Drozer (once in the past Mercury) is the main security testing framework for Android.

It enables you to scan for security vulnerabilities in applications and devices by expecting the part of an application and cooperating with the Dalvik VM, other applications’ IPC endpoints and the basic OS.

It gives apparatuses to enable you to utilize, share and comprehend open Android abuses. It causes you to send a Agent to a device through abuse or social engineering. Utilizing weasel (MWR’s propelled abuse payload) it can amplify the authorizations accessible to it by introducing a full operator, infusing a constrained specialist into a running procedure, or associating a turn around shell to go about as a Remote Access Tool (RAT).

Requirement For Drozer

Note: On Windows please ensure that the path to the Python installation and the Scripts folder under the Python installation are added to the PATH environment variable.

Note: On Windows please ensure that the path to javac.exe is added to the PATH environment variable.

Also Read AutoNSE – Massive NSE AutoSploit and AutoScanner

Command Reference



run Executes a drozer module
list Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run.
shell Start an interactive Linux shell on the device, in the context of the Agent process.
cd Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module.
clean Remove temporary files stored by drozer on the Android device.
contributors Displays a list of people who have contributed to the drozer framework and modules in use on your system.
echo Print text to the console.
exit Terminate the drozer session.
help Display help about a particular command or module.
load Load a file containing drozer commands, and execute them in sequence.
module Find and install additional drozer modules from the Internet.
permissions Display a list of the permissions granted to the drozer Agent.
set Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by it.
unset Remove a named variable that it passes to any Linux shells that it spawns.


Installing the Agent

It can be installed using Android Debug Bridge (adb).

Download the latest Drozer Agent by clicking here.

$ adb install drozer-agent-2.x.x.apk

Starting a Session

You should now have the Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.

We will use the server embedded in the drozer Agent to do this.

If using the Android emulator, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, it uses port 31415:

$ adb forward tcp:31415 tcp:31415

Now, launch the Agent, select the “Embedded Server” option and tap “Enable” to start the server. You should see a notification that the server has started.

Then, on your PC, connect using the drozer Console:

On Linux:

$ drozer console connect

On Windows:

> drozer.bat console connect

If using a real device, the IP address of the device on the network must be specified:

On Linux:

$ drozer console connect --server

On Windows:

> drozer.bat console connect --server

You should be presented with a drozer command prompt:

selecting f75640f67144d9a3 (unknown sdk 4.1.1)  

The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.

You are now ready to start exploring the device.