Abstract

Adhrit is an open-source Android APK reversing and analysis suite. The tool is an effort to find an efficient solution to all the needs of mobile security testing and automation. Adhrit has been built with a focus on flexibility and modularization. Adhrit currently uses the Ghera benchmarks to identify vulnerability patterns in Android applications by scanning for vulnerable code patterns in the bytecode, thus being immune to usual code obfuscation techniques. The tool also supports automated ADB payload generation for exported activities, scans for API endpoints and URLs embedded in APK files, extracts base64 strings from native libraries and searches for various issues in web views, intents, networking configurations and identifies weak crypto implementations. Adhrit has been presented at conferences like OWASP Seasides, ThreatCon, and Cysinfo.