Adhrit

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

537

129

JavaScript

Hits

Adhrit is an open source Android APK reversing and analysis suite. The tool is an effort to find an efficient solution to all the needs of mobile security testing and automation. Adhrit has been built with a focus on flexibility and mudularization. Adhrit currently uses the Ghera benchmarks to identify vulnerability patterns in Android applications. The project is subject to continuous updations and will incorporate the latest available methodologies and tools. Adhrit has been presented at conferences like OWASP Seasides, ThreatCon and Cysinfo. Feature requests and bug reports are always welcome!

Features:

Manifest Analysis
- Package name, debug and backup status
- Exported components (activities, services, providers and receivers)
- Deeplinks
- Implicit intent filters
- Critical permissions
Bytecode Analysis
- Usage Analysis
  - SQLite DBs
  - SharedPreferences
- Vulnerability Analysis
  - ICC
  - Web Issues
  - Storage Issues
  - Networking
  - Crypto Issues
Secrets Analysis
- URLs
- API tokens
- Strings from native libraries

Screenshots:

Pre-requisites:

Linux or MAC
Python3
Java JDK

Quick Setup

Dowload the zip or clone the package and extract the tool ( git clone https://github.com/abhi-r3v0/Adhrit.git ).
Run python3 run.py

The script automatically identifies if you’re running Adhrit for the first time and will install all the dependencies & libraries required by the tool.