| No. | Topic | Description |
|---|---|---|
| 1 | Installing Linux OS | I use Kali Linux for testing |
| 2 | Installing Virtual Phone | I use Genymotion for testing |
| 3 | Installing Apktool | For reverse engineering APK files |
| 4 | Install ADB | communicate with an Android device for debugging, file transfers, and penetration testing |
| 5 | Install Dex2jar tool | onverting Dalvik Executable (DEX) files into Java Archive (JAR) files, |
| 6 | Install jd-gui tool | graphical decompiler for Java applications |
| 7 | Install JADX tool | Additional security topics |
| 8 | Install DROZER | Android security assessment tool |
I installed Kali linux in the main system. you can also use the in the virtual machne.
Go to the official Kali Linux website: 👉 https://www.kali.org/get-kali/ Download the Kali Linux ISO for your system (64-bit recommended).
📌 Using Rufus (Windows)
- Insert a USB drive (at least 8GB) into your computer.
- Open Rufus (Download: https://rufus.ie).
- Select your USB drive under "Device".
- Click "SELECT" and choose the Kali ISO.
- Set "Partition scheme" to MBR (for BIOS) or GPT (for UEFI).
- Click "START" and wait for the process to complete.
- Insert the Bootable USB into your system.
- Restart your PC and enter BIOS/UEFI settings (Press F2, F12, DEL, or ESC).
- Change boot priority to USB drive and save changes.
- Restart, and Kali Linux installer should load.
- Select "Graphical Install" (recommended).
- Choose your language, location, and keyboard layout.
- Set a hostname (e.g., kali).
- Create a new user account (avoid using "root").
- Set up a strong password.
You have two options:
- Guided - Use Entire Disk (Recommended for beginners)
- Select this if you want to erase everything and install Kali.
- Manual Partitioning (For Dual Boot or Advanced Users)
- Create a root (/) partition, a swap partition, and optionally a home (/home) partition.
- Confirm partitions and select "Finish partitioning and write changes to disk".
- The installation process will start.
- When asked "Install GRUB bootloader?", select "Yes" and install it to your primary disk (e.g., /dev/sda).
- Once installation is complete, remove the USB drive and reboot.
- Login with your username and password.
- Open a terminal and update Kali:
sudo apt update && sudo apt upgrade -y
I use genymotion for Virtual Phone.
Step2: Download the Genymotion Desktop software link.
Type commmand on the terminal
sudo apt update
sudo apt install apktool
decompile that .apk with the use of apktool. Without this tool all content is in the encripted format.
run this command on the termainal
sudo apt update
sudo apt install dex2jar
run this command on the termainal
sudo apt update
sudo apt install jd-gui
sudo apt install jadx
run this command on the termainal Step 1 : install Drozer Client Step 2 : Install Drozer Agent
Install Drozer Client with this command
pipx install drozer
Download the Drozer Agent and Install in the virtual Phone.
https://github.com/WithSecureLabs/drozer-agent/releases/
Step1: Open the Drozer Agent Application into the Android Virtual Phone and Click the Embedded Server ON.
dz> ls
app.activity.forintent Find activities that can handle the given intent
app.activity.info Gets information about exported activities.
app.activity.start Start an Activity
app.broadcast.info Get information about broadcast receivers
app.broadcast.send Send broadcast using an intent
app.broadcast.sniff Register a broadcast receiver that can sniff particular intents
app.package.attacksurface Get attack surface of package
app.package.backup Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP)
app.package.debuggable Find debuggable packages
app.package.info Get information about installed packages
app.package.launchintent Get launch intent of package
app.package.list List Packages
app.package.manifest Get AndroidManifest.xml of package
app.package.native Find Native libraries embedded in the application.
app.package.shareduid Look for packages with shared UIDs
app.provider.columns List columns in content provider
app.provider.delete Delete from a content provider
app.provider.download Download a file from a content provider that supports files
app.provider.finduri Find referenced content URIs in a package
app.provider.info Get information about exported content providers
app.provider.insert Insert into a Content Provider
app.provider.query Query a content provider
app.provider.read Read from a content provider that supports files
app.provider.update Update a record in a content provider
app.service.info Get information about exported services
app.service.send Send a Message to a service, and display the reply
app.service.start Start Service
app.service.stop Stop Service
auxiliary.webcontentresolver Start a web service interface to content providers.
exploit.jdwp.check Open @jdwp-control and see which apps connect
exploit.pilfer.general.apnprovider Reads APN content provider
exploit.pilfer.general.settingsprovider Reads Settings content provider
information.datetime Print Date/Time
information.deviceinfo Get verbose device information
information.permissions Get a list of all permissions used by packages on the device
scanner.activity.browsable Get all BROWSABLE activities that can be invoked from the web browser
scanner.misc.native Find native components included in packages
scanner.misc.readablefiles Find world-readable files in the given folder
scanner.misc.secretcodes Search for secret codes that can be used from the dialer
scanner.misc.sflagbinaries Find suid/sgid binaries in the given folder (default is /system).
scanner.misc.writablefiles Find world-writable files in the given folder
scanner.provider.finduris Search for content providers that can be queried from our context.
scanner.provider.injection Test content providers for SQL injection vulnerabilities.
scanner.provider.sqltables Find tables accessible through SQL injection vulnerabilities.
scanner.provider.traversal Test content providers for basic directory traversal vulnerabilities.
shell.exec Execute a single Linux command.
shell.send Send an ASH shell to a remote listener.
shell.start Enter into an interactive Linux shell.
tools.file.download Download a File
tools.file.md5sum Get md5 Checksum of file
tools.file.size Get size of file
tools.file.upload Upload a File
tools.setup.busybox Install Busybox.
tools.setup.minimalsu Prepare 'minimal-su' binary installation on the device.
get the fields where we attack with **run app.package.attacksurface jakhar.aseem.diva** this command
start the activity where you attack for checking purpose **run app.activity.start --component jakhar.aseem.diva jakhar.aseem.diva.APICredsActivity**
