Enumerating broadcast receivers
Broadcast receivers often hold useful information about an application's attack surface and could offer attackers the opportunity to do many things, from performing arbitrary code execution to proliferating information; because of this, they cannot be ignored during an application-focused security assessment. The drozer developers were well aware of this fact and provided modules to help gain information about broadcast receivers.
The following recipe demonstrates the app.broadcast.info module by detailing its different invocation options.
How to do it...
The enumeration of broadcast receivers is performed using the following command:
dz> run app.broadcast.info
The output for the previous command should be similar to the following screenshot:
This app.broadcast.info module has all the cool features the other .info modules have and some more broadcast-receiver-specific options.
You can specify a specific package from which to extract information on receivers...
