Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
adbkit-monkey
Advanced tools
adbkit-monkey provides a Node.js interface for working with the Android monkey
tool. Albeit undocumented, they monkey program can be started in TCP mode with the --port
argument. In this mode, it accepts a range of commands that can be used to interact with the UI in a non-random manner. This mode is also used internally by the monkeyrunner
tool, although the documentation claims no relation to the monkey tool.
Install via NPM:
npm install --save adbkit-monkey
Note that while adbkit-monkey is written in CoffeeScript, it is compiled to JavaScript before publishing to NPM, which means that you are not required to use CoffeeScript.
The following examples assume that monkey is already running (via adb shell monkey --port 1080
) and a port forwarding (adb forward tcp:1080 tcp:1080
) has been set up.
var assert = require('assert');
var monkey = require('adbkit-monkey');
var client = monkey.connect({ port: 1080 });
client.press(3 /* KEYCODE_HOME */, function(err) {
assert.ifError(err);
console.log('Pressed home button');
client.end();
});
var assert = require('assert');
var monkey = require('adbkit-monkey');
var client = monkey.connect({ port: 1080 });
client.multi()
.touchDown(100, 0)
.sleep(5)
.touchMove(100, 20)
.sleep(5)
.touchMove(100, 40)
.sleep(5)
.touchMove(100, 60)
.sleep(5)
.touchMove(100, 80)
.sleep(5)
.touchMove(100, 100)
.sleep(5)
.touchUp(100, 100)
.sleep(5)
.execute(function(err) {
assert.ifError(err);
console.log('Dragged out the notification bar');
client.end();
});
var assert = require('assert');
var monkey = require('adbkit-monkey');
var client = monkey.connect({ port: 1080 });
client.getDisplayWidth(function(err, width) {
assert.ifError(err);
client.getDisplayHeight(function(err, height) {
assert.ifError(err);
console.log('Display size is %dx%d', width, height);
client.end();
});
});
Note that you should manually focus a text field first.
var assert = require('assert');
var monkey = require('adbkit-monkey');
var client = monkey.connect({ port: 1080 });
client.type('hello monkey!', function(err) {
assert.ifError(err);
console.log('Said hello to monkey');
client.end();
});
Uses Net.connect() to open a new TCP connection to monkey. Useful when combined with adb forward
.
Net.connect()
accepts.Client
instance.Attaches a monkey client to an existing monkey protocol stream.
Stream
.Client
instance.Implements Api
. See below for details.
The following events are available:
Error
.Ends the underlying stream/connection.
Client
instance.Returns a new API wrapper that buffers commands for simultaneous delivery instead of sending them individually. When used with api.sleep()
, allows simple gestures to be executed.
Multi
instance. See Multi
below.Sends a raw protocol command to monkey.
String
, a single command is sent. When Array
, a series of commands is sent at once.null
when successful, Error
otherwise.Client
instance.The monkey API implemented by Client
and Multi
.
Closes the current monkey session and allows a new session to connect.
null
when successful, Error
otherwise.Api
implementation instance.Simulates closing the keyboard.
null
when successful, Error
otherwise.Api
implementation instance.Simulates opening the keyboard.
null
when successful, Error
otherwise.Api
implementation instance.Gets the value of a variable. Use api.list()
to retrieve a list of supported variables.
null
when successful, Error
otherwise.Api
implementation instance.Alias for api.get('am.current.action', callback)
.
Alias for api.get('am.current.categories', callback)
.
Alias for api.get('am.current.comp.class', callback)
.
Alias for api.get('am.current.comp.package', callback)
.
Alias for api.get('am.current.data', callback)
.
Alias for api.get('am.current.package', callback)
.
Alias for api.get('build.board', callback)
.
Alias for api.get('build.brand', callback)
.
Alias for api.get('build.cpu_abi', callback)
.
Alias for api.get('build.device', callback)
.
Alias for api.get('build.display', callback)
.
Alias for api.get('build.fingerprint', callback)
.
Alias for api.get('build.host', callback)
.
Alias for api.get('build.id', callback)
.
Alias for api.get('build.manufacturer', callback)
.
Alias for api.get('build.model', callback)
.
Alias for api.get('build.product', callback)
.
Alias for api.get('build.tags', callback)
.
Alias for api.get('build.type', callback)
.
Alias for api.get('build.user', callback)
.
Alias for api.get('build.version.codename', callback)
.
Alias for api.get('build.version.incremental', callback)
.
Alias for api.get('build.version.release', callback)
.
Alias for api.get('build.version.sdk', callback)
.
Alias for api.get('clock.millis', callback)
.
Alias for api.get('clock.realtime', callback)
.
Alias for api.get('clock.uptime', callback)
.
Alias for api.get('display.density', callback)
.
Alias for api.get('display.height', callback)
. Note that the height may exclude any virtual home button row.
Alias for api.get('display.width', callback)
.
Sends a key down event. Should be coupled with api.keyUp()
. Note that api.press()
performs the two events automatically.
'home'
to KEYCODE_HOME
). This will not work for number keys however. The most portable method is to simply use numeric key codes.null
when successful, Error
otherwise.Api
implementation instance.Sends a key up event. Should be coupled with api.keyDown()
. Note that api.press()
performs the two events automatically.
api.keyDown()
.null
when successful, Error
otherwise.Api
implementation instance.Lists supported variables.
null
when successful, Error
otherwise.api.get()
.Api
implementation instance.Sends a key press event.
api.keyDown()
.null
when successful, Error
otherwise.Api
implementation instance.Closes the current monkey session and quits monkey.
null
when successful, Error
otherwise.Api
implementation instance.Sleeps for the given duration. Can be useful for simulating gestures.
null
when successful, Error
otherwise.Api
implementation instance.Taps the given coordinates.
null
when successful, Error
otherwise.Api
implementation instance.Sends a touch down event on the given coordinates.
null
when successful, Error
otherwise.Api
implementation instance.Sends a touch move event on the given coordinates.
null
when successful, Error
otherwise.Api
implementation instance.Sends a touch up event on the given coordinates.
null
when successful, Error
otherwise.Api
implementation instance.Sends a trackball event on the given coordinates.
null
when successful, Error
otherwise.Api
implementation instance.Types the given text.
String
. Note that only characters for which key codes exist can be entered. Also note that any IME in use may or may not transform the text.null
when successful, Error
otherwise.Api
implementation instance.Wakes the device from sleep and allows user input.
null
when successful, Error
otherwise.Api
implementation instance.Buffers Api
commands and delivers them simultaneously for greater control over timing.
Implements all Api
methods, but without the last callback
parameter.
Sends all buffered commands.
null
when successful, Error
otherwise.Api
responses.See CONTRIBUTING.md.
See LICENSE.
Copyright © CyberAgent, Inc. All Rights Reserved.
FAQs
A Node.js interface to the Android monkey tool.
The npm package adbkit-monkey receives a total of 14,396 weekly downloads. As such, adbkit-monkey popularity was classified as popular.
We found that adbkit-monkey demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.