Created
August 27, 2020 15:33
-
-
Save cdwijayarathna/906068a9e225ee93904f32b12aa02306 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| F:\software\platform-tools_r29.0.5-windows\platform-tools>drozer console connect | |
| C:\Python27\lib\site-packages\OpenSSL\crypto.py:12: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release. | |
| from cryptography import x509 | |
| :0: UserWarning: You do not have a working installation of the service_identity module: 'No module named service_identity'. Please install it from <https://pypi.python.org/pypi/service_identity> and make sure all of its dependencies are satisfied. Without the service_identity module, Twisted can perform only rudimentary TLS client hostname verification. Many valid certificate/hostname mappings may be rejected. | |
| Selecting edd73bfb5af4bf14 (Genymotion Samsung A10 9) | |
| .. ..:. | |
| ..o.. .r.. | |
| ..a.. . ....... . ..nd | |
| ro..idsnemesisand..pr | |
| .otectorandroidsneme. | |
| .,sisandprotectorandroids+. | |
| ..nemesisandprotectorandroidsn:. | |
| .emesisandprotectorandroidsnemes.. | |
| ..isandp,..,rotectorandro,..,idsnem. | |
| .isisandp..rotectorandroid..snemisis. | |
| ,andprotectorandroidsnemisisandprotec. | |
| .torandroidsnemesisandprotectorandroid. | |
| .snemisisandprotectorandroidsnemesisan: | |
| .dprotectorandroidsnemesisandprotector. | |
| drozer Console (v2.4.4) | |
| dz> run app.package.list -f 7cup | |
| unknown module: 'app.package.list' | |
| dz> run app.package.list | |
| unknown module: 'app.package.list' | |
| dz> list | |
| dz> module app.package.list | |
| usage: module [COMMAND] | |
| Run the drozer Module and Repository Manager. | |
| The Repository Manager handles drozer Modules and Module Repositories. | |
| positional arguments: | |
| command the command to execute | |
| options | |
| optional arguments: | |
| -h, --help | |
| -d, --descriptions include descriptions when searching modules (search | |
| only) | |
| -f, --force force install modules from the repositories (install | |
| only) | |
| available commands: | |
| commands shows a list of all console commands | |
| install install a new module | |
| remote manage the source repositories, from which you install modules | |
| repository manage module repositories, on your local system | |
| search search for modules | |
| dz> module install app.package.list | |
| You do not have a drozer Module Repository. | |
| Would you like to create one? [yn] y | |
| Path to new repository: F:\j\A | |
| The target (F:\j\A) already exists. | |
| Path to new repository: F:\j\A\dro | |
| Initialised repository at F:\j\A\dro. | |
| Successfully installed 0 modules, 0 already installed. | |
| dz> module install app.package.list | |
| Successfully installed 0 modules, 0 already installed. | |
| dz> run app.package.list | |
| unknown module: 'app.package.list' | |
| dz> list | |
| dz> run app.package | |
| unknown module: 'app.package' | |
| dz> module install app.package | |
| Successfully installed 0 modules, 0 already installed. | |
| dz> contributors | |
| Core Contributors: | |
| MWR InfoSecurity (@mwrlabs) | |
| Luander (luander.r@samsung.com) | |
| Rodrigo Chiossi (r.chiossi@samsung.com) | |
| Module Contributors: | |
| dz> list | |
| app.activity.forintent Find activities that can handle the given intent | |
| app.activity.info Gets information about exported activities. | |
| app.activity.start Start an Activity | |
| app.broadcast.info Get information about broadcast receivers | |
| app.broadcast.send Send broadcast using an intent | |
| app.broadcast.sniff Register a broadcast receiver that can sniff particular intents | |
| app.package.attacksurface Get attack surface of package | |
| app.package.backup Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP) | |
| app.package.debuggable Find debuggable packages | |
| app.package.info Get information about installed packages | |
| app.package.launchintent Get launch intent of package | |
| app.package.list List Packages | |
| app.package.manifest Get AndroidManifest.xml of package | |
| app.package.native Find Native libraries embedded in the application. | |
| app.package.shareduid Look for packages with shared UIDs | |
| app.provider.columns List columns in content provider | |
| app.provider.delete Delete from a content provider | |
