security assessment framework for
android
-
allows search for security vulnerabilities in apps and device; interacting with Dalvik VM, IPC endpoints and underlying OS
-
arch-users,
yaourt -S drozer -
helps deploy a drozer agent to device through exploitation or social engineering
-
for remote exploits, can generate shellcode and deploy drozer agent as RAT with maximum leverage
-
execute dynamic java-code on a device, avoid need to compile and install small test scripts
-
runs on both emulators and real devices in factory state, doesn't require USB debugging
-
easily extensible, point-and-go implementation for many public exploits