Skip to content

Home

Jump to bottom
Abhishek J M edited this page Dec 29, 2018 · 6 revisions

ADHRIT is an open source initiative to build a light-weight, extensively flexible and easily comprehensible Android application security tool.

Preface

Started-off as a hobby by a CTF player. Automating redundant tasks was an important skill (needless to say, CTF'ers are lazy as well). So, initially, it was supposed to be a simple script. With time, more and more features showed up and then was open sourced and released at the 12th Cysinfo Meetup in Bengaluru. The tool was also selected for the Arsenal session at ThreatCon Conference.

For?

  • Android application security beginners
  • Penetration testing
  • Bug Bounty enthusiasts

How is it Different?

With so many other tools in the wild for the same purpose, what makes this one different?

  • Easy to setup

    Setting up the tool is as easy as running the installer script and adding two lines to the config file that ships with the tool. We're constantly trying to keep the dependencies as fewer as possible. If you're going to use Docker container, you're free from this little hassle too!

  • Easy to understand

    Complex code is everywhere! But to do complex tasks with simple code is a different thing. ADHRIT, since its inception, was developed with Android application security beginners in mind. So, it largely relies on the idea of simplicity and still holds on to that factor. If you're starting fresh with writing scripts to ease the APK reversing process yourself or writing a full-stack tool for your organization, either ways, this characteristic is going to be really helpful.

  • Easy to integrate

    All the modules are written in python 3. To write a new module, you need to write a new function in the recons directory and import it in the adhrit main module. More info about this in the Contribution section.

  • Flexibility

    With ADHRIT, you have the freedom to choose what information you would like to extract from a given APK file. Sometimes, you just need to know if it's a malicious APK file already listed on anti-virus engines. What if you only want to extract the source code in Java? How about scanning the application for all URLs? Well, we have got your back! You can tell the tool what you want and you'll be granted your wish!

  • Future-proof!

    This project is constantly on watch and gets regularly updated. For instance, ADHRIT no more uses dex2jar, which is relatively an old tool for extracting jar out of the dex bytecode. Instead, we have seamlessly integrated enjarify into ADHRIT, a complete python 3 application updated to work with newer versions of Java and dex bytecode.

  • An aspiring 'super tool'

    On the long run, we aspire to build a full-fledged tool for Android security, be it CTFs, malware analysis or penetration testing. A one-stop for all the Android security needs! The choice of using the tool for a particular purpose will be left with the user to make.

  • Cleaner code

    “Clean code always looks like it was written by someone who cares.” - Robin C. Martin.

    That's right! We care for you! This project strictly follows python pep8 conventions. We thrive to make the code self-explanatory.

Like this tool? Would like to give it a try? Great! Head to the Installation section.

Clone this wiki locally