creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
780757902b7faeb8d77d034d4faead329cdd6539
Anthropic-Cybersecurity-Skills/skills/testing-android-intents-for-vulnerabilities/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

51 lines
1.8 KiB
Markdown
Raw Blame History

# API Reference: Testing Android Intents for Vulnerabilities
## Drozer Modules
| Module | Description |
|--------|-------------|
| `app.package.attacksurface` | Enumerate exported components |
| `app.activity.info` | List exported activities |
| `app.service.info` | List exported services |
| `app.broadcast.info` | List exported receivers |
| `app.provider.info` | List content providers |
| `app.provider.query` | Query content provider URI |
| `scanner.provider.injection` | Test for SQL injection |
| `scanner.provider.traversal` | Test for path traversal |
| `app.broadcast.send` | Send broadcast intent |
| `app.activity.start` | Start exported activity |
## ADB Intent Commands
| Command | Description |
|---------|-------------|
| `adb shell am start -n <pkg>/<activity>` | Start activity |
| `adb shell am broadcast -a <action>` | Send broadcast |
| `adb shell am startservice -n <pkg>/<svc>` | Start service |
| `adb shell content query --uri <uri>` | Query provider |
| `adb shell dumpsys package <pkg>` | Package info |
## Component Types
| Type | Risk | Test |
|------|------|------|
| Exported Activity | Auth bypass | Direct launch without intent filters |
| Content Provider | Data leakage, SQLi | Query with modified URIs |
| Broadcast Receiver | Action spoofing | Send crafted broadcasts |
| Service | Unauthorized actions | Bind/start with extras |
| PendingIntent | Hijacking | Check FLAG_MUTABLE |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `subprocess` | stdlib | Execute adb/drozer CLI |
| `re` | stdlib | Parse command output |
| `json` | stdlib | Report generation |
## References
- Drozer: https://github.com/WithSecureLabs/drozer
- OWASP MASTG: https://mas.owasp.org/MASTG/
- Android IPC: https://developer.android.com/guide/components/intents-filters
Reference in New Issue View Git Blame Copy Permalink