Android debug bridge (ADB)

Android Debug Bridge (ADB) [🔗] is a powerful command-line tool that allows you to communicate with Android devices. In penetration testing, ADB is essential for analyzing Android applications, examining device configurations, and performing security assessments on mobile targets.

Prerequisites and Setup

Before using ADB for penetration testing, ensure you have:

Android SDK Platform Tools installed on your system
USB Debugging enabled on the target device

How to Enable Developer Options and USB Debugging

Go to Settings > About Phone
Tap Build Number seven times
Navigate to Settings > Developer Options
Enable USB Debugging
Connect the device via USB and authorize the computer when prompted

Source: https://developer.android.com/studio/debug/dev-options#enable

Device Connection and Management

Check connected devices:

adb devices

Connect to a specific device (when multiple devices are connected):

adb -s <device_id> <command>

Connect over network (for wireless testing):

adb connect <ip_address>:5555

Application Management

Install an APK file:

adb install <path_to_apk>

Uninstall an application:

adb uninstall <package_name>

List all installed packages:

adb shell pm list packages

List only third-party packages (user-installed apps):

adb shell pm list packages -3

List system packages:

adb shell pm list packages -s

Search for specific package

adb shell pm list packages | grep <package_name>

Get detailed information about a package:

adb shell dumpsys package <package_name>

Get application paths:

adb shell pm path <package_name>

Extract APK file from device:

# First, get the APK path
adb shell pm path <package_name>
# Then pull the APK
adb pull <apk_path> <local_destination>

Application Control and Testing

Start a specific activity:

adb shell am start <package_name>/<activity_name>

Start activity with intent extras (useful for testing deep links):

adb shell am start -n <package_name>/<activity_name> -e <key> <value>

Clear application data (useful for testing first-run scenarios):

adb shell pm clear <package_name>

File System Operations

Copy files from device to local system:

adb pull <remote_path> <local_path>

Copy files from local system to device:

adb push <local_path> <remote_path>

Advanced Shell Operations

Access device shell:

adb shell

Execute single command:

adb shell <command>

Useful shell commands:

# Check device information
adb shell getprop

# Monitor system logs
adb shell logcat

# Check running processes
adb shell ps

# Check network connections
adb shell netstat

# Check file permissions
adb shell ls -la <path>