1)

com.adups.fota (OTA鍗囩骇)

com.adups.fota.sysoper (FotaReboot)

com.android.backupconfirm (com.android.backupconfirm)

...

com.svox.pico (Pico TTS)

com.tencent.mm (寰俊)

com.wlan.wland (com.wlan.wland)
  • 通过输入安装包的部分关键字查找包全称 run app.package.list -f 安装包部分关键字
dz> run app.package.list -f qihoo

com.qihoo.wifi (360WiFi)

dz> run app.package.list -f yidian
com.hipu.yidian (一点资讯)
  • 获取特定安装包信息 run app.package.info -a 安装包名称
dz> run app.package.info -a com.ips.wallet

Package: com.ips.wallet

  Application Label: IPSWallet

  Process Name: com.ips.wallet

  Version: 1.0

  Data Directory: /data/data/com.ips.wallet

  APK Path: /data/app/com.ips.wallet-.apk

  UID:

  GID: [, , , ]

  Shared Libraries: null

  Shared User ID: null

  Uses Permissions:

  - android.permission.INTERNET

  - android.permission.ACCESS_NETWORK_STATE

  - android.permission.READ_PHONE_STATE

  - android.permission.ACCESS_WIFI_STATE

  - android.permission.MOUNT_UNMOUNT_FILESYSTEMS

  - android.permission.WRITE_EXTERNAL_STORAGE

  - android.permission.CAMERA

  - android.permission.RECEIVE_USER_PRESENT

  - android.permission.READ_EXTERNAL_STORAGE

  Defines Permissions:

  - None
  • 查找APP是否存在漏洞 run app.package.attacksurface 安装包名称

dz> run app.package.attacksurface com.hipu.yidian
Attack Surface:
6 activities exported
8 broadcast receivers exported
1 content providers exported
4 services exported

  • 获取activiity信息 run app.activity.info -a 安装包名称
dz> run app.activity.info -a com.hipu.yidian

Package: com.hipu.yidian

  com.hipu.yidian.wxapi.WXEntryActivity

    Permission: null

  com.yidian.news.ui.guide.UserGuideActivity

    Permission: null

  com.yidian.news.ui.lists.ContentListActivity

    Permission: null

  com.yidian.news.ui.content.NewsActivity

    Permission: null

  com.xiaomi.account.openauth.AuthorizeActivity

    Permission: null

  com.tencent.tauth.AuthActivity

    Permission: null

dz>

Android APP安全评估工具 Drozer - 使用介绍的更多相关文章

  1. Android APP安全评估工具 Drozer - 安装介绍

    一.Drozedr安装 注意事项:安装需要 JavaRuntime Environment (JRE) or Java Development Kit (JDK)环境, 没有安装的请先安装java环境 ...

  2. 老李分享:android app自动化测试工具合集

    老李分享:android app自动化测试工具合集   poptest是国内唯一一家培养测试开发工程师的培训机构,以学员能胜任自动化测试,性能测试,测试工具开发等工作为目标.如果对课程感兴趣,请大家咨 ...

  3. Android App 测试工具及知识大集合

    简介: 作者从事测试将近11年,有8年的团队管理经验,经历了上市公司,外包,日企,股份制公司的企业文化洗礼,擅长测试团队的组建,流程建立,改造,质量体系建建设,有三次经历在不同企业文化从"0 ...

  4. 我的Android进阶之旅------>Android APP终极瘦身指南

    首先声明,下面文字转载于: APK瘦身实践 http://www.jayfeng.com/2015/12/29/APK%E7%98%A6%E8%BA%AB%E5%AE%9E%E8%B7%B5/ APP ...

  5. 一个使用命令行编译Android项目的工具类

    一个使用命令行编译Android项目的工具类 简单介绍 编译apk项目须要使用的几个工具,基本都在sdk中,它们各自是(Windows系统): 1.aapt.exe 资源打包工具 2.android. ...

  6. 推荐支付宝 Android 专项测试工具SoloPi

    推荐支付宝 Android 专项测试工具SoloPi 1 介绍 SoloPi是一个无线化.非侵入式的Android自动化工具,公测版拥有录制回放.性能测试.一机多控三项主要功能,能为测试开发人员节省宝 ...

  7. Android APP压力测试(一)之Monkey工具介绍

    Android APP压力测试(一) 之Monkey工具介绍 前言 本文主要介绍Monkey工具.Monkey测试是Android平台自动化测试的一种手段,通过Monkey程序模拟用户触摸屏幕.滑动. ...

  8. Android App渗透测试工具drozer,Qark,Androguard

    一. drozer简介 drozer(以前称为Mercury)是一款Android安全测试框架. drozer允许您通过承担应用程序的角色并与Dalvik VM,其他应用程序的IPC端点和底层操作系统 ...

  9. Android APP性能分析方法及工具

    近期读到<Speed up your app>一文.这是一篇关于Android APP性能分析.优化的文章.在这篇文章中,作者介绍他的APP分析优化规则.使用的工具和方法.我觉得值得大家借 ...

随机推荐

  1. java获取常见文本文件的编码 解决乱码问题

    乱码问题的产生一般是,由字节流转字符流的时候,读文件的编码与文件的系统编码不一致造成的. 解决方式:先自动判断文件系统编码类型,然后读的时候用这个类型去读就ok了. 自动判断文件系统编码类型代码如下, ...

  2. Spring MVC常用的注解类

    一.注解类配置 要使用springmvc的注解类,需要在springmvc.xml配置文件中用context:component-scan/扫描:  二.五大重要的注解类 1.RequestMapp ...

  3. Careercup - Microsoft面试题 - 6366101810184192

    2014-05-10 22:30 题目链接 原题: Design database locks to allow r/w concurrency and data consistency. 题目:设计 ...

  4. 6、android 普通日志输出到SD卡

    这是本人见过写博文最负责的一个人: http://www.crifan.com/android_try_use_android_logging_log4j_to_output_log_to_sd_ca ...

  5. 【转载】Oracle 11g R2 for Win7旗舰版(64位)- 安装

    免责声明:     本文转自网络文章,转载此文章仅为个人收藏,分享知识,如有侵权,请联系博主进行删除.     原文作者:bluepoint2009      原文地址:http://www.cnbl ...

  6. Visual Studio快捷键设置

    1.查看当前快捷键:环境-键盘-按快捷键2.文本编辑器-C#-显示-行号3.文本编辑器-C#-制表符-插入空格4.文本编辑器-所有语言-没有选定内容时对空行应用剪切或复制命令5.Ctrl+Shift- ...

  7. WPF编程学习——布局

    本文目录 1.布局简介 2.面板(Panel) 3.视图框(Viewbox) 4.滚动视图控件(ScrollViewer) 5.公共布局属性 1.布局简介 应用程序界面设计中,合理的元素布局至关重要, ...

  8. 关于gzip压缩

    关于gzip压缩 http://httpd.apache.org/docs/2.0/mod/mod_deflate.html http://www.phpchina.com/resource/manu ...

  9. 用 VIPER 构建 iOS 应用架构(2)

    [编者按]本篇文章由 Jeff Gilbert 和 Conrad Stoll 共同编写,通过构建一个基础示例应用,深入了解 VIPER,并从视图.交互器等多个部件理清 VIPER 的整体布局及思路.通 ...

  10. POJ 1995

    #include <iostream> using namespace std; long long power(long long a, long long b, long long m ...