Mercury

The Leading Security Assessment Framework for Android

Mercury is a framework for exploring the Android platform; to find vulnerabilities and share proof-of-concept exploits.

Mercury allows you to assume the role of a low-privileged Android app, and to interact with both other apps and the system.

  • Use dynamic analysis on Android applications and devices for quicker security assessments
  • Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices
  • Write custom tests and exploits, using the easy extensions interface

Mercury allows you to:

  1. Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services
  2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
  3. Find information on installed packages with optional search filters to allow for better control
  4. Built-in commands that can check application attack vectors on installed applications
  5. Transfer files between the Android device and your computer
  6. Create new modules to exploit your latest finding on Android, and playing with those that others have found

Mercury does all of this over the network: it does not require ADB.

For the latest Mercury updates, follow @droidhg.

Android is a trademark of Google Inc.