| app.provider.download Download a file from a content provider that supports files | |
| app.provider.finduri Find referenced content URIs in a package | |
| app.provider.info Get information about exported content providers | |
| app.provider.insert Insert into a Content Provider | |
| app.provider.query Query a content provider | |
| app.provider.read Read from a content provider that supports files | |
| app.provider.update Update a record in a content provider | |
| app.service.info Get information about exported services | |
| app.service.send Send a Message to a service, and display the reply | |
| app.service.start Start Service | |
| app.service.stop Stop Service | |
| auxiliary.webcontentresolver Start a web service interface to content providers. | |
| exploit.jdwp.check Open @jdwp-control and see which apps connect | |
| exploit.pilfer.general.apnprovider Reads APN content provider | |
| exploit.pilfer.general.settingsprovider Reads Settings content provider | |
| information.datetime Print Date/Time | |
| information.deviceinfo Get verbose device information | |
| information.permissions Get a list of all permissions used by packages on the device | |
| scanner.activity.browsable Get all BROWSABLE activities that can be invoked from the web browser | |
| scanner.misc.native Find native components included in packages | |
| scanner.misc.readablefiles Find world-readable files in the given folder | |
| scanner.misc.secretcodes Search for secret codes that can be used from the dialer | |
| scanner.misc.sflagbinaries Find suid/sgid binaries in the given folder (default is /system). | |
| scanner.misc.writablefiles Find world-writable files in the given folder | |
| scanner.provider.finduris Search for content providers that can be queried from our context. | |
| scanner.provider.injection Test content providers for SQL injection vulnerabilities. | |
| scanner.provider.sqltables Find tables accessible through SQL injection vulnerabilities. | |
| scanner.provider.traversal Test content providers for basic directory traversal vulnerabilities. | |
| shell.exec Execute a single Linux command. | |
| shell.send Send an ASH shell to a remote listener. | |
| shell.start Enter into an interactive Linux shell. | |
| tools.file.download Download a File | |
| tools.file.md5sum Get md5 Checksum of file | |
| tools.file.size Get size of file | |
| tools.file.upload Upload a File | |
| tools.setup.busybox Install Busybox. | |
| tools.setup.minimalsu Prepare 'minimal-su' binary installation on the device. | |
| dz> run app.package.list | |
| com.android.cts.priv.ctsshim (com.android.cts.priv.ctsshim) | |
| com.android.internal.display.cutout.emulation.corner (Corner display cutout) | |
| com.example.android.livecubes (Example Wallpapers) | |
| com.android.internal.display.cutout.emulation.double (Double display cutout) | |
| com.android.providers.telephony (Phone and Messaging Storage) | |
| com.android.providers.calendar (Calendar Storage) | |
| com.android.providers.media (Media Storage) | |
| com.android.wallpapercropper (com.android.wallpapercropper) | |
| com.android.documentsui (Files) | |
| com.android.externalstorage (External Storage) | |
| com.android.htmlviewer (HTML Viewer) | |
| com.sevencupsoftea.app (7 Cups) | |
| com.android.companiondevicemanager (Companion Device Manager) | |
| com.android.quicksearchbox (Search) | |
| com.android.mms.service (MmsService) | |
| com.android.providers.downloads (Download Manager) | |
| com.android.messaging (Messaging) | |
| com.android.defcontainer (Package Access Helper) | |
| com.android.providers.downloads.ui (Downloads) | |
| com.android.pacprocessor (PacProcessor) | |
| com.android.simappdialog (Sim App Dialog) | |
| opensecurity.clipdump (ClipDump) | |
| com.android.internal.display.cutout.emulation.tall (Tall display cutout) | |
| uk.org.stem4.calmharm (Calm Harm) | |
| com.android.certinstaller (Certificate Installer) | |
| com.android.carrierconfig (com.android.carrierconfig) | |
| com.google.android.launcher.layouts.genymotion (Genymotion Home Screen) | |
| com.genymotion.systempatcher (com.genymotion.systempatcher.SystemPatcherApp) | |
| android (Android System) | |
| com.android.contacts (Contacts) | |
| com.android.camera2 (Camera) | |
| com.shinetext.shine (Shine) | |
| com.android.egg (Android Easter Egg) | |
| com.android.nfc (Nfc Service) | |
