drozer is a security testing framework designed for Android platforms that enables security researchers and penetration testers to identify vulnerabilities in mobile applications and devices. The framework operates by interacting with the Android Runtime environment, allowing users to communicate with Inter-Process Communication (IPC) endpoints of other applications and the underlying operating system. This interaction capability enables comprehensive security assessments of Android environments. drozer provides access to public Android exploits and includes tools for understanding, utilizing, and sharing these exploits within the security community. The framework supports vulnerability discovery through systematic testing of Android applications and system components. The tool is maintained by WithSecure as open source software and has been updated to support Python3 in its beta release. The current version includes Docker container support and manual building instructions to ensure compatibility across different environments. Users should note that this beta release has known limitations, including potential client crashes when building custom agents, which are considered outside the scope of the current release.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A tool for extracting static and dynamic features from Android APKs.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
A command line steganography tool that uses LSB technique to hide files within images without visible alteration.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
Extract local data storage of an Android application in one click.
Python tool for monitoring user-select APIs in Android apps using Frida.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.