{"id":34168175,"url":"https://github.com/nachorpaez/osquery-extensions","last_synced_at":"2026-03-12T01:02:26.348Z","repository":{"id":201249596,"uuid":"598685013","full_name":"nachorpaez/osquery-extensions","owner":"nachorpaez","description":"An Osquery extension with tables useful for IR investigations.","archived":false,"fork":false,"pushed_at":"2025-03-09T19:36:57.000Z","size":29,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-18T06:59:38.671Z","etag":null,"topics":["osquery"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nachorpaez.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-07T15:58:36.000Z","updated_at":"2025-03-09T19:38:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"18b6aaf3-8a2e-4d43-8bbe-4f0e3cb8e764","html_url":"https://github.com/nachorpaez/osquery-extensions","commit_stats":null,"previous_names":["nachorpaez/osquery-vscode-extension","nachorpaez/osquery-extensions"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nachorpaez/osquery-extensions","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nachorpaez%2Fosquery-extensions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nachorpaez%2Fosquery-extensions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nachorpaez%2Fosquery-extensions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nachorpaez%2Fosquery-extensions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nachorpaez","download_url":"https://codeload.github.com/nachorpaez/osquery-extensions/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nachorpaez%2Fosquery-extensions/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30410356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T00:40:14.898Z","status":"ssl_error","status_checked_at":"2026-03-12T00:40:08.439Z","response_time":84,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["osquery"],"created_at":"2025-12-15T10:50:59.319Z","updated_at":"2026-03-12T01:02:26.342Z","avatar_url":"https://github.com/nachorpaez.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Osquery Extension\n\n## Project Summary\nThis project provides custom Osquery tables that enhance the default Osquery functionality on macOS and Windows. These tables can help with forensics, compliance, and security investigations by extracting critical configuration and usage data from local installations.\n\n## Usage\nFor testing, you can load the extension with `osqueryi`.\n\nBy default, osquery does not want to load extensions not owned by root. You can either change the ownership of osquery_extension.ext to root, or run osquery with the `--allow_unsafe` flag.\n\nTo test:\n```bash\nmake osqueryi # Will run osqueryi --extension /path/to/osquery_extension.ext --allow_unsafe in the background\n```\n\nFor production deployment, you should refer to the [osquery documentation](https://osquery.readthedocs.io/en/stable/deployment/extensions/).\n\n## Tables\n\n|Table|Description|Platforms|Notes|\n|----|----|----|----|\n| `chrome_extensions_dns` | Inspired by [ExtensionHound](https://github.com/arsolutioner/ExtensionHound), this table returns the DNS domains requested by chromium browser extensions. | macOS / Windows |\n| `chrome_preferences` | Parses different Chromium based browser preferences such as sites with access to geolocation data, microphone access and notifications. Useful for forensics purposes. | macOS / Windows |\n| `vscode_extensions` | Returns VSCode extensions installed on host. This table has been eventually incorporated into Osquery core. | macOS / Windows |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnachorpaez%2Fosquery-extensions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnachorpaez%2Fosquery-extensions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnachorpaez%2Fosquery-extensions/lists"}