| com.android.launcher3 (Quickstep) | |
| com.android.backupconfirm (com.android.backupconfirm) | |
| com.android.provision (com.android.provision) | |
| com.android.statementservice (Intent Filter Verification Service) | |
| com.android.settings.intelligence (Settings Suggestions) | |
| com.android.calendar (Calendar) | |
| com.android.systemui.theme.dark (Dark) | |
| com.android.providers.settings (Settings Storage) | |
| com.android.sharedstoragebackup (com.android.sharedstoragebackup) | |
| com.android.printspooler (Print Spooler) | |
| com.android.dreams.basic (Basic Daydreams) | |
| com.android.webview (Android System WebView) | |
| com.android.se (SecureElementApplication) | |
| com.android.inputdevices (Input Devices) | |
| com.android.bips (Default Print Service) | |
| com.android.musicfx (MusicFX) | |
| com.android.development_settings (Development Settings) | |
| com.android.cellbroadcastreceiver (Cell Broadcasts) | |
| android.ext.shared (Android Shared Library) | |
| com.android.onetimeinitializer (One Time Init) | |
| com.android.server.telecom (Call Management) | |
| com.android.keychain (Key Chain) | |
| com.android.printservice.recommendation (Print Service Recommendation Service) | |
| com.android.dialer (Phone) | |
| com.android.gallery3d (Gallery) | |
| android.ext.services (Android Services Library) | |
| com.android.calllogbackup (Call Log Backup/Restore) | |
| com.android.packageinstaller (Package installer) | |
| com.android.carrierdefaultapp (CarrierDefaultApp) | |
| com.android.proxyhandler (ProxyHandler) | |
| com.android.inputmethod.latin (Android Keyboard (AOSP)) | |
| org.chromium.webview_shell (WebView Shell) | |
| com.android.managedprovisioning (Work profile setup) | |
| com.android.dreams.phototable (Photo Screensavers) | |
| com.android.smspush (com.android.smspush) | |
| com.android.wallpaper.livepicker (Live Wallpaper Picker) | |
| com.amaze.filemanager (Amaze) | |
| com.mwr.dz (drozer Agent) | |
| com.android.storagemanager (Storage Manager) | |
| com.genymotion.tasklocker (com.genymotion.tasklocker) | |
| com.calm.android (Calm) | |
| com.android.bookmarkprovider (Bookmark Provider) | |
| com.android.settings (Settings) | |
| com.android.calculator2 (Calculator) | |
| com.android.cts.ctsshim (com.android.cts.ctsshim) | |
| com.android.vpndialogs (VpnDialogs) | |
| com.android.email (Email) | |
| com.android.music (Music) | |
| com.android.phone (Phone Services) | |
| com.android.shell (Shell) | |
| com.android.wallpaperbackup (com.android.wallpaperbackup) | |
| com.android.providers.blockednumber (Blocked Numbers Storage) | |
| com.android.providers.userdictionary (User Dictionary) | |
| com.android.emergency (Emergency information) | |
| com.genymotion.genyd (com.genymotion.genyd.GenydServiceApp) | |
| com.android.location.fused (Fused Location) | |
| com.android.deskclock (Clock) | |
| com.android.systemui (System UI) | |
| com.android.bluetoothmidiservice (Bluetooth MIDI Service) | |
| com.genymotion.superuser (Superuser) | |
| com.android.traceur (System Tracing) | |
| com.android.customlocale2 (Custom Locale) | |
| com.android.bluetooth (Bluetooth) | |
| com.android.development (Dev Tools) | |
| com.android.wallpaperpicker (com.android.wallpaperpicker) | |
| com.android.providers.contacts (Contacts Storage) | |
| com.doctorondemand.android.patient (Doctor On Demand) | |
| com.android.captiveportallogin (CaptivePortalLogin) | |
| dz> run app.package.list -f 7cup | |
| dz> run app.package.list -f cup | |
| com.sevencupsoftea.app (7 Cups) | |
| dz> run app.package.info -a com.sevencupsoftea.app | |
| Package: com.sevencupsoftea.app | |
| Application Label: 7 Cups | |
| Process Name: com.sevencupsoftea.app | |
| Version: 4.6.9 | |
| Data Directory: /data/user/0/com.sevencupsoftea.app | |
| APK Path: /data/app/com.sevencupsoftea.app-sPNOLK3dam2Lx8weWjvSnA==/base.apk | |
| UID: 10073 | |
| GID: [3003] | |
| Shared Libraries: [/system/framework/org.apache.http.legacy.boot.jar] | |
| Shared User ID: null | |
| Uses Permissions: | |
| - android.permission.INTERNET | |
| - android.permission.ACCESS_NETWORK_STATE | |
| - android.permission.READ_EXTERNAL_STORAGE | |
| - android.permission.WRITE_EXTERNAL_STORAGE | |
| - android.permission.ACCESS_GPS | |
| - android.permission.ACCESS_ASSISTED_GPS | |
| - android.permission.ACCESS_LOCATION | |
