drozer- security and attack framework for Android

Android becomes a popular platform for developers and we see an increasing number of applications running on mobile devices that support this system. Technology have rapidly changed and security tools for making the assessment are also increasing.  drozer is a tool that can be used for Mobile device review , Secure development of applications, BYOD approval and Mobile application testing.

There are two version of drozer an open source and professional one. the only addition for the pro version is the automation while remaining functionality are the same. some of the functionality are:

  1. Gathering the information about the application
  2. Find the attack surface
  3. Test your Exposure to Public Exploits (this is useful for checking the security of BYOD)
  4. Execute dynamic code on a device, to avoid the need to compile and install small test scripts.
  5. Start Android emulators, provisioned with the drozer Agent and the app you want to investigate.
  6. Simulate sensor input, such as GPS, to emulators to test the full attack surface.
  7. View the attack surface as a graph. this will be helpful for the risk assessment reporting.

drozer-simulate-sensor-inputCall a phone number from a remote android device (sourced drozer official website)

Drozer contain two component Agent that should be installed on the android device and server that will run the assessment and remote instruction to the agent.  You can read more and find the full usage instruction over this link: drozer user guide

Share