Android APP安全评估工具 Drozer - 使用介绍

一、列出drozer当前可用的所有模块dz> list

dz> list
app.activity.forintent                   Find activities that can handle the given intent
app.activity.info                        Gets information about exported activities.
app.activity.start                       Start an Activity
app.broadcast.info                       Get information about broadcast receivers
app.broadcast.send                       Send broadcast using an intent
app.broadcast.sniff                      Register a broadcast receiver that can sniff particular intents
app.package.attacksurface                Get attack surface of package
app.package.backup                       Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP)
app.package.debuggable                   Find debuggable packages
app.package.info                         Get information about installed packages
app.package.launchintent                 Get launch intent of package
app.package.list                         List Packages
app.package.manifest                     Get AndroidManifest.xml of package
app.package.native                       Find Native libraries embedded in the application.
app.package.shareduid                    Look for packages with shared UIDs
app.provider.columns                     List columns in content provider
app.provider.delete                      Delete from a content provider
app.provider.download                    Download a file from a content provider that supports files
app.provider.finduri                     Find referenced content URIs in a package
app.provider.info                        Get information about exported content providers
app.provider.insert                      Insert into a Content Provider
app.provider.query                       Query a content provider
app.provider.read                        Read from a content provider that supports files
app.provider.update                      Update a record in a content provider
app.service.info                         Get information about exported services
app.service.send                         Send a Message to a service, and display the reply
app.service.start                        Start Service
app.service.stop                         Stop Service
auxiliary.webcontentresolver             Start a web service interface to content providers.
exploit.jdwp.check                       Open @jdwp-control and see which apps connect
exploit.pilfer.general.apnprovider       Reads APN content provider
exploit.pilfer.general.settingsprovider  Reads Settings content provider
information.datetime                     Print Date/Time
information.deviceinfo                   Get verbose device information
information.permissions                  Get a list of all permissions used by packages on the device
scanner.activity.browsable               Get all BROWSABLE activities that can be invoked from the web browser
scanner.misc.native                      Find native components included in packages
scanner.misc.readablefiles               Find world-readable files in the given folder
scanner.misc.secretcodes                 Search for secret codes that can be used from the dialer
scanner.misc.sflagbinaries               Find suid/sgid binaries in the given folder (default is /system).
scanner.misc.writablefiles               Find world-writable files in the given folder
scanner.provider.finduris                Search for content providers that can be queried from our context.
scanner.provider.injection               Test content providers for SQL injection vulnerabilities.
scanner.provider.sqltables               Find tables accessible through SQL injection vulnerabilities.
scanner.provider.traversal               Test content providers for basic directory traversal vulnerabilities.
shell.exec                               Execute a single Linux command.
shell.send                               Send an ASH shell to a remote listener.
shell.start                              Enter into an interactive Linux shell.
tools.file.download                      Download a File
tools.file.md5sum                        Get md5 Checksum of file
tools.file.size                          Get size of file
tools.file.upload                        Upload a File
tools.setup.busybox                      Install Busybox.
tools.setup.minimalsu                    Prepare 'minimal-su' binary installation on the device.                        

dz>

• 获取所有安装包列表 run app.package.list

dz> run app.package.list
android (Android 绯荤粺)
com.adobe.flashplayer (Adobe Flash Player 11.1)
com.adups.fota (OTA鍗囩骇)
com.adups.fota.sysoper (FotaReboot)
com.android.backupconfirm (com.android.backupconfirm)
...
com.svox.pico (Pico TTS)
com.tencent.mm (寰俊)
com.wlan.wland (com.wlan.wland)

• 通过输入安装包的部分关键字查找包全称 run app.package.list -f 安装包部分关键字

dz> run app.package.list -f qihoo
com.qihoo.wifi (360WiFi)

dz> run app.package.list -f yidian
com.hipu.yidian (一点资讯）

• 获取特定安装包信息 run app.package.info -a 安装包名称

dz> run app.package.info -a com.ips.wallet
Package: com.ips.wallet
  Application Label: IPSWallet
  Process Name: com.ips.wallet
  Version: 1.0
  Data Directory: /data/data/com.ips.wallet
  APK Path: /data/app/com.ips.wallet-.apk
  UID:
  GID: [, , , ]
  Shared Libraries: null
  Shared User ID: null
  Uses Permissions:
  - android.permission.INTERNET
  - android.permission.ACCESS_NETWORK_STATE
  - android.permission.READ_PHONE_STATE
  - android.permission.ACCESS_WIFI_STATE
  - android.permission.MOUNT_UNMOUNT_FILESYSTEMS
  - android.permission.WRITE_EXTERNAL_STORAGE
  - android.permission.CAMERA
  - android.permission.RECEIVE_USER_PRESENT
  - android.permission.READ_EXTERNAL_STORAGE
  Defines Permissions:
  - None

• 查找APP是否存在漏洞 run app.package.attacksurface 安装包名称

dz> run app.package.attacksurface com.hipu.yidian
Attack Surface:
6 activities exported
8 broadcast receivers exported
1 content providers exported
4 services exported

• 获取activiity信息 run app.activity.info -a 安装包名称

dz> run app.activity.info -a com.hipu.yidian
Package: com.hipu.yidian
  com.hipu.yidian.wxapi.WXEntryActivity
    Permission: null
  com.yidian.news.ui.guide.UserGuideActivity
    Permission: null
  com.yidian.news.ui.lists.ContentListActivity
    Permission: null
  com.yidian.news.ui.content.NewsActivity
    Permission: null
  com.xiaomi.account.openauth.AuthorizeActivity
    Permission: null
  com.tencent.tauth.AuthActivity
    Permission: null

dz>