| - android.permission.ACCESS_FINE_LOCATION | |
| - android.permission.ACCESS_COARSE_LOCATION | |
| - android.permission.VIBRATE | |
| - android.permission.RECEIVE_BOOT_COMPLETED | |
| - com.google.android.c2dm.permission.RECEIVE | |
| - com.android.vending.BILLING | |
| - android.permission.WAKE_LOCK | |
| Defines Permissions: | |
| - None | |
| dz> run app.package.info -a com.doctorondemand.android.patient | |
| Package: com.doctorondemand.android.patient | |
| Application Label: Doctor On Demand | |
| Process Name: com.doctorondemand.android.patient | |
| Version: 3.47.3 | |
| Data Directory: /data/user/0/com.doctorondemand.android.patient | |
| APK Path: /data/app/com.doctorondemand.android.patient-523qvP-m_sWlrbVpfjLcbw==/base.apk | |
| UID: 10076 | |
| GID: [3002, 3003] | |
| Shared Libraries: [/system/framework/org.apache.http.legacy.boot.jar] | |
| Shared User ID: null | |
| Uses Permissions: | |
| - android.permission.INTERNET | |
| - android.permission.READ_PROFILE | |
| - android.permission.ACCESS_NETWORK_STATE | |
| - android.permission.ACCESS_WIFI_STATE | |
| - android.permission.ACCESS_FINE_LOCATION | |
| - android.permission.RECORD_AUDIO | |
| - android.permission.MODIFY_AUDIO_SETTINGS | |
| - android.permission.CAMERA | |
| - android.permission.WAKE_LOCK | |
| - android.permission.USE_BIOMETRIC | |
| - com.google.android.c2dm.permission.RECEIVE | |
| - android.permission.RECEIVE_BOOT_COMPLETED | |
| - android.permission.BLUETOOTH | |
| - android.permission.VIBRATE | |
| - android.permission.REORDER_TASKS | |
| - android.permission.USE_FINGERPRINT | |
| - android.permission.FOREGROUND_SERVICE | |
| - com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE | |
| Defines Permissions: | |
| - com.doctorondemand.android.patient.permission.C2D_MESSAGE | |
| dz> run app.package.attacksurface com.doctorondemand.android.patient | |
| Attack Surface: | |
| 9 activities exported | |
| 4 broadcast receivers exported | |
| 0 content providers exported | |
| 5 services exported | |
| dz> run app.package.attacksurface com.sevencupsoftea.app | |
| Attack Surface: | |
| 1 activities exported | |
| 1 broadcast receivers exported | |
| 1 content providers exported | |
| 3 services exported | |
| dz> run app.activity.info -a com.doctorondemand.android.patient | |
| Package: com.doctorondemand.android.patient | |
| com.doctorondemand.android.patient.base.BlankActivity | |
| Permission: null | |
| com.doctorondemand.android.patient.base.DeeplinkActivity | |
| Permission: null | |
| com.braintreepayments.api.BraintreeBrowserSwitchActivity | |
| Permission: null | |
| androidx.fragment.app.testing.FragmentScenario$EmptyFragmentActivity | |
| Permission: null | |
| androidx.biometric.DeviceCredentialHandlerActivity | |
| Permission: null | |
| com.auth0.android.provider.RedirectActivity | |
| Permission: null | |
| androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity | |
| Permission: null | |
| androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity | |
| Permission: null | |
| androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity | |
| Permission: null | |
| dz> run app.activity.start --component | |
| argument --component: expected 2 argument(s) | |
| dz> run app.activity.start --component androidx.biometric.DeviceCredentialHandlerActivity | |
| argument --component: expected 2 argument(s) | |
| dz> run app.activity.start androidx.biometric.DeviceCredentialHandlerActivity | |
| unrecognized arguments: androidx.biometric.DeviceCredentialHandlerActivity | |
| dz> run app.activity.start --component com.doctorondemand.android.patient androidx.biometric.DeviceCredentialHandlerActivity | |
| dz> run app.activity.start --component com.doctorondemand.android.patient com.auth0.android.provider.RedirectActivity | |
| dz> run app.provider.info -a com.doctorondemand.android.patient | |
| Package: com.doctorondemand.android.patient | |
| No matching providers. | |
| dz> run scanner.provider.finduris -a com.sevencupsoftea.app | |
| Scanning com.sevencupsoftea.app... | |
| Unable to Query content://com.sevencupsoftea.app/ | |
| Unable to Query content://media.*\d)(.*)(?=/ACTUAL/.*\d) | |
| Unable to Query content://com.sevencupsoftea.app.ForgeFileProvider | |
| Unable to Query content://com.sevencupsoftea.app.firebaseinitprovider/ | |
| Unable to Query content://com.sevencupsoftea.app.ForgeFileProvider/ | |
