Skip to content
Daniel Bradberry edited this page Jul 29, 2013 · 34 revisions

drozer (formerly Mercury) is the leading security testing framework for Android.

drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

drozer is open source software, maintained by MWR InfoSecurity, and can be downloaded from:

mwr.to/drozer

This wiki site is home to the Developers’ Documentation, for those who wish to write drozer modules or extend the drozer core. User documentation for drozer is available at on the MWR Labs website.

This wiki also includes the Compatibility Matrix that shows which versions of drozer are compatible with the various versions of the drozer Agent.

drozer Developers

drozer is designed to allow new functionality to be added through stand-alone modules. If you want to build new checks, exploits or tools you should start with a module. If what you want to do is simply not possible through the module interface, you may need to extend the core.

The source code for drozer is distributed in a number of Github projects:

  • drozer: contains the Console and Server;
  • drozer-agent: contains the Android Agent; and
  • mercury-common: contains components that are shared between the Agent and Console.

The mercury-common module is included in the other repositories as a Git Submodule. After cloning for the first time, you will need to run the following command to fetch the additional source:

git submodule init && git submodule update

You’ll probably want to read:

We also suggest getting a better understanding of how drozer works. These guides explain how the Mercury system is architected, and how it works together:

Before you contribute, please read:

If you have any questions, you can:

Clone this wiki locally