The Hacker News Logo
Subscribe to Newsletter

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices. The easy extensions interface allows users to write custom modules and exploits for Mercury Replace custom applications and scripts that perform single tasks with a framework that provides many tools.

Mercury allows you to:
  • Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services
  • Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
  • Find information on installed packages with optional search filters to allow for better control
  • Built-in commands that can check application attack vectors on installed applications
  • Tools to upload and download files between the Android device and computer without using ADB (this means it can be done over the internet as well!)
  • Create new modules to exploit your latest finding on Android, and playing with those that others have found.
This demonstration shows how you can find and exploit SQL injection in Android applications using Mercury.

Download Mercury v1.0 and Mercury Quick Start Guide 

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.