Android Pentest with Drozer

3 min readJul 23, 2023

What is Drozer?

Drozer is a free and powerful android pentest tool that can be used for dynamic analysis for android application security assessment.

I perform my android pentest on my windows 10 host machine, the following are my setups:

pip install protobuf
pip install PyOpenssl
pip install twisted
pip install service_identity

4. Drozer agent v2.3.4 apk

5. Nox player (android emulator)

6. Sieve apk (vulnerable application)

2. open CMD inside windows host machine, type the following to establish communication between drozer and drozer-agent.

adb forward tcp:31415 tcp:31415

3. open CMD inside windows host machine, type the following to start drozer.

drozer console connect

run app.package.list -f <string>

run app.package.info -a <package_name>

run app.package.attacksurface <package_name>

run app.activity.info -a <package_name>

run app.activity.start -a <package_name> <exported_activity_name>

run scanner.provider.finduris -a <package_name>

List accessible SQLi injection points and accessible content URIs.

run scanner.provider.injection -a <package_name>

Display SQL tables for the package name if it is vulnerable to SQLi.

run scanner.provider.sqltables -a <package_name>

[CRUD] query the content.

[CRUD] insert the content.

[CRUD] update the content.

[CRUD] delete the content.

List accessible content URIs that is vulnerable to directory traversal.

run scanner.provider.traversal -a <package_name>

Exploit directory traversal vulnerability.

run app.provider.read <content_uri>../../etc/hosts
run app.provider.read <content_uri>../../proc/cpuinfo