OpenSec Atlas

Adhrit: An Open Source Tool for Mobile Security | OpenSec Atlas

Mobile Security

Tool

Adhrit

Adhrit is an open-source Android security suite for comprehensive APK reconnaissance and static bytecode analysis using Ghera benchmarks.

Visit Website View on GitHub

About This Tool

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Primary Use Case

Adhrit is designed for mobile security testers and researchers to perform in-depth static analysis and vulnerability scanning of Android applications. It helps identify security issues such as insecure component exposure, cryptographic flaws, and leaked secrets, making it ideal for security audits and automated mobile app assessments.

Key Features

Manifest analysis including package info, exported components, deeplinks, and critical permissions
Bytecode analysis covering usage of SQLite DBs, SharedPreferences, and vulnerability patterns like ICC, web, storage, networking, and crypto issues
Secrets analysis detecting URLs, API tokens, and strings from native libraries
Modular and flexible architecture based on Ghera Android vulnerability benchmarks
Web interface for uploading APKs and generating detailed security reports
Cross-platform support for Linux and macOS with Python3 and Java JDK dependencies
Docker support for easy deployment and usage

Insights & Recommendations

Requires Linux or macOS environment with Python 3 and Java JDK installed. The tool is continuously updated to incorporate latest methodologies. Users should ensure Docker is installed if opting for containerized deployment. The web interface simplifies usage but manual dependency installation is handled automatically on first run.

Installation

Clone the repository: git clone https://github.com/abhi-r3v0/Adhrit.git
Navigate to the cloned directory
Run the tool with Python 3: python3 run.py
The script auto-installs all required dependencies on first run
Alternatively, use Docker: run docker-compose up
Access the web interface at http://127.0.0.1:4200

Usage

python3 run.py

Launches the Adhrit tool and automatically opens the web interface for APK upload and analysis

docker-compose up

Starts the Adhrit service using Docker and hosts the web interface on port 4200

Smart Usage Notes

Integrate Adhrit into CI/CD pipelines for automated static analysis of Android apps before deployment.Use Adhrit's modular architecture to extend detection capabilities with custom vulnerability benchmarks.Leverage the web interface to provide security teams with accessible, detailed APK security reports for faster triage.Combine Adhrit findings with dynamic analysis tools to correlate static vulnerabilities with runtime behaviors.Deploy Adhrit in containerized environments to enable scalable, on-demand mobile app security assessments.