Mercury v1.1 - The Android Vulnerability Assessment framework - Hacking Tools Download Download Hacking Tools at 'Tools Yard': Mercury v1.1 - The Android Vulnerability Assessment framework

Mercury v1.1 - The Android Vulnerability Assessment framework

Labels:
, , ,


Mercury is a free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. It allows you to use dynamic analysis on Android applications and devices for quicker security assessments and share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices.

The new version is compatible with new Android releases including Ice Cream Sandwich and Jelly Bean, meaning you can now run Mercury on the latest and greatest hardware. This enables you to be the first to find and report previously undisclosed bugs on that newly released phone!

Mercury allows you to:
  1. Interact with the 4 IPC endpoints – activities, broadcast receivers, content providers and services
  2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
  3. Find information on installed packages with optional search filters to allow for better control
  4. Built-in commands that can check application attack vectors on installed applications
  5. Tools to upload and download files between the Android device and computer without using ADB (this means it can be done over the internet as well!)
  6. Create new modules to exploit your latest finding on Android, and playing with those that others have found.
For those of you interested in vulnerabilities in vendor products, the new version is the start of a collection of these in a framework. The first privilege escalation was included, allowing the escalation to root from Mercury’s unprivileged context. A module was created to check for vulnerabilities in content providers discovered on Samsung devices.

The newly introduced Reflection Interface, allows one from the Python client to instruct the Android code what objects to create and what to do with them, allowing you to add new features on the fly, without recompiling the Mercury APK. This allows true flexibility and a powerful framework for adding features that did not exist at runtime.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Friday, September 07, 2012  

The Hacker News - Daily Updates