Merge branch 'develop' of github.com:mwrlabs/drozer into develop

.gitignore

@@ -13,3 +13,5 @@ src/drozer/modules/**/*.class
 src/drozer/modules/**/*.apk
 src/drozer.egg-info
 mercury.log
+deb_dist/*
+*.tar.gz

.travis.yml

@@ -1,6 +1,6 @@
 language: python
+sudo: required
 python:
-  - "2.6"
   - "2.7"
 
 jdk:
@@ -14,10 +14,10 @@ before_install:
 - export PATH=$PATH:$(pwd)/bin
 
 install:
-  - make apks 
+  - make apks
   - python setup.py build
   - python setup.py sdist bdist_wheel
-  - python setup.py install
+  - sudo env "PYTHONPATH=$PYTHONPATH:$(pwd)/src" python setup.py install
 
 script:
   - ./bin/drozer

README.md

@@ -33,19 +33,31 @@ drozer is open source software, maintained by MWR InfoSecurity, and can be downl
 git clone https://github.com/mwrlabs/drozer/
 cd drozer
 make apks
+source ENVIRONMENT
 python setup.py build
-python setup.py install
+sudo env "PYTHONPATH=$PYTHONPATH:$(pwd)/src" python setup.py install
 ```
 ### Installing .egg
 
 ```
 sudo easy_install drozer-2.x.x-py2.7.egg
 ```
 
+### Building for Debian/Ubuntu
+```
+sudo apt-get install python-stdeb fakeroot
+git clone https://github.com/mwrlabs/drozer/
+cd drozer
+make apks
+source ENVIRONMENT
+python setup.py --command-packages=stdeb.command bdist_deb
+
+```
+
 ### Installing .deb (Debian/Ubuntu)
 
 ``` 
-sudo dpkg -i drozer-2.x.x.deb
+sudo dpkg -i deb_dist/drozer-2.x.x.deb
 ```
 
 ### Arch Linux

setup.py

@@ -3,7 +3,8 @@
 import os
 import setuptools
 
-from src.drozer import meta
+from drozer import meta
+from sys import platform
 
 def find_files(src):
     matches = []
@@ -24,13 +25,22 @@ def find_libs(src):
 
     return map(lambda fn: os.path.basename(fn), filter(lambda fn: os.path.isfile(fn), matches))
 
+# Do a system check when installing bash complete script
+def get_install_data():
+	install_data = []
+	if platform == "linux" or platform == "linux2":
+		install_data = [('/etc/bash_completion.d',['scripts/drozer'])]
+
+	return install_data
+
+
 setuptools.setup(
   name = meta.name,
   version = str(meta.version),
   author = meta.vendor,
   author_email = meta.contact,
   description = meta.description,
-  long_description = open(os.path.join(os.path.dirname(__file__), "README.md")).read(),
+  long_description = meta.long_description,
   license = meta.license,
   keywords = meta.keywords,
   url = meta.url,
@@ -49,6 +59,7 @@ def find_libs(src):
                               "lib/*.pk8",
                               "lib/weasel/armeabi/w",
                               "server/web_root/*" ] },
-  scripts = ["bin/drozer", "bin/drozer-complete"],
-  install_requires = ["protobuf==2.6.1","pyopenssl==16.2", "pyyaml==3.11"],
+  scripts = ["bin/drozer", "bin/drozer-complete", "bin/drozer-repository"],
+  install_requires = ["protobuf>=2.6.1","pyopenssl>=16.2", "pyyaml>=3.11"],
+  data_files = get_install_data(),
   classifiers = [])

src/drozer/meta.py

@@ -38,6 +38,16 @@ def __str__(self):
 keywords = "drozer android security framework"
 url = "http://mwr.to/drozer"
 
+long_description = '''
+drozer (formerly Mercury) is the leading security testing framework for Android.
+
+drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
+
+drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR's advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
+
+drozer is open source software, maintained by MWR InfoSecurity, and can be downloaded from: http://mwr.to/drozer
+'''
+
 def latest_version():
     try:
         xml = urlopen(Request("https://www.mwrinfosecurity.com/products/drozer/community-edition/manifest.xml", None, {"user-agent": "drozer: %s" % version}), None, 1).read()

src/drozer/modules/common/busy_box.py

@@ -14,15 +14,19 @@ def busyboxPath(self):
 
         return self.workingDir() + "/bin/busybox"
 
-    def _localPath(self, pie):
+    def _localPath(self,arch,pie):
         """
         Get the path to the Busybox binary on the local system.
         """
-        if pie == True:
-            return os.path.join(os.path.dirname(__file__) , "..", "tools", "setup", "pie", "busybox")
+        if arch == "arm":
+            if pie == True:
+                return os.path.join(os.path.dirname(__file__) , "..", "tools", "setup", "arm", "pie", "busybox")
+            else:
+                return os.path.join(os.path.dirname(__file__) , "..", "tools", "setup", "arm", "nopie","busybox")
+        elif arch == "x86":
+            return os.path.join(os.path.dirname(__file__), "..", "tools", "setup","x86", "busybox")
         else:
-            return os.path.join(os.path.dirname(__file__) , "..", "tools", "setup", "nopie","busybox")
-
+            return None
 
     def busyBoxExec(self, command):
         """
@@ -38,15 +42,14 @@ def isBusyBoxInstalled(self):
 
         return self.exists(self.busyboxPath())
 
-    def installBusyBox(self,pie):
+    def installBusyBox(self,arch,pie):
         """
         Install Busybox on the Agent.
         """
-
         if self.ensureDirectory(self.busyboxPath()[0:self.busyboxPath().rindex("/")]):
-            bytes_copied = self.uploadFile(self._localPath(pie), self.busyboxPath())
+            bytes_copied = self.uploadFile(self._localPath(arch,pie), self.busyboxPath())
 
-            if bytes_copied != os.path.getsize(self._localPath(pie)):
+            if bytes_copied != os.path.getsize(self._localPath(arch,pie)):
                 return False
             else:
                 self.shellExec("chmod 775 " + self.busyboxPath())

src/drozer/modules/tools/setup/busybox.py

@@ -16,23 +16,38 @@ class BusyBox(Module, common.BusyBox, common.Shell):
     path = ["tools", "setup"]
 
     def execute(self, arguments):
-        if self.isBusyBoxInstalled():
-            self.stdout.write("BusyBox is already installed.\n")
+        arch = str(self.klass('java.lang.System').getProperty("os.arch")).upper()
+
+        # Check for unsupported architecture
+        if "ARM" in arch:
+            arch = "arm"
+        elif "86" in arch:
+            arch = "x86"
         else:
-            # ARCH check
-            # if "ARM" not in str(self.klass('java.lang.System').getProperty("os.arch")).upper():
-            #     response = raw_input("[-] Unsupported CPU architecture - ARM only. Continue anyway (y/n)? ")
-            #     if "Y" not in response.upper():
-            #         return
+            self.stdout.write("Unsupported CPU architecture. Supported architectures are arm, arm64, x86 and x86_64.\n")
 
-            if self.klass("android.os.Build$VERSION").SDK_INT >= 21:
-                if self.installBusyBox(True):
-                    self.stdout.write("BusyBox installed " + + self.busyboxPath() + "\n")
+        # If the arch is supported, then check if busybox is installed
+        if arch == "x86":
+            if self.isBusyBoxInstalled():
+                self.stdout.write("BusyBox is already installed.\n")
+            else:
+                if self.installBusyBox(arch="x86", pie=False):
+                    self.stdout.write("BusyBox installed " + self.busyboxPath() + "\n")
                 else:
                     self.stdout.write("BusyBox installation failed.\n")
+        elif arch == "arm":
+            if self.isBusyBoxInstalled():
+                self.stdout.write("BusyBox is already installed.\n")
             else:
-                if self.installBusyBox(False):
-                    self.stdout.write("BusyBox installed. " + self.busyboxPath() + "\n")
+                if self.klass("android.os.Build$VERSION").SDK_INT >= 21:
+                    if self.installBusyBox(arch="arm", pie=True):
+                        self.stdout.write("BusyBox installed " + self.busyboxPath() + "\n")
+                    else:
+                        self.stdout.write("BusyBox installation failed.\n")
                 else:
-                    self.stdout.write("BusyBox installation failed.\n")
-
+                    if self.installBusyBox(arch="arm",pie=False):
+                        self.stdout.write("BusyBox installed. " + self.busyboxPath() + "\n")
+                    else:   
+                        self.stdout.write("BusyBox installation failed.\n")
+        else:
+            self.stdout.write("Unsupported CPU architecture. Supported architectures are arm, arm64, x86 and x86_64.\n")

src/drozer/server/dz.py

@@ -7,7 +7,7 @@
     from twisted.internet.protocol import Protocol, ServerFactory
 except ImportError:
     print "drozer Server requires Twisted to run."
-    print "Run 'easy_install twisted==10.2.0' to fetch this dependency."
+    print "Run 'pip install twisted' to fetch this dependency."
     sys.exit(-1)
 
 from drozer.configuration import Configuration

src/mwr/common/system.py

@@ -1,12 +1,17 @@
 import os
+import platform 
 
 from mwr.common.stream import DecolouredStream
 
 def which(executable):
     """
     Implementation of the *nix `which` command, to find an executable on the
     current PATH.
+
+    Update: added support for Windows hosts
     """
+    if platform.system() == 'Windows':
+        executable = executable + ".exe"
 
     for path in os.getenv("PATH", "").split(os.pathsep):
         trial = os.path.join(path, executable)

stdeb.cfg

@@ -0,0 +1,3 @@
+[DEFAULT]
+Package: drozer
+XS-Python-Version: >= 2.7