drozer is a security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime, other apps' IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits.
drozer is open source software, maintained by WithSecure, and can be downloaded from: https://labs.withsecure.com/tools/drozer/
This is an BETA release of a rewritten drozer version, this version is updated to support python3.
Currently, the following known issues are present:
- Building of custom agents functionality will crash the drozer client. This functionality is considered out of scope for the beta release of the revived drozer project.
- It is not possible to run drozer on a Windows host; you must run drozer on either a virtual machine or Docker image
To help with making sure drozer can be run on all systems, a Docker container was created that has a working build of drozer.
- The Docker container and basic setup instructions can be found here.
- Instructions on building your own Docker container can be found here.
- Python3.8
- Protobuf 4.25.2 or greater
- Pyopenssl 22.0.0 or greater
- Twisted 18.9.0 or greater
- Distro 1.8.0 or greater
- Java Development Kit 11 or greater
You can use pip to install the latest release of drozer:
sudo pip install drozer-<version>.whl
All of the requirements can be installed via the following command:
sudo apt install python3 python3-pip python3-protobuf python3-openssl \
python3-twisted python3-yaml python3-distro git protobuf-compiler \
libexpat1 libexpat1-dev libpython3-dev python-is-python3 zip default-jdk
Then build drozer for Python wheel
git clone https://github.com/WithSecureLabs/drozer.git
cd drozer
python setup.py bdist_wheel
Finally, install drozer
sudo pip install dist/drozer-<version>-py3-none-any.whl
On any arch based installation, until proper pkgbuilds and pip packages are created, please use an virtualenv.
git clone https://github.com/WithSecureLabs/drozer.git
cd drozer
virtualenv -p /usr/bin/python3 venv
source venv/bin/activate
python setup.py bdist_wheel
sudo pip install dist/drozer-<version>-py3-none-any.whl
If protobuf complains about the protobuf defintions being out of date. Copy the protobuf definition from here into common/protobuf.proto
Then run
cd common
protoc --python_out=../src/pysolar/api/ protobuf.proto
drozer can be installed using Android Debug Bridge (adb).
Download the latest drozer Agent here.
$ adb install drozer-agent.apk
You should now have the drozer Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.
We will use the server embedded in the drozer Agent to do this.
You need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the device or emulator. By default, drozer uses port 31415:
$ adb forward tcp:31415 tcp:31415
Now, launch the Agent, select the "Embedded Server" option and tap "Enable" to start the server. You should see a notification that the server has started.
On your PC, connect using the drozer Console:
$ drozer console connect
If using a real device, the IP address of the device on the network must be specified:
$ drozer console connect --server 192.168.0.10
You should be presented with a drozer command prompt:
selecting f75640f67144d9a3 (unknown sdk 4.1.1)
dz>
The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.
| Command | Description |
|---|---|
| run | Executes a drozer module |
| list | Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run. |
| shell | Start an interactive Linux shell on the device, in the context of the Agent process. |
| cd | Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module. |
| clean | Remove temporary files stored by drozer on the Android device. |
| contributors | Displays a list of people who have contributed to the drozer framework and modules in use on your system. |
| echo | Print text to the console. |
| exit | Terminate the drozer session. |
| help | Display help about a particular command or module. |
| load | Load a file containing drozer commands, and execute them in sequence. |
| module | Find and install additional drozer modules from the Internet. |
| permissions | Display a list of the permissions granted to the drozer Agent. |
| set | Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by drozer. |
| unset | Remove a named variable that drozer passes to any Linux shells that it spawns. |
drozer is released under a 3-clause BSD License. See LICENSE for full details.
drozer is Open Source software, made great by contributions from the community.
For full source code, to report bugs, suggest features and contribute patches please see our Github project:
https://github.com/WithSecureLabs/drozer
Bug reports, feature requests, comments and questions can be submitted here.