| Unable to Query content://com.sevencupsoftea.app | |
| Unable to Query content://media.*\d)(.*)(?=/ACTUAL/.*\d)/ | |
| Unable to Query content://com.sevencupsoftea.app.firebaseinitprovider | |
| No accessible content URIs found. | |
| dz> run app.provider.info -a com.sevencupsoftea.app | |
| Package: com.sevencupsoftea.app | |
| Authority: com.sevencupsoftea.app | |
| Read Permission: null | |
| Write Permission: null | |
| Content Provider: io.trigger.forge.android.core.ForgeContentProvider | |
| Multiprocess Allowed: False | |
| Grant Uri Permissions: False | |
| dz> run app.activity.start --component com.doctorondemand.android.patient com.doctorondemand.android.patient.base.BlankActivity | |
| dz> run app.provider.query content://com.sevencupsoftea.app.firebaseinitprovider --vertical | |
| Permission Denial: opening provider com.google.firebase.provider.FirebaseInitProvider from ProcessRecord{42ef8b 3341:com.mwr.dz:remote/u0a71} (pid=3341, uid=10071) that is not exported from UID 10073 | |
| dz> run app.provider.query content://com.sevencupsoftea.app.ForgeFileProvider/ --projection "* FROM SQLITE_MASTER WHERE type='table';--" | |
| Permission Denial: opening provider io.trigger.forge.android.core.ForgeFileProvider from ProcessRecord{42ef8b 3341:com.mwr.dz:remote/u0a71} (pid=3341, uid=10071) that is not exported from UID 10073 | |
| dz> cls | |
| *** Unknown syntax: cls | |
| dz> clear | |
| *** Unknown syntax: clear | |
| dz> run scanner.provider.injection -a com.sevencupsoftea.app | |
| Scanning com.sevencupsoftea.app... | |
| Not Vulnerable: | |
| content://com.sevencupsoftea.app/ | |
| content://media.*\d)(.*)(?=/ACTUAL/.*\d) | |
| content://com.sevencupsoftea.app.ForgeFileProvider | |
| content://com.sevencupsoftea.app.firebaseinitprovider/ | |
| content://com.sevencupsoftea.app.ForgeFileProvider/ | |
| content://com.sevencupsoftea.app | |
| content://media.*\d)(.*)(?=/ACTUAL/.*\d)/ | |
| content://com.sevencupsoftea.app.firebaseinitprovider | |
| Injection in Projection: | |
| No vulnerabilities found. | |
| Injection in Selection: | |
| No vulnerabilities found. | |
| dz> run scanner.provider.injection -a com.doctorondemand.android.patient | |
| Scanning com.doctorondemand.android.patient... | |
| Not Vulnerable: | |
| content://com.facebook.orca.provider.MessengerPlatformProvider/versions | |
| content://com.doctorondemand.android.patient.FileProvider | |
| content:// Uri/ | |
| content:// Uri | |
| content:// or file:// uri | |
| content://com.doctorondemand.android.patient.firebaseinitprovider | |
| content://com.facebook.app.FacebookContentProvider/ | |
| content://com.doctorondemand.android.patient.crashlyticsinitprovider/ | |
| content://com.doctorondemand.android.patient.FacebookInitProvider | |
| content://com.doctorondemand.android.patient.firebaseinitprovider/ | |
| content:// or file:// uri/ | |
| content://com.doctorondemand.android.patient.FileProvider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content://com.doctorondemand.android.patient.com.squareup.picasso/ | |
| content://com.facebook.app.FacebookContentProvider | |
| content://com.doctorondemand.android.patient.FacebookInitProvider/ | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://com.doctorondemand.android.patient.lifecycle-process | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider | |
| content://com.facebook.orca.provider.MessengerPlatformProvider/versions/ | |
| content://com.doctorondemand.android.patient.lifecycle-process/ | |
| content://com.doctorondemand.android.patient.com.squareup.picasso | |
| content://com.doctorondemand.android.patient.crashlyticsinitprovider | |
| Injection in Projection: | |
| No vulnerabilities found. | |
| Injection in Selection: | |
| No vulnerabilities found. | |
| dz> run app.service.info -a com.doctorondemand.android.patient | |
| Package: com.doctorondemand.android.patient | |
| com.doctorondemand.android.patient.smartScheduler.SmartSchedulerPeriodicTaskService | |
| Permission: null | |
| com.doctorondemand.android.patient.notification.FCMMessagingService | |
| Permission: null | |
| com.doctorondemand.android.patient.notification.FCMInstanceIDService | |
| Permission: null | |
| com.google.android.gms.auth.api.signin.RevocationBoundService | |
| Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION | |
