一、列出drozer当前可用的所有模块dz> list
dz> list
app.activity.forintent Find activities that can handle the given intent
app.activity.info Gets information about exported activities.
app.activity.start Start an Activity
app.broadcast.info Get information about broadcast receivers
app.broadcast.send Send broadcast using an intent
app.broadcast.sniff Register a broadcast receiver that can sniff particular intents
app.package.attacksurface Get attack surface of package
app.package.backup Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP)
app.package.debuggable Find debuggable packages
app.package.info Get information about installed packages
app.package.launchintent Get launch intent of package
app.package.list List Packages
app.package.manifest Get AndroidManifest.xml of package
app.package.native Find Native libraries embedded in the application.
app.package.shareduid Look for packages with shared UIDs
app.provider.columns List columns in content provider
app.provider.delete Delete from a content provider
app.provider.download Download a file from a content provider that supports files
app.provider.finduri Find referenced content URIs in a package
app.provider.info Get information about exported content providers
app.provider.insert Insert into a Content Provider
app.provider.query Query a content provider
app.provider.read Read from a content provider that supports files
app.provider.update Update a record in a content provider
app.service.info Get information about exported services
app.service.send Send a Message to a service, and display the reply
app.service.start Start Service
app.service.stop Stop Service
auxiliary.webcontentresolver Start a web service interface to content providers.
exploit.jdwp.check Open @jdwp-control and see which apps connect
exploit.pilfer.general.apnprovider Reads APN content provider
exploit.pilfer.general.settingsprovider Reads Settings content provider
information.datetime Print Date/Time
information.deviceinfo Get verbose device information
information.permissions Get a list of all permissions used by packages on the device
scanner.activity.browsable Get all BROWSABLE activities that can be invoked from the web browser
scanner.misc.native Find native components included in packages
scanner.misc.readablefiles Find world-readable files in the given folder
scanner.misc.secretcodes Search for secret codes that can be used from the dialer
scanner.misc.sflagbinaries Find suid/sgid binaries in the given folder (default is /system).
scanner.misc.writablefiles Find world-writable files in the given folder
scanner.provider.finduris Search for content providers that can be queried from our context.
scanner.provider.injection Test content providers for SQL injection vulnerabilities.
scanner.provider.sqltables Find tables accessible through SQL injection vulnerabilities.
scanner.provider.traversal Test content providers for basic directory traversal vulnerabilities.
shell.exec Execute a single Linux command.
shell.send Send an ASH shell to a remote listener.
shell.start Enter into an interactive Linux shell.
tools.file.download Download a File
tools.file.md5sum Get md5 Checksum of file
tools.file.size Get size of file
tools.file.upload Upload a File
tools.setup.busybox Install Busybox.
tools.setup.minimalsu Prepare 'minimal-su' binary installation on the device. dz>
- 获取所有安装包列表 run app.package.list
dz> run app.package.list
android (Android 绯荤粺)
com.adobe.flashplayer (Adobe Flash Player 11.1)
com.adups.fota (OTA鍗囩骇)
com.adups.fota.sysoper (FotaReboot)
com.android.backupconfirm (com.android.backupconfirm)
...
com.svox.pico (Pico TTS)
com.tencent.mm (寰俊)
com.wlan.wland (com.wlan.wland)
- 通过输入安装包的部分关键字查找包全称 run app.package.list -f 安装包部分关键字
dz> run app.package.list -f qihoo
com.qihoo.wifi (360WiFi) dz> run app.package.list -f yidian
com.hipu.yidian (一点资讯)
- 获取特定安装包信息 run app.package.info -a 安装包名称
dz> run app.package.info -a com.ips.wallet
Package: com.ips.wallet
Application Label: IPSWallet
Process Name: com.ips.wallet
Version: 1.0
Data Directory: /data/data/com.ips.wallet
APK Path: /data/app/com.ips.wallet-.apk
UID:
GID: [, , , ]
Shared Libraries: null
Shared User ID: null
Uses Permissions:
- android.permission.INTERNET
- android.permission.ACCESS_NETWORK_STATE
- android.permission.READ_PHONE_STATE
- android.permission.ACCESS_WIFI_STATE
- android.permission.MOUNT_UNMOUNT_FILESYSTEMS
- android.permission.WRITE_EXTERNAL_STORAGE
- android.permission.CAMERA
- android.permission.RECEIVE_USER_PRESENT
- android.permission.READ_EXTERNAL_STORAGE
Defines Permissions:
- None
- 查找APP是否存在漏洞 run app.package.attacksurface 安装包名称
dz> run app.package.attacksurface com.hipu.yidian
Attack Surface:
6 activities exported
8 broadcast receivers exported
1 content providers exported
4 services exported
- 获取activiity信息 run app.activity.info -a 安装包名称
dz> run app.activity.info -a com.hipu.yidian
Package: com.hipu.yidian
com.hipu.yidian.wxapi.WXEntryActivity
Permission: null
com.yidian.news.ui.guide.UserGuideActivity
Permission: null
com.yidian.news.ui.lists.ContentListActivity
Permission: null
com.yidian.news.ui.content.NewsActivity
Permission: null
com.xiaomi.account.openauth.AuthorizeActivity
Permission: null
com.tencent.tauth.AuthActivity
Permission: null dz>