{"id":"reverseclabs-drozer","name":"drozer","homepage":"https://labs.reversec.com/tools/drozer","repo_url":"https://github.com/ReversecLabs/drozer","category":"security","subcategories":[],"tags":["android","mobile-security","pentesting","reverse-engineering","assessment-framework"],"what_it_does":"drozer is an open-source Android security testing framework that lets a user interact with a connected Android device/emulator by assuming the role of an app. It can enumerate and probe app components and IPC endpoints, execute modules, and install/run a drozer agent on the device (typically via adb).","use_cases":["Assessing Android app security posture (e.g., exported components/IPC exposure) during penetration testing or app security review","Building and running repeatable security assessments without writing custom Android tooling","Exploring device/app attack surface via the drozer console and agent"],"not_for":["Automated production monitoring or compliance scanning in a live environment","Use without an authorized target and proper legal/ethical approvals","Agent-assisted programmatic access to a hosted API (the primary interface is an interactive console + device agent)"],"best_when":"You have permission to test Android apps/devices and want an interactive framework for assessing app/OS exposure and IPC-related risks.","avoid_when":"You need an API-first developer experience (REST/GraphQL/SDK) or require a vendor-hosted, authenticated service.","alternatives":["MobSF (Mobile Security Framework)","QARK","Androguard (analysis) + custom scripts for component/manifest inspection","Frida (dynamic instrumentation, for analysts)","Drozer containerized alternatives / maintained forks (if available in your ecosystem)"],"af_score":32.5,"security_score":21.8,"reliability_score":23.8,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T15:00:35.744273+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Local console-to-device connection over a forwarded TCP port (server embedded in the agent)"],"oauth":false,"scopes":false,"notes":"No documented user auth for a service. Access is effectively controlled by what the connected agent/process can do on the target device."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source tooling; costs are primarily operational (setup, devices/emulators, analyst time). README indicates F-Secure stopped further development."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":32.5,"security_score":21.8,"reliability_score":23.8,"mcp_server_quality":0.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":90.0,"rate_limit_clarity":0.0,"tls_enforcement":20.0,"auth_strength":10.0,"scope_granularity":5.0,"dependency_hygiene":55.0,"secret_handling":30.0,"security_notes":"Security tooling that performs exploitation/agent installation actions; use requires authorization. The interface described is local agent console communication over a forwarded TCP port, with no mention of TLS or fine-grained auth. README warns about antivirus flagging on Windows. Dependency versions are not assessed for CVEs from the provided data.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":30.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No hosted API: interaction is via interactive CLI and an installed agent on the device.","Requires an adb-connected device/emulator and port forwarding (default TCP 31415).","README is aimed at manual use; limited info about machine-readable outputs or programmatic workflows.","Windows Defender/AV may flag the tool as malware; may require exclusions in your environment."]}}