| com.firebase.jobdispatcher.GooglePlayReceiver | |
| Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE | |
| dz> list | |
| app.activity.forintent Find activities that can handle the given intent | |
| app.activity.info Gets information about exported activities. | |
| app.activity.start Start an Activity | |
| app.broadcast.info Get information about broadcast receivers | |
| app.broadcast.send Send broadcast using an intent | |
| app.broadcast.sniff Register a broadcast receiver that can sniff particular intents | |
| app.package.attacksurface Get attack surface of package | |
| app.package.backup Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP) | |
| app.package.debuggable Find debuggable packages | |
| app.package.info Get information about installed packages | |
| app.package.launchintent Get launch intent of package | |
| app.package.list List Packages | |
| app.package.manifest Get AndroidManifest.xml of package | |
| app.package.native Find Native libraries embedded in the application. | |
| app.package.shareduid Look for packages with shared UIDs | |
| app.provider.columns List columns in content provider | |
| app.provider.delete Delete from a content provider | |
| app.provider.download Download a file from a content provider that supports files | |
| app.provider.finduri Find referenced content URIs in a package | |
| app.provider.info Get information about exported content providers | |
| app.provider.insert Insert into a Content Provider | |
| app.provider.query Query a content provider | |
| app.provider.read Read from a content provider that supports files | |
| app.provider.update Update a record in a content provider | |
| app.service.info Get information about exported services | |
| app.service.send Send a Message to a service, and display the reply | |
| app.service.start Start Service | |
| app.service.stop Stop Service | |
| auxiliary.webcontentresolver Start a web service interface to content providers. | |
| exploit.jdwp.check Open @jdwp-control and see which apps connect | |
| exploit.pilfer.general.apnprovider Reads APN content provider | |
| exploit.pilfer.general.settingsprovider Reads Settings content provider | |
| information.datetime Print Date/Time | |
| information.deviceinfo Get verbose device information | |
| information.permissions Get a list of all permissions used by packages on the device | |
| scanner.activity.browsable Get all BROWSABLE activities that can be invoked from the web browser | |
| scanner.misc.native Find native components included in packages | |
| scanner.misc.readablefiles Find world-readable files in the given folder | |
| scanner.misc.secretcodes Search for secret codes that can be used from the dialer | |
| scanner.misc.sflagbinaries Find suid/sgid binaries in the given folder (default is /system). | |
| scanner.misc.writablefiles Find world-writable files in the given folder | |
| scanner.provider.finduris Search for content providers that can be queried from our context. | |
| scanner.provider.injection Test content providers for SQL injection vulnerabilities. | |
| scanner.provider.sqltables Find tables accessible through SQL injection vulnerabilities. | |
| scanner.provider.traversal Test content providers for basic directory traversal vulnerabilities. | |
| shell.exec Execute a single Linux command. | |
| shell.send Send an ASH shell to a remote listener. | |
| shell.start Enter into an interactive Linux shell. | |
| tools.file.download Download a File | |
| tools.file.md5sum Get md5 Checksum of file | |
| tools.file.size Get size of file | |
| tools.file.upload Upload a File | |
| tools.setup.busybox Install Busybox. | |
| tools.setup.minimalsu Prepare 'minimal-su' binary installation on the device. | |
| dz> run scanner.provider.traversal -a com.doctorondemand.android.patient | |
| Scanning com.doctorondemand.android.patient... | |
| Not Vulnerable: | |
| content://com.facebook.orca.provider.MessengerPlatformProvider/versions | |
| content://com.doctorondemand.android.patient.FileProvider | |
| content:// Uri/ | |
| content:// Uri | |
| content:// or file:// uri | |
| content://com.doctorondemand.android.patient.firebaseinitprovider | |
| content://com.facebook.app.FacebookContentProvider/ | |
| content://com.doctorondemand.android.patient.crashlyticsinitprovider/ | |
