Closed javixeneize closed 5 months ago
HenryHoggard
commented
7 years ago Needle is doing this using Jenkins shell script execution, you should be able to do this in Drozer using the -c argument.
eg
drozer console connect -c "run app.package.list"
javixeneize
commented
7 years ago Ok i see. Its only done via command line or is there any plugin that contains those commands?
Thanks
El El lun, 3 jul 2017 a las 17:00, Henry notifications@github.com escribió:
Needle is doing this using Jenkins shell script execution, you should be able to do this in Drozer using the -c argument.
eg
drozer console connect -c "run app.package.list"
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/drozer/issues/272#issuecomment-312682926, or mute the thread https://github.com/notifications/unsubscribe-auth/AMK55nmILwl1fy4q6ISVdYXlg38N9eSKks5sKRAYgaJpZM4OMbHY .
amarekano
commented
7 years ago Hi @javixeneize, this is done via the command line and you don't require any additional plugins.
To answer your earlier question about Jenkins integration, we do have plans to provide an interface that lets you integrate drozer into an android application's development cycle. The idea of drozer's integration into SDLC is currently being evaluated at MWR and we are keen to get inputs from the android development community. If you have a particular use case in mind we would love to hear about it.
javixeneize
commented
7 years ago Glad to hear that Amar. I suggested that improvement some months ago ;)
My case of use is very easy... run a full automated scan. It is, send as parameter the app you want to scan and depending on the outcome, do the relevant analysis.
For example if you have 2 content providers, list those, and for each of them run all the scans related to content providers
I am happy to help with anything i can. This tool is great and should be improved by everybody
Thanks
El El lun, 3 jul 2017 a las 21:07, Amar Menezes notifications@github.com escribió:
Hi @javixeneize https://github.com/javixeneize, this is done via the command line and you don't require any additional plugins.
To answer your earlier question about Jenkins integration, we do have plans to provide an interface that lets you integrate drozer into an android application's development cycle. The idea of drozer's integration into SDLC is currently being evaluated at MWR and we are keen to get inputs from the android development community. If you have a particular use case in mind we would love to hear about it.
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/mwrlabs/drozer/issues/272#issuecomment-312724895, or mute the thread https://github.com/notifications/unsubscribe-auth/AMK55qa0jL0jMAWRY9LfR2VevUs3IB6rks5sKUn7gaJpZM4OMbHY .
amarekano
commented
7 years ago Hey @javixeneize, have you had a chance to explore this further? It would be awesome if you could put together a drozer module that strings together some of the checks you've suggested.
javixeneize
commented
7 years ago Hi
I suggested to help but i havent understood i was going to do anything. Im happy to go through this anyway, but i will need a bit of help on understanding drozer
Is there any way i can contact you? Email or slack would be fine
Thanks
El El sáb, 9 sept 2017 a las 11:17, Amar Menezes notifications@github.com escribió:
Hey @javixeneize https://github.com/javixeneize, have you had a chance to explore this further? It would be awesome if you could put together a drozer module that strings together some of the checks you've suggested.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/drozer/issues/272#issuecomment-328268201, or mute the thread https://github.com/notifications/unsubscribe-auth/AMK55n6Y_fqYyYvuG64cPiO65jMkVCIsks5sgmXEgaJpZM4OMbHY .
amarekano
commented
7 years ago So we have a wiki that describes drozer's design and architecture. Have a look at this https://github.com/mwrlabs/drozer/wiki
There's also a section on writing drozer modules https://github.com/mwrlabs/drozer/wiki/Writing-a-Module
amarekano
commented
7 years ago To get started I would recommend cloning the develop branch of this repo and building drozer from source. Building a working dev environment would allow you to start hacking the code base and adding your tweaks, modules etc
We've got a separate repository for drozer modules which members of the community have contributed to. this can be found at https://github.com/mwrlabs/drozer-modules
javixeneize
commented
7 years ago Sounds good. I will check that later
Thanks!
El El sáb, 9 sept 2017 a las 11:45, Amar Menezes notifications@github.com escribió:
To get started I would recommend cloning the develop branch of this repo and building drozer from source. Building a working dev environment would allow you to start hacking the code base and adding your tweaks, modules etc
We've got a separate repository for drozer modules which members of the community have contributed to. this can be found at https://github.com/mwrlabs/drozer-modules
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/drozer/issues/272#issuecomment-328269495, or mute the thread https://github.com/notifications/unsubscribe-auth/AMK55uWj3l1KYQMiqw7-mh-I2rdZ1-qdks5sgmxagaJpZM4OMbHY .
javixeneize
commented
7 years ago Hi
I have had a look to this, but its not exactly what i need. Its more to include a module on drozer engine.
Since what i need to do is a new layer on top of drozer, what i would need is interact with drozer and orchestate it based on the response from the modules
One easy example:
My code will start drozer. Then, it will run in the console drozer run app.package.attacksurface name.of.package. It will read the response, and based on that will call the relevant modules automatically (eg - run app.activity.start --component xxx yyy, etc...)
So i will need to know how to call those methods from my code.
Do you have an API or similar? Maybe this is the first step needed here
Thanks
Hi
Its not an issue, just a question. I have seen that Needle can be integrated with Jenkins. Is there any plan to do the same with Drozer?
http://mobiletools.mwrinfosecurity.com/Needle-Meets-Jenkins/
Thanks