A web-based framework for mobile application security testing. Trishul simplifies the process of setting up and using tools like Frida for application hooking and security analysis.
- Web-based interface for mobile application security testing
- Automatic setup and management of Frida server on rooted devices
- Remote command execution and device management
- Hooking capabilities directly from the browser
- Real-time monitoring and analysis
- Built-in terminal for direct device interaction
- Sample scripts for common security testing scenarios
- Python 3.8+
- Node.js 14+
- Rooted Android/iOS device with USB debugging enabled
- ADB tools installed on the server
The easiest way to set up Trishul is using Docker:
-
Install Docker and Docker Compose
-
Clone the repository:
git clone https://github.com/xronyx/trishul.git cd trishul -
Start the container:
For Linux/macOS:
chmod +x start-docker.sh ./start-docker.sh
For Windows:
start-docker.bat
-
Access the web interface at
http://localhost:5000 -
Connect your rooted Android device via USB and ensure USB debugging is enabled
-
Clone the repository:
git clone https://github.com/xronyx/trishul.git cd trishul -
Run the deployment script:
For Linux/macOS:
chmod +x deploy.sh ./deploy.sh
For Windows:
deploy.bat
-
The script will:
- Check for prerequisites
- Set up a Python virtual environment
- Install Python dependencies
- Build the React frontend
- Create necessary directories
If using Docker, the application is already running after starting the container.
If using manual installation:
-
Start the server:
For Linux/macOS:
source venv/bin/activate python server.pyFor Windows:
venv\Scripts\activate.bat python server.py
-
Open your web browser and navigate to:
http://localhost:5000 -
Connect your rooted Android device via USB and ensure USB debugging is enabled
-
Use the Device Manager panel to:
- Connect to your device
- Upload Frida server if not already installed
- Browse and select target applications
-
Write Frida scripts in the Script Editor panel or use sample scripts from the samples directory
-
Click "Hook" to inject your script into the selected application
-
View script output and system logs in the Log Output panel
-
Use the Terminal panel to execute shell commands directly on the device (under maintainance)
The Docker setup is configured to provide direct access to USB devices for ADB communication:
- Uses privileged mode to access USB devices
- Maps
/dev/bus/usbfrom the host to the container - Uses host network mode to simplify ADB communication
- Preserves logs and uploads in mounted volumes
The framework includes sample scripts in the samples directory:
android_ssl_pinning_bypass.js: Bypasses SSL certificate pinning in Android appsandroid_api_tracer.js: Traces common Android API calls for security analysis
- Ensure your device is properly connected and USB debugging is enabled
- Verify that your device is rooted and that Frida server is properly installed
- Check the Log Output panel for error messages
- Restart the application or device if you encounter connection issues
- If devices aren't detected in the container:
- Check that USB debugging is enabled on your device
- Ensure the device is connected before starting the container
- Try restarting the ADB server on your host system:
adb kill-server && adb start-server - Restart the Docker container:
docker-compose restart
This project is licensed under the MIT License - see the LICENSE file for details.
- Frida - Dynamic instrumentation toolkit
- Flask - Python web framework
- React - Frontend library
- Material-UI - React component library
- Xterm.js - Terminal emulator
- Monaco Editor - Code editor