Home

Mercury is a security assessment framework for the Android. It allows you to dynamically interact with the IPC endpoints exported by an application installed on a device.

Mercury is open source software, maintained by MWR InfoSecurity, and can be downloaded from:

mwr.to/mercury

Mercury provides similar functionality to a number of static analysis tools, such as aapt, but offers far more flexibility by allowing you to interact with these endpoints from the context of an unprivileged application running on the same device. The Android sandbox is designed to restrict the access of an unprivileged application to other applications, and the underlying device, without requesting appropriate permissions. You will be surprised how much access you actually have…

This wiki site is home to the Developers’ Documentation, for those who wish to write Mercury modules or extend the Mercury core.

For more information on using Mercury, please visit the project website.

Mercury Developers

Mercury is designed to allow new functionality to be added through stand-alone modules. If you want to build new checks, exploits or tools you should start with a module. If what you want to do is simply not possible through the module interface, you may need to extend the core (this is easy too).

You’ll probably want to read:

Writing a Module

We also suggest getting a better understanding of how Mercury works. These guides explain how the Mercury system is architected, and how it works together:

Before you contribute, please read:

Contributing to Mercury

If you have any questions, you can:

Check out the FAQs
Find us on Twitter

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Home

Mercury Developers

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally