Navigation

LazyDroid – Android Security Assessment Tool

Last updated: June 10, 2017 | 1,920 views

Lazydroid is a tool written as a bash script to facilitate some aspects of an Android Security Assessment.

LazyDroid - Android Security Assessment Tool

Features

It provides some common tasks such as:

Set the debug flag of an application to true
Set the backup flag of an application to true
Re-Build the application
Re-Sign the application
Smart log extraction of an application
Extract the APK of an application installed from Google Play
Download any mobile folder (/sdcard/, application data folder, other)
Compare two different snapshots of the same folder
Insert Frida gadget in the APK (for example when the phone is not or cannot be rooted, and thus Frida server cannot be run)

Installation

Lazydroid requires Linux or Mac OS to run and the next tools installed:

apktool
jarsigner
adb
aapt (Android Asset Packaging Tool, part of the SDK)
your keystore and alias
Frida Agent (pip install frida)

Usage

To run lazydroid.sh the steps would be the following:

$ git clone
$ #configure the path to the tools (adb, jarsigner, apktool, etc and your favourite shell)
$ cd lazydroid
$ ./getfridalibs.sh #get the last frida libs for Android
$ ./lazydroid.sh

1

2

3

4

5

$ git clone

$ #configure the path to the tools (adb, jarsigner, apktool, etc and your favourite shell)

$ cd lazydroid

$ ./getfridalibs.sh #get the last frida libs for Android

$ ./lazydroid.sh

You can download LazyDroid here:

LazyDroid-master.zip

Or read more here.

Shares 89

Posted in: Hacking Tools

android, android security, hacking android

Latest Posts:

StaCoAn - Mobile App Static Analysis Tool

StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.

April 24, 2018 - 113 Shares

snallygaster - Scan For Secret Files On HTTP Servers

snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s

April 17, 2018 - 181 Shares

Portspoof - Spoof All Ports Open & Emulate Valid Services

Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.

April 7, 2018 - 216 Shares

Cambridge Analytica Facebook Data Scandal

Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.

March 25, 2018 - 118 Shares

GetAltName - Discover Sub-Domains From SSL Certificates

GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.

March 19, 2018 - 263 Shares

Memcrashed - Memcached DDoS Exploit Tool

Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.

March 13, 2018 - 214 Shares

OneLogin Hack – Encrypted Data Compromised

credmap – The Credential Mapper

Comments are closed.