ExtAnalysis : Browser Extension Analysis Framework

ExtAnalysis is a browser extension analysis framework. Installing it is simple! It runs on python3, so make sure python3 and python3-pip are installed.

What Can You Do?

  • Download & Analyze Extensions From:
  • Analyze Installed Extensions of:
    • Google Chrome
    • Mozilla Firefox
    • Opera Browser (Coming Soon)
  • Upload and Scan Extensions. Supported formats:
    • .crx
    • .xpi
    • .zip

Features

  • View Basic Informations:
    • Name, Author, Description and Version
  • Manifest Viewer
  • In depth permission information
  • Extract Intels from files which include:
    • URLs and domains
    • IPv6 and IPv4 addresses
    • Bitcoin addresses
    • Email addresses
    • File comments
    • Base64 encoded strings
  • View and Edit files. Supported file types:
    • html
    • json
    • JavaScript
    • css
  • VirusTotal Scans For:
    • URLs
    • Domains
    • Files
  • RetireJS Vulnerability scan for JavaScript files
  • Network graph of all files and URLs
  • Reconnaissance tools for extracted URLs:
    • Whois Scan
    • HTTP headers viewer
    • URL Source viewer
    • GEO-IP location
  • Some Fun Stuffs that include:
    • Dark Mode
    • Inbuilt chiptune player (Jam on to some classic chiptune while it does the work)

Also Read – Vulmap :Online Local Vulnerability Scanners Project

Install

$ git clone https://github.com/Tuhinshubhra/ExtAnalysis
$ cd ExtAnalysis
$ pip3 install -r requirements.txt

For proper analysis don’t forget to add your virustotal api.

How do I use it?

Once the installation is done you can jump straight ahead and run it by running the command: $ python3 extanalysis.py It should automatically launch it in a new browser window.

For other options check out the help menu $ python3 extanalysis.py --help

usage: extanalysis.py [-h HOST] [-p PORT] [-v] [-u] [-q] [–help]

optional arguments:
-h HOST, –host HOST Host to run ExtAnalysis on. Default host is 127.0.0.1
-p PORT, –port PORT Port to run ExtAnalysis on. Default port is 13337
-v, –version Shows version and quits
-u, –update Checks for update
-q, –quiet Quiet mode shows only errors on cli!
–help Shows this help menu and exits

Python Modules Used:

  • flask for the webserver
  • python-whois for Whois lookup
  • maxminddb for parsing the Geo-IP database
  • requests for http headers and source code viewer

Screenshots

Download
R K

Share
Published by
R K
Tags: Analysis FrameworkBrowser ExtensionChromeExtAnalysisFirefox
6 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago