What's New in Mercury v2?

By on 14 December, 2012

It’s been 8 months since we released Mercury into the wild. Since then we have seen many people use the tool and share their thoughts, insight and time with up to help make Mercury even more awesome.

The Mercury v1.1 release, last September, helped us to address some of the user feedback: bringing in a heap of new features and improvements from the cool reflection interface, to the mundane (but necessary) improvements to inline help. We wanted more…

Today, we are able to release Mercury v2.0.

Why v2.0? Because we have rewritten Mercury from the ground up. We wanted to tackle some of the more fundamental problems that you, and we, discovered whilst using Mercury in anger.

Get it now from the downloads page.

Then follow us on Twitter. We will be tweeting hints and tips all day.

Now go play with it! (It’s OK, I’ll wait for you to come back…)

These are our three favourite new features.

Mirrors, Modules Everywhere

The reflection interface, that was previewed in Mercury v1.1, has been refined and is now used by all Mercury functionality. We have also consolidated all Mercury functionality as modules. For those that didn’t read the original blog post, this allows us to execute Java code in the Agent, from your PC.

Through reflection, we can upgrade and improve all of Mercury’s functionality, without asking you to reinstall the Agent on your Android device.

This has also allowed us to simplify the communication channel between console and agent, so we can concentrate on maintaining a smaller feature set going forwards.

Infrastructure Mode

In Mercury v1.1, you had to know the IP address of the Android device you wanted to connect to, and be able to route a connection to a port on that address. This was great when on a local subnet or connected by adb(Android Debug Bridge), but was thwarted by firewalls, NAT and such.

Mercury v2.0 introduces Infrastructure Mode: a new configuration where devices and consoles both connect to a central server, which routes sessions between them.

Since, in Infrastructure Mode, the agent establishes a connection, it can traverse firewalls and NAT and you only need to know the IP address of your server. This allows you to run agents anywhere in the world, and always connect back to them.

Infrastructure Mode allows you to devise and test much more realistic attack scenarios.

Revamped User Interface

Another benefit of moving all functionality into Mercury modules is that we have been able to put the user interface on a serious diet. We have replaced the multiple levels of menus with a single prompt that gives you instant access to all of Mercury’s functionality.

Quite simply, this makes it much faster to perform an assessment with Mercury.

We’ve also tried to make using the command-line interface closer to the shells that we (*nix users) use on a daily basis: for instance, you can now send your output to a file with >, and use !!, !^ and !$ to access parts of the previous command.

How do I get it?

Get it now, from the downloads page.

Please send us your feedback, questions and comments on the new version via Twitter and Github. That way they might just make it into Mercury 2.1.