testing-android-intents-for-vulnerabilities

Featured

Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.

Testing & QA 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Testing Android Intents for Vulnerabilities ## When to Use Use this skill when: - Assessing Android app exported activities, services, receivers, and content providers - Testing for intent injection and unauthorized component invocation - Evaluating broadcast receiver security for sensitive data exposure - Performing IPC-focused penetration testing on Android applications **Do not use** on production devices without explicit authorization. ## Prerequisites - Rooted Android device or emulator with ADB - Drozer agent installed on target device (`drozer agent.apk`) - Drozer console on host (`pip install drozer`) - Target APK decompiled with apktool for AndroidManifest.xml analysis - Frida for runtime intent monitoring ## Workflow ### Step 1: Enumerate Exported Components ```bash # Using Drozer drozer console connect run app.package.info -a com.target.app run app.package.attacksurface com.target.app # Output shows: # X activities exported # X broadcast receivers exported # X content providers exported # X services exported # List exported activities run app.activity.info -a com.target.app # List exported services run app.service.info -a com.target.app # List exported receivers run app.broadcast.info -a com.target.app # List content providers run app.provider.info -a com.target.app ``` ### Step 2: Test Exported Activities ```bash # Launch exported activities directly run app.activity.start --component com.target.app com.target.app.AdminActivity # Launch with inte...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-dynamic-analysis-of-android-app

Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to observe application behavior during execution, intercept function calls, modify runtime values, and identify vulnerabilities that static analysis misses. Use when testing Android apps for runtime security flaws, hooking sensitive methods, bypassing client-side protections, or analyzing obfuscated applications. Activates for requests involving Android dynamic analysis, runtime hooking, Frida Android instrumentation, or live app behavior analysis.

13,115 Updated today
mukul975
Testing & QA Solid

mobile-security-testing-skill

Android and iOS application security testing

1,160 Updated today
a5c-ai
AI & Automation Featured

exploiting-insecure-data-storage-in-mobile

Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including unencrypted databases, world-readable files, insecure SharedPreferences, plaintext credential storage, and improper keychain/keystore usage. Use when performing mobile penetration testing focused on OWASP M9 (Insecure Data Storage) or assessing compliance with MASVS-STORAGE requirements. Activates for requests involving mobile data storage security, local storage exploitation, SharedPreferences analysis, or mobile data leakage assessment.

13,115 Updated today
mukul975
Testing & QA Listed

android-accessibility-pentest

Android Accessibility Service security analysis and pentesting. Use this skill whenever the user mentions Android security testing, accessibility service abuse, RAT detection, malware analysis, ClayRat, PlayPraetor, overlay phishing, credential harvesting, or any Android app security assessment involving AccessibilityService APIs. This skill helps detect malicious accessibility services, analyze abuse patterns, and harden apps against accessibility-based attacks.

13 Updated 2 months ago
abelrguezr
AI & Automation Featured

conducting-mobile-app-penetration-test

Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.

13,115 Updated today
mukul975