| content://com.doctorondemand.android.patient.FacebookInitProvider | |
| content://com.doctorondemand.android.patient.firebaseinitprovider/ | |
| content:// or file:// uri/ | |
| content://com.doctorondemand.android.patient.FileProvider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content://com.doctorondemand.android.patient.com.squareup.picasso/ | |
| content://com.facebook.app.FacebookContentProvider | |
| content://com.doctorondemand.android.patient.FacebookInitProvider/ | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://com.doctorondemand.android.patient.lifecycle-process | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider | |
| content://com.facebook.orca.provider.MessengerPlatformProvider/versions/ | |
| content://com.doctorondemand.android.patient.lifecycle-process/ | |
| content://com.doctorondemand.android.patient.com.squareup.picasso | |
| content://com.doctorondemand.android.patient.crashlyticsinitprovider | |
| Vulnerable Providers: | |
| No vulnerable providers found. | |
| dz> run app.package.list -f shine | |
| com.shinetext.shine (Shine) | |
| dz> run scanner.provider.traversal -a com.shinetext.shine | |
| Scanning com.shinetext.shine... | |
| Not Vulnerable: | |
| content://com.shinetext.shine.firebaseinitprovider/ | |
| content://com.facebook.app.FacebookContentProvider/ | |
| content:// or file:// uri | |
| content://com.shinetext.shine.fileprovider | |
| content:// Uri | |
| content://com.shinetext.shine.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content:// Uri/ | |
| content://com.shinetext.shine.provider/ | |
| content://com.shinetext.shine.provider | |
| content://com.shinetext.shine.rnshare.fileprovider | |
| content://com.facebook.app.FacebookContentProvider | |
| content:// or file:// uri/ | |
| content://downloads/public_downloads | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider/ | |
| content://com.shinetext.shine.SentryInitProvider | |
| content://downloads/public_downloads/ | |
| content://com.shinetext.shine.rnshare.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://com.shinetext.shine.FacebookInitProvider | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider | |
| content://com.shinetext.shine.FacebookInitProvider/ | |
| content:// | |
| content://com.shinetext.shine.firebaseinitprovider | |
| content:/ | |
| content://com.shinetext.shine.SentryInitProvider/ | |
| Vulnerable Providers: | |
| No vulnerable providers found. | |
| dz> run scanner.provider.injection -a com.shinetext.shine | |
| Scanning com.shinetext.shine... | |
| Not Vulnerable: | |
| content://com.shinetext.shine.firebaseinitprovider/ | |
| content:// Uri | |
| content:// or file:// uri | |
| content://com.shinetext.shine.fileprovider | |
| content://com.facebook.app.FacebookContentProvider/ | |
| content:// or file:// uri/ | |
| content://com.shinetext.shine.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content:// Uri/ | |
| content://com.shinetext.shine.provider/ | |
| content://com.shinetext.shine.provider | |
| content://com.shinetext.shine.rnshare.fileprovider | |
| content://com.facebook.app.FacebookContentProvider | |
| content://com.shinetext.shine.FacebookInitProvider | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider/ | |
| content://com.shinetext.shine.SentryInitProvider | |
| content://downloads/public_downloads/ | |
| content://com.shinetext.shine.rnshare.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://downloads/public_downloads | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider | |
| content://com.shinetext.shine.FacebookInitProvider/ | |
| content:// | |
| content://com.shinetext.shine.firebaseinitprovider | |
| content:/ | |
| content://com.shinetext.shine.SentryInitProvider/ | |
| Injection in Projection: | |
| No vulnerabilities found. | |
| Injection in Selection: | |
| No vulnerabilities found. | |
| dz> run app.package.list -f calm | |
| uk.org.stem4.calmharm (Calm Harm) | |
| com.calm.android (Calm) | |
| dz> run scanner.provider.injection -a com.shinetext.shine | |
| Scanning com.shinetext.shine... | |
| Not Vulnerable: | |
| content://com.shinetext.shine.firebaseinitprovider/ | |
| content:// Uri | |
| content:// or file:// uri | |
| content://com.shinetext.shine.fileprovider | |
| content://com.facebook.app.FacebookContentProvider/ | |
| content:// or file:// uri/ | |
