Android APP安全评估工具 Drozer

一、列出drozer当前可用的所有模块dz> list

dz> list
app.activity.forintent                   Find activities that can handle the given intent                               
app.activity.info                        Gets information about exported activities.                                    
app.activity.start                       Start an Activity                                                              
app.broadcast.info                       Get information about broadcast receivers                                      
app.broadcast.send                       Send broadcast using an intent                                                 
app.broadcast.sniff                      Register a broadcast receiver that can sniff particular intents                
app.package.attacksurface                Get attack surface of package                                                  
app.package.backup                       Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP)     
app.package.debuggable                   Find debuggable packages                                                       
app.package.info                         Get information about installed packages                                       
app.package.launchintent                 Get launch intent of package                                                   
app.package.list                         List Packages                                                                  
app.package.manifest                     Get AndroidManifest.xml of package                                             
app.package.native                       Find Native libraries embedded in the application.                             
app.package.shareduid                    Look for packages with shared UIDs                                             
app.provider.columns                     List columns in content provider                                               
app.provider.delete                      Delete from a content provider                                                 
app.provider.download                    Download a file from a content provider that supports files                    
app.provider.finduri                     Find referenced content URIs in a package                                      
app.provider.info                        Get information about exported content providers                               
app.provider.insert                      Insert into a Content Provider                                                 
app.provider.query                       Query a content provider                                                       
app.provider.read                        Read from a content provider that supports files                               
app.provider.update                      Update a record in a content provider                                          
app.service.info                         Get information about exported services                                        
app.service.send                         Send a Message to a service, and display the reply                             
app.service.start                        Start Service                                                                  
app.service.stop                         Stop Service                                                                   
auxiliary.webcontentresolver             Start a web service interface to content providers.                            
exploit.jdwp.check                       Open @jdwp-control and see which apps connect                                  
exploit.pilfer.general.apnprovider       Reads APN content provider                                                     
exploit.pilfer.general.settingsprovider  Reads Settings content provider                                                
information.datetime                     Print Date/Time                                                                
information.deviceinfo                   Get verbose device information                                                 
information.permissions                  Get a list of all permissions used by packages on the device                   
scanner.activity.browsable               Get all BROWSABLE activities that can be invoked from the web browser          
scanner.misc.native                      Find native components included in packages                                    
scanner.misc.readablefiles               Find world-readable files in the given folder                                  
scanner.misc.secretcodes                 Search for secret codes that can be used from the dialer                       
scanner.misc.sflagbinaries               Find suid/sgid binaries in the given folder (default is /system).              
scanner.misc.writablefiles               Find world-writable files in the given folder                                  
scanner.provider.finduris                Search for content providers that can be queried from our context.             
scanner.provider.injection               Test content providers for SQL injection vulnerabilities.                      
scanner.provider.sqltables               Find tables accessible through SQL injection vulnerabilities.                  
scanner.provider.traversal               Test content providers for basic directory traversal vulnerabilities.          
shell.exec                               Execute a single Linux command.                                                
shell.send                               Send an ASH shell to a remote listener.                                        
shell.start                              Enter into an interactive Linux shell.                                         
tools.file.download                      Download a File                                                                
tools.file.md5sum                        Get md5 Checksum of file                                                       
tools.file.size                          Get size of file                                                               
tools.file.upload                        Upload a File                                                                  
tools.setup.busybox                      Install Busybox.                                                               
tools.setup.minimalsu                    Prepare 'minimal-su' binary installation on the device.                        

dz>

• 获取所有安装包列表 run app.package.list

dz> run app.package.list
android (Android 绯荤粺)
com.adobe.flashplayer (Adobe Flash Player 11.1)
com.adups.fota (OTA鍗囩骇)
com.adups.fota.sysoper (FotaReboot)
com.android.backupconfirm (com.android.backupconfirm)
...
com.svox.pico (Pico TTS)
com.tencent.mm (寰�俊)
com.wlan.wland (com.wlan.wland)

• 通过输入安装包的部分关键字查找包全称 run app.package.list -f 安装包部分关键字

dz> run app.package.list -f qihoo
com.qihoo.wifi (360WiFi)

dz> run app.package.list -f yidian
com.hipu.yidian (一点资讯）

• 获取特定安装包信息 run app.package.info -a 安装包名称

dz> run app.package.info -a com.ips.wallet
Package: com.ips.wallet
  Application Label: IPSWallet
  Process Name: com.ips.wallet
  Version: 1.0
  Data Directory: /data/data/com.ips.wallet
  APK Path: /data/app/com.ips.wallet-1.apk
  UID: 10080
  GID: [3003, 1015, 1006, 1028]
  Shared Libraries: null
  Shared User ID: null
  Uses Permissions:
  - android.permission.INTERNET
  - android.permission.ACCESS_NETWORK_STATE
  - android.permission.READ_PHONE_STATE
  - android.permission.ACCESS_WIFI_STATE
  - android.permission.MOUNT_UNMOUNT_FILESYSTEMS
  - android.permission.WRITE_EXTERNAL_STORAGE
  - android.permission.CAMERA
  - android.permission.RECEIVE_USER_PRESENT
  - android.permission.READ_EXTERNAL_STORAGE
  Defines Permissions:
  - None

• 查找APP是否存在漏洞 run app.package.attacksurface 安装包名称

dz> run app.package.attacksurface com.hipu.yidian
Attack Surface:
6 activities exported
8 broadcast receivers exported
1 content providers exported
4 services exported

•  获取activiity信息 run app.activity.info -a 安装包名称

dz> run app.activity.info -a com.hipu.yidian
Package: com.hipu.yidian
  com.hipu.yidian.wxapi.WXEntryActivity
    Permission: null
  com.yidian.news.ui.guide.UserGuideActivity
    Permission: null
  com.yidian.news.ui.lists.ContentListActivity
    Permission: null
  com.yidian.news.ui.content.NewsActivity
    Permission: null
  com.xiaomi.account.openauth.AuthorizeActivity
    Permission: null
  com.tencent.tauth.AuthActivity
    Permission: null

dz>