Home Linux Tips and Tricks Tutorial Andhrit - Android Security Toolkit

4/08/2020

Andhrit - Android Security Toolkit

      , ,    Comment   

Also Read


Andhrit adalah suatu alat yang berbasis open source yang digunakan untuk reversing aplikasi android. Alat ini cocok untuk kalian yang sedang melakukan testing pada aplikasi android. Karena tool ini berbasis open-source, kalian bisa menggunakan nya secara gratis tanpa dipungut biaya.

Didalam alat ini terdapat banyak fitur, antara lain.

  • APK Extraction

    • assets
    • classes.dex
    • native libraries
    • jar file from dex (integrated Enjarify)

  • Source Extraction

    • Certificate/signature
    • Java source
    • smali source
    • Parsed XML resource files
    • Parsed AndroidManifest
    • Native library

  • Static Analysis

    • Manifest analysis
      • Critical permission usage analysis
      • MainActivity identification
      • Backup status
      • Exported activities
      • Exported broadcast receivers
      • Identify intent filters
      • Identify embedded deeplinks
      • Automated ADB payload generation for exported activities
    • Bytecode analysis
      • ICC
        • Dynamic Broadcast Receivers
        • Empty Pending Intents
        • Sticky Broadcasts
        • Unprotected Broadcast Receivers
        • Weak Dynamic Invocation Checks
      • Web Issues
        • JavaScript Execution in WebViews
        • HTTP Connections
        • Unsafe Intent URL Resolving Implementation
        • Overwritable Cookie
        • File Access from URLs
        • Content Provider Access from URLs
        • Supressed SSL Warnings
      • Storage Issues
        • Non-parameterized SQL queries
        • Usage of External Storage for application data
      • Networking
        • Missing Server Certificate Validity Check
        • Insecure SSL Socket Factory
      • Crypto Issues
        • Usage of ECB Block Cipher
      • const-strings
      • CTF flags
      • URLs
    • Native Library analysis
      • Library info
      • Sections
      • Base64 Decoding of strings from .data

  • Lain-lain

    • Rebuilding the APK
    • Signing the APK
Syarat penggunaan:

  • Linux or MAC
  • Python3
  • Java JDK

Cara menggunakan :
  1. Download zip atau clone reposytory-nya ( git clone https://github.com/abhi-r3v0/Adhrit.git )
  2. Buka config lalu masukkan API VirusTotal kalian tanpa quotes ( Cara mendapatkan API VirusTotal ).
  3. Buka terminal lalu masuk ke direktori alat ini.
  4. Jalankan script installernya (python3 installer.py).
  5. lalu jalankan script andhritnya deh (python3 andhrit.py -h)

Pinterest
More
Less
Tumblr
Mix
GMail
LinkedIn
Reddit
XING
WhatsApp
Hacker News
VK
Telegram
OK
Line

0 komentar

Post a Comment