Framework

Mobile Security

drozer

by ReversecLabs

4.4Kstars

821forks

178watchers

Updated 3 months ago

About

drozer is a comprehensive security assessment framework that enables penetration testers to identify vulnerabilities in Android apps and devices by interacting with the Android runtime and IPC mechanisms.

The Leading Security Assessment Framework for Android.

Primary Use Case

drozer is primarily used by security professionals and penetration testers to discover and exploit security weaknesses in Android applications and devices. It facilitates in-depth security testing by simulating app behavior and interacting with Android components to uncover vulnerabilities and misconfigurations.

Key Features

Interact with Android Runtime and IPC endpoints
Search for security vulnerabilities in apps and devices
Use, share, and understand public Android exploits
Supports Python 3 with a rewritten beta version
Provides a Docker container for easy deployment
Agent installation via adb for device interaction
Embedded server in the Agent for network connections
Supports building native Android components with SDK

Installation

Ensure Python 3.8 or greater is installed
Install Protobuf 4.25.2 or greater
Install PyOpenSSL 22.0.0 or greater
Install Twisted 18.9.0 or greater
Install Distro 1.8.0 or greater
Install Java Development Kit 11 or greater
Install drozer via pipx: pipx install drozer
Alternatively, download wheel from GitHub releases and install with pipx
Clone the repository: git clone https://github.com/ReversecLabs/drozer.git
Install from source: cd drozer && pip install .

Usage

>_ adb install drozer-agent.apk

Installs the drozer Agent APK on the Android test device.

>_ drozer console connect --server <phone's IP address>

Connects the drozer Console on the PC to the drozer Agent running on the Android device over the network.

>_ pipx install drozer

Installs the latest release of drozer using pipx.

>_ git clone https://github.com/ReversecLabs/drozer.git

Clones the drozer source code repository.

>_ pip install .

Installs drozer from the cloned source code directory.

>_ export ANDROID_SDK=/path/to/android.jar

Sets the environment variable to specify the Android SDK path for building native components (Linux/macOS).

>_ drozer Agent Embedded Server Enable

Starts the embedded server on the drozer Agent to allow incoming connections.

Security Frameworks

Discovery

Initial Access

Execution

Privilege Escalation

Persistence

Usage Insights

Integrate drozer with CI/CD pipelines to automate mobile app security testing before deployment.
Combine drozer with Metasploit or other exploitation frameworks to streamline end-to-end penetration testing on Android devices.
Use drozer in purple team exercises to simulate realistic Android app exploitation scenarios and improve defensive controls.
Deploy drozer agents in controlled environments via Docker containers to facilitate scalable mobile security assessments.
Leverage drozer’s IPC interaction capabilities to uncover complex Android component vulnerabilities often missed by static analysis.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about drozer. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile

Red Team85%

Blue Team35%

Purple Team60%

Details

LicenseOther

LanguagePython

Open Issues333

Topics

drozer

android

security

pentesting

java

mobile

mobsec

reversec

Related Tools

Mobile-Security-Framework-MobSF

MobSF/Mobile-Security-Framework-MobSF

Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

20.5K

about 1 month ago

mastg

OWASP/mastg

Documentation

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

12.7K

3 months ago