Drozer: Automated Android app assessments tool

We all remember the time when we used to create a bunch of applications to check for vulnerabilities in Android applications. Then Drozer came into existence, an open-source all-in-one combination to check your application against known vulnerabilities.

Drozer is a tool used for automated Android app assessments.


Following are the requirements for setting up: 
  • A workstation (in my case Windows 8) with the following:
  • An Android device or emulator running Android 2.1 or later.

Follow my steps to get Drozer up and running. Before we proceed further, make sure you already have Java and ADB, up and running on your Windows workstation.

1. Visit the official GitHub page and click on release and download the appropriate version of Drozer, if you are working with a different setup, and also download the appropriate agent file.

2. Extract the downloaded zip file, and run the Drozer installer. The installation uses the usual Windows installation wizard.

 3. Click Next, and choose the destination location for Drozer installation.
As shown in the preceding, the default location is C:\drozer. It is recommended you use the default location if you would like to configure your system identical to ours.

4.  Follow the wizard's instructions to complete the installation. Click Finish to complete the process.

The preceding installation process automatically installs all the required Python dependencies and sets up a complete Python environment.

To check the validity of the installation, perform the following steps:
1. Go to the destination folder of Drozer and open the command prompt by pressing SHIFT and right-click on the mouse. 

2. Now run the drozer.bat file, 
C:\drozer> drozer.bat 

3. Install the agent.apk file using ADB, So copy the agent.apk file to the Drozer folder. Plugin Android device via USB and run the following command.

Don't know what ADB is then click here

C:\drozer> adb install agent.apk
4. To start working with Drozer for your assessments, we need to connect the Drozer console on the workstation to the agent on the device.

To do this, start the agent on your android device and run the following command to set the port forward. 
Make sure you are running the embedded server when launching the agent.
C:\drozer> adb forward tcp:31415 tcp:31415
5. Let me check the help commands.

6. Now, we can simply run the following command to connect to the agent from the workstation.

We should now be presented with the Drozer console, as shown on my window screen.

Post a Comment

If you have any doubts or any queries you can specify here.

Previous Post Next Post