| content://com.shinetext.shine.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content:// Uri/ | |
| content://com.shinetext.shine.provider/ | |
| content://com.shinetext.shine.provider | |
| content://com.shinetext.shine.rnshare.fileprovider | |
| content://com.facebook.app.FacebookContentProvider | |
| content://com.shinetext.shine.FacebookInitProvider | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider/ | |
| content://com.shinetext.shine.SentryInitProvider | |
| content://downloads/public_downloads/ | |
| content://com.shinetext.shine.rnshare.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://downloads/public_downloads | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider | |
| content://com.shinetext.shine.FacebookInitProvider/ | |
| content:// | |
| content://com.shinetext.shine.firebaseinitprovider | |
| content:/ | |
| content://com.shinetext.shine.SentryInitProvider/ | |
| Injection in Projection: | |
| No vulnerabilities found. | |
| Injection in Selection: | |
| No vulnerabilities found. | |
| dz> run scanner.provider.injection -a com.calm.android | |
| Scanning com.calm.android... | |
| Not Vulnerable: | |
| content://com.calm.android.FacebookInitProvider | |
| content://com.calm.android.lifecycle-process | |
| content://com.calm.android.crashlyticsinitprovider/ | |
| content://com.calm.android.firebaseinitprovider | |
| content://com.google.android.wearable.provider.calendar | |
| content://com.google.android.wearable.provider.calendar/ | |
| content://com.calm.android.FacebookInitProvider/ | |
| content://com.calm.android.lifecycle-process/ | |
| content://com.calm.android.provider | |
| content://com.calm.android.MarketingInitProvider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content://com.calm.android.firebaseinitprovider/ | |
| content://com.calm.android.provider/ | |
| content://com.calm.android.crashlyticsinitprovider | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://com.calm.android.MarketingInitProvider | |
| Injection in Projection: | |
| No vulnerabilities found. | |
| Injection in Selection: | |
| No vulnerabilities found. | |
| dz> run scanner.provider.traversal -a com.shinetext.shine | |
| Scanning com.shinetext.shine... | |
| Not Vulnerable: | |
| content://com.shinetext.shine.firebaseinitprovider/ | |
| content://com.facebook.app.FacebookContentProvider/ | |
| content:// or file:// uri | |
| content://com.shinetext.shine.fileprovider | |
| content:// Uri | |
| content://com.shinetext.shine.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider/ | |
| content:// Uri/ | |
| content://com.shinetext.shine.provider/ | |
| content://com.shinetext.shine.provider | |
| content://com.shinetext.shine.rnshare.fileprovider | |
| content://com.facebook.app.FacebookContentProvider | |
| content:// or file:// uri/ | |
| content://downloads/public_downloads | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider/ | |
| content://com.shinetext.shine.SentryInitProvider | |
| content://downloads/public_downloads/ | |
| content://com.shinetext.shine.rnshare.fileprovider/ | |
| content://com.facebook.katana.provider.AttributionIdProvider | |
| content://com.shinetext.shine.FacebookInitProvider | |
| content://com.facebook.wakizashi.provider.AttributionIdProvider | |
| content://com.shinetext.shine.FacebookInitProvider/ | |
| content:// | |
| content://com.shinetext.shine.firebaseinitprovider | |
| content:/ | |
| content://com.shinetext.shine.SentryInitProvider/ | |
| Vulnerable Providers: | |
| No vulnerable providers found. | |
| dz> run scanner.provider.injection -a uk.org.stem4.calmharm | |
| Scanning uk.org.stem4.calmharm... | |
| Not Vulnerable: | |
| content://com.google.android.gsf.gservices/prefix/ | |
| content://com.google.android.gms.phenotype/ | |
| content://com.google.android.gms.phenotype | |
| content://com.google.android.gms.chimera/ | |
| content://com.google.android.gms.chimera | |
| content://com.google.android.gsf.gservices | |
| content://com.google.android.gsf.gservices/ | |
| content://uk.org.stem4.calmharm.firebaseinitprovider/ | |
| content://com.google.android.gsf.gservices/prefix | |
| content://uk.org.stem4.calmharm.firebaseinitprovider | |
| Injection in Projection: | |
| No vulnerabilities found. | |
| Injection in Selection: | |
| No vulnerabilities found. | |
| dz> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment