Repository files navigation
Nothing unique, just an automation
Drozscan is just an automated script to run all drozer commands in a single run. See the results in CLI, JSON or HTML. NOTE : Make sure you installed and configured the drozer tool before running the script.
Linux/OSX machine
Genymotion/Android emulator/Rooted device
QUERIES EXECUTED BY TOOL.
Get Package complete Info
Get activities information
Get broadcast receivers information
Get attack surface details
Get package with backup API details
Get Android Manifest of the package
Get native libraries information
Get content provider information
Get URIs from package
Get services information
Get native components included in package
Get world readable files in app installation directory /data/data/<package_name>/
Get world writeable files in app installation directory /data/data/<package_name>/
Get content providers that can be queried from current context
Perform SQL Injection on content providers
Find SQL Tables trying SQL Injection
Test for directory traversal vulnerability
Make sure you have connected the android virtual device to your attacking machine.
Check whether Port forwarding is done for drozer client.
Download or Clone the drozscan Repo.
From the terminal, move into Garuda Directory
Run python scanme.py
Bad UI in html page, will be working on them, however tool does its job Inspired by interference-security
About
Droz_scan is a automated script, that runs all the queries of drozer in a single run
Topics
Resources
Stars
Watchers
Forks
You can’t perform that action at this time.
