Open andreysanyuk opened 3 months ago
Very interesting, thank you @andreysanyuk!
Hello from the drozer team!
Worth noting that drozer is still included in MASTG as MASTG-TOOL-0015
(those numberic references are not so great for quick checks) - as far as I know it was never removed.
The current writeup only needs modest adjustments - mostly to remove old articles on installation and the 2015 user manual PDF, and perhaps to provide some practical advice on actually using the tool.
I was planning to propose my own adjustments in a few weeks, once we've ironed out some final kinks. Happy to work on this if you'd like.
@cyberMilosz I think it just started https://github.com/OWASP/owasp-mastg/pull/1904/files
@cyberMilosz I think it just started https://github.com/OWASP/owasp-mastg/pull/1904/files
Ah, I've missed that! Yeah, it would be a shame to lose useful content - even the old version of drozer was perfectly usable with a docker container.
@cyberMilosz would you like to update the current page? That'd be very helpful. I can assign the issue to you.
@cpholguera Happy to!
Thanks @cyberMilosz, it's yours!
Hey @cpholguera - we've completed the first part of this: adjusting the MASTG-TOOL page. #2614
If you're happy for us to continue, we'd like to go over the changes highlighted by @andreysanyuk and @anantshri and see if we can restore some of the old instructions where they make sense (i.e., where the current recommendations are heavy on adb
/aapt
or significantly less convenient than the drozer approach).
Recently a new version of Drozer has been released Drozer 3.0.0. It supports Python 3 and modern Java per their release notes:
Compatibility with Python 3 and modern Java.
So it makes sense to bring it back to the guide since it is more convenient for the security testing than ADB.