Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Tuhinshubhra/ExtAnalysis
Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels
https://github.com/Tuhinshubhra/ExtAnalysis
browser browser-extension browser-extension-analysis chrome chrome-extension chrome-extensions extension-analysis firefox firefox-addon firefox-extension
Last synced: about 1 month ago
JSON representation
Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels
- Host: GitHub
- URL: https://github.com/Tuhinshubhra/ExtAnalysis
- Owner: Tuhinshubhra
- License: gpl-3.0
- Created: 2019-05-06T10:01:47.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-08-03T09:50:06.000Z (4 months ago)
- Last Synced: 2024-10-19T06:44:04.426Z (about 2 months ago)
- Topics: browser, browser-extension, browser-extension-analysis, chrome, chrome-extension, chrome-extensions, extension-analysis, firefox, firefox-addon, firefox-extension
- Language: Python
- Homepage:
- Size: 10 MB
- Stars: 614
- Watchers: 22
- Forks: 108
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE
Awesome Lists containing this project
- awesome-rainmana - Tuhinshubhra/ExtAnalysis - Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels (Python)
- awesome-hacking-lists - Tuhinshubhra/ExtAnalysis - Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels (Python)
README
Features • Installation • Use • Modules Used • Screenshots • License
### With ExtAnalysis you can :
- Download & Analyze Extensions From:
- [Chrome Web Store](https://chrome.google.com)
- [Firefox Addons](https://addons.mozilla.org)
- Analyze Installed Extensions of:
- Google Chrome
- Mozilla Firefox
- Opera Browser (Coming Soon)
- Upload and Scan Extensions. Supported formats:
- .crx
- .xpi
- .zip
## Features of ExtAnalysis :
- View Basic Informations:
- Name, Author, Description and Version
- Manifest Viewer
- In depth permission information
- Extract Intels from files which include:
- URLs and domains
- IPv6 and IPv4 addresses
- Bitcoin addresses
- Email addresses
- File comments
- Base64 encoded strings
- View and Edit files. Supported file types:
- html
- json
- JavaScript
- css
- VirusTotal Scans For:
- URLs
- Domains
- Files
- RetireJS Vulnerability scan for JavaScript files
- Network graph of all files and URLs
- Reconnaissance tools for extracted URLs:
- Whois Scan
- HTTP headers viewer
- URL Source viewer
- GEO-IP location
- Some Fun Stuffs that include:
- Dark Mode
- Inbuilt chiptune player (*Jam on to some classic chiptune while ExtAnalysis does the work*)
## How do I install it?
Installing ExtAnalysis is simple! It runs on python3, so make sure `python3` and `python3-pip` are installed and follow these steps:
```
git clone https://github.com/Tuhinshubhra/ExtAnalysis
```
```
cd ExtAnalysis
```
```
pip3 install -r requirements.txt
```
For proper analysis don't forget to add your virustotal api.
## How do I use it?
Once the installation is done you can jump straight ahead and run ExtAnalysis by running the command:
**$** `python3 extanalysis.py`
It should automatically launch ExtAnalysis in a new browser window.
For other options check out the help menu **$** `python3 extanalysis.py --help`
```
usage: extanalysis.py [-h HOST] [-p PORT] [-v] [-u] [-q] [--help]
optional arguments:
-h HOST, --host HOST Host to run ExtAnalysis on. Default host is 127.0.0.1
-p PORT, --port PORT Port to run ExtAnalysis on. Default port is 13337
-v, --version Shows version and quits
-u, --update Checks for update
-q, --quiet Quiet mode shows only errors on cli!
--help Shows this help menu and exits
```
## Installing Docker Engine
Use the following [link](https://docs.docker.com/engine/install/)
## Docker Build
```
docker build -t extanalysis .
```
## Docker Usage
```
docker run --rm -it -p 13337:13337 extanalysis -h 0.0.0.0
```
### Using Docker Compose
```bash
docker compose build
docker compose up
## Or just:
docker compose up --build
## To run only for one-time use
docker-compose run --rm --build -it -p 13337:13337 extanalysis -h 0.0.0.0
## To run in the background
docker compose up -d
```
## Python Modules Used:
- `flask` for the webserver
- `python-whois` for Whois lookup
- `maxminddb` for parsing the Geo-IP database
- `requests` for http headers and source code viewer
## Screenshots
## Contribution
You can contribute to the development of ExtAnalysis by improving some code or even reporting by bugs.
For any other queries feel free to contact me via twitter: [@r3dhax0r](https://twitter.com/r3dhax0r)
Below is a list of people who contributed to the development of ExtAnalysis (*only pull requests!*)
#### Contributors
WebBreacher
## License and Credits
ExtAnalysis is licensed under [GNU General Public License v3.0](https://github.com/Tuhinshubhra/ExtAnalysis/blob/master/LICENSE).
Attribution to all the third-party libraries used can be found in the [CREDITS](https://github.com/Tuhinshubhra/ExtAnalysis/blob/master/CREDITS) file.
Copyright (C) 2019 - 2022 Tuhinshubhra