Drozer: Automated Android app assessments tool

We all remember the time when we used to create a bunch of applications to check for vulnerabilities in Android applications. Then Drozer came into existence, an open-source all-in-one combination to check your application against known vulnerabilities.

Download and install Drozer

Drozer is a tool used for automated Android app assessments.

Prerequisites

The following are the requirements for setting up: 

• A workstation (in my case Windows 8) with the following:
• JRE or JDK
• Android SDK (ADB)
• An Android device or emulator running Android 2.1 or later.

Steps to install Drozer

Follow my steps to get Drozer up and running. Before we proceed further, make sure you already have Java and ADB, up and running on your Windows workstation.

Drozer 3.0.2 Release

Drozer is a comprehensive security testing framework for Android devices that allows security researchers and developers to identify security vulnerabilities in Android applications and devices. The 3.0.2 release brings various improvements, bug fixes, and new features to enhance the functionality and usability of Drozer. Security professionals can use Drozer to perform dynamic analysis, reverse engineering, and penetration testing of Android apps and devices.

1. Visit the official GitHub page and click on release and download the appropriate version of Drozer, if you are working with a different setup, and also download the appropriate agent file.

2. Extract the downloaded zip file, and run the Drozer installer. The installation uses the usual Windows installation wizard.

 3. Click Next, and choose the destination location for Drozer installation.

As shown in the preceding, the default location is C:\drozer. It is recommended you use the default location if you would like to configure your system identical to ours.

4.  Follow the wizard's instructions to complete the installation. Click Finish to complete the process.

The preceding installation process automatically installs all the required Python dependencies and sets up a complete Python environment.

To check the validity of the installation, perform the following steps:

1. Go to the destination folder of Drozer and open the command prompt by pressing SHIFT and right-click on the mouse. 

2. Now run the drozer.bat file, 

C:\drozer> drozer.bat 

3. Install the agent.apk file using ADB, So copy the agent.apk file to the Drozer folder. Plugin Android device via USB and run the following command.

Don't know what ADB is then click here

Android Debug Bridge (ADB) - CyberSecMastery

This comprehensive guide on Android Debug Bridge (ADB) provides detailed insights into the usage and functionalities of ADB, a versatile command-line tool that facilitates communication between a computer and an Android device. ADB plays a crucial role in debugging, installing, and managing Android applications, as well as accessing various device features for development and testing purposes. The guide covers essential ADB commands, usage scenarios, security considerations, and practical examples to help users harness the full potential of this powerful tool.

C:\drozer> adb install agent.apk

4. To start working with Drozer for your assessments, we need to connect the Drozer console on the workstation to the agent on the device.

To do this, start the agent on your Android device and run the following command to set the port forward. 

Make sure you are running the embedded server when launching the agent.

C:\drozer> adb forward tcp:31415 tcp:31415

5. Let me check the help commands.

6. Now, we can simply run the following command to connect to the agent from the workstation.

We should now be presented with the Drozer console, as shown on my window screen.