Skip to content

Browser Extension Analysis Framework - Scan, Analyse Chrome, firefox and Brave extensions for vulnerabilities and intels

License

Notifications You must be signed in to change notification settings

anandtiwarics/ExtAnalysis

 
 

Repository files navigation

Logo
version Python Version GitHub stars GitHub license Twitter


FeaturesInstallationUseModules UsedScreenshotsLicense


With ExtAnalysis you can :

  • Download & Analyze Extensions From:
  • Analyze Installed Extensions of:
    • Google Chrome
    • Mozilla Firefox
    • Opera Browser (Coming Soon)
  • Upload and Scan Extensions. Supported formats:
    • .crx
    • .xpi
    • .zip

Features of ExtAnalysis :

  • View Basic Informations:
    • Name, Author, Description and Version
  • Manifest Viewer
  • In depth permission information
  • Extract Intels from files which include:
    • URLs and domains
    • IPv6 and IPv4 addresses
    • Bitcoin addresses
    • Email addresses
    • File comments
    • Base64 encoded strings
  • View and Edit files. Supported file types:
    • html
    • json
    • JavaScript
    • css
  • VirusTotal Scans For:
    • URLs
    • Domains
    • Files
  • RetireJS Vulnerability scan for JavaScript files
  • Network graph of all files and URLs
  • Reconnaissance tools for extracted URLs:
    • Whois Scan
    • HTTP headers viewer
    • URL Source viewer
    • GEO-IP location
  • Some Fun Stuffs that include:
    • Dark Mode
    • Inbuilt chiptune player (Jam on to some classic chiptune while ExtAnalysis does the work)

How do I install it?

Installing ExtAnalysis is simple! It runs on python3, so make sure python3 and python3-pip are installed and follow these steps:

$ git clone https://github.com/Tuhinshubhra/ExtAnalysis
$ cd ExtAnalysis
$ pip3 install -r requirements.txt

For proper analysis don't forget to add your virustotal api.

How do I use it?

Once the installation is done you can jump straight ahead and run ExtAnalysis by running the command: $ python3 extanalysis.py It should automatically launch ExtAnalysis in a new browser window.

For other options check out the help menu $ python3 extanalysis.py --help

usage: extanalysis.py [-h HOST] [-p PORT] [-v] [-u] [-q] [--help]

optional arguments:
  -h HOST, --host HOST  Host to run ExtAnalysis on. Default host is 127.0.0.1
  -p PORT, --port PORT  Port to run ExtAnalysis on. Default port is 13337
  -v, --version         Shows version and quits
  -u, --update          Checks for update
  -q, --quiet           Quiet mode shows only errors on cli!
  --help                Shows this help menu and exits

Docker Build

$ docker build -t extanalysis .

Docker Usage

$ docker run --rm -it -p 13337:13337 extanalysis -h 0.0.0.0

Python Modules Used:

  • flask for the webserver
  • python-whois for Whois lookup
  • maxminddb for parsing the Geo-IP database
  • requests for http headers and source code viewer

Screenshots

Main Menu Results

Contribution

You can contribute to the development of ExtAnalysis by improving some code or even reporting by bugs.

For any other queries feel free to contact me via twitter: @r3dhax0r

Below is a list of people who contributed to the development of ExtAnalysis (only pull requests!)

Contributors

WebBreacher

License and Credits

ExtAnalysis is licensed under GNU General Public License v3.0. Attribution to all the third-party libraries used can be found in the CREDITS file.


Copyright (C) 2019 - 2020 Tuhinshubhra

About

Browser Extension Analysis Framework - Scan, Analyse Chrome, firefox and Brave extensions for vulnerabilities and intels

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 45.7%
  • JavaScript 23.0%
  • HTML 16.4%
  • CSS 14.8%
  • Dockerfile 0.1%