Is there an nmap vulnerability scanning script (vuln, vulscan, nmap-vulners etc) for scanning target Android devices on the network?
If not, is there any specific scanning tool that scans for CVE on target Android devices?
-
Welcome to the community. Have you looked at existing Android scripts?..– Sir MuffingtonCommented Jul 20, 2023 at 15:21
-
@sirMuffington I did Google search but nothing turned up.– AjayCommented Jul 20, 2023 at 15:50
-
Does this help you?: stackoverflow.com/questions/9452599/…– Sir MuffingtonCommented Jul 21, 2023 at 14:46
-
Unless the Android device has specifically been set up to run as some kind of server, there probably won't be any open ports to find.– multithr3at3dCommented Jul 21, 2023 at 21:39
Add a comment
|
1 Answer
Yes there is.
Google provide the STS SDK (Security Test Suite SDK): https://source.android.com/docs/security/test/sts-sdk ...but this is "only" to develop your own security tests.
Whereas if you're a Google partner (e.g. an OEM making Android devices, with a partnership with Google), you have the full blown STS, with the automated tests to check that the CVE from Google Android monthly Security Bulletins have been indeed fixed.
Both the STS SDK and the Google partners STS leverage on adb (Android Debugger Bridge) as an agent on the Android device: https://developer.android.com/tools/adb
