Identifying the attack surface
This section is one of the most interesting sections when working with Drozer. We can identify the attack surface of our target application with a single command. It gives the details such as exported applications components, if the app is debuggable, and so on.
Let's go ahead and find out the attack surface of
testapp.apk. The following command is the syntax for finding the attack surface of a specific package:
dz> run app.package.attacksurface [package name]
In our case for
testapp.apk, the command becomes as follows:
dz> run app.package.attacksurface com.isi.testapp
As we can see in the previous screenshot, the testapp ...