MT_analyzer is a fully-featured, web-based vulnerability analysis dashboard built around the Mariana Trench static analysis engine for Android applications.
The tool has been fully refactored from a CLI wrapper into a modern web application:
- Backend (Python/Flask):
dashboard.pyserves as the core API and proxy. It handles long-running Mariana Trench analysis tasks asynchronously, serves real-time status updates, and handles file modifications for custom model generators. - Frontend (Vanilla HTML/CSS/JS): Clean, sleek UI to manage your targets, configure Mariana Trench settings, and pull APKs from your devices.
- State Management: A SQLite database (
analysis.db) is used to persist application tracking states across server restarts.settings.jsonis used to make the tool fully portable, storing paths toMT_DIRandAPK_DIR.
- Fully Portable Settings: Automatically prompts you to configure the Mariana Trench installation directory (
MT_DIR) rather than relying on hardcoded paths. - Automated ADB Integration:
- Plug in an Android device with USB debugging enabled.
- Click
📱 Pull from Device. - The backend will scan your device, enumerate all installed packages, and allow you to pull a single APK or batch-pull ALL installed APKs directly to your workspace.
- Configuration Manager: Edit
model-generators,.jsonconfigurations, andrules.jsondirectly from the web interface. - Real-time Reporting: Starts SAPP servers dynamically per application, allowing you to view detailed security vulnerability reports in an elegant interface.
- Ensure
adbandpython3are installed. - Make sure you have Mariana Trench configured locally.
- Start the dashboard:
cd MT_analyzer
python3 dashboard.py- Access the UI at
http://127.0.0.1:5000.