ExtAnalysis

Browser Extension Analysis Framework.

With ExtAnalysis you can :

  • Download & Analyze Extensions From:
  • Analyze Installed Extensions of:
    • Google Chrome
    • Mozilla Firefox
    • Opera Browser (Coming Soon)
  • Upload and Scan Extensions. Supported formats:
    • .crx
    • .xpi
    • .zip

Features of ExtAnalysis :

  • View Basic Informations:
    • Name, Author, Description and Version
  • Manifest Viewer
  • In depth permission information
  • Extract Intels from files which include:
    • URLs and domains
    • IPv6 and IPv4 addresses
    • Bitcoin addresses
    • Email addresses
    • File comments
    • Base64 encoded strings
  • View and Edit files. Supported file types:
    • html
    • json
    • JavaScript
    • css
  • VirusTotal Scans For:
    • URLs
    • Domains
    • Files
  • RetireJS Vulnerability scan for JavaScript files
  • Network graph of all files and URLs
  • Reconnaissance tools for extracted URLs:
    • Whois Scan
    • HTTP headers viewer
    • URL Source viewer
    • GEO-IP location
  • Some Fun Stuffs that include:
    • Dark Mode
    • Inbuilt chiptune player (Jam on to some classic chiptune while ExtAnalysis does the work)

How do I install it?

Installing ExtAnalysis is simple! It runs on python3, so make sure python3 and python3-pip are installed and follow these steps:

$ git clone https://github.com/Tuhinshubhra/ExtAnalysis

$ cd ExtAnalysis

$ pip3 install -r requirements.txt

For proper analysis don't forget to add your virustotal api.

How do I use it?

Once the installation is done you can jump straight ahead and run ExtAnalysis by running the command:
$ python3 extanalysis.py
It should automatically launch ExtAnalysis in a new browser window.

For other options check out the help menu $ python3 extanalysis.py --help

usage: extanalysis.py [-h HOST] [-p PORT] [-v] [-u] [-q] [--help]

optional arguments:
  -h HOST, --host HOST  Host to run ExtAnalysis on. Default host is 127.0.0.1
  -p PORT, --port PORT  Port to run ExtAnalysis on. Default port is 13337
  -v, --version         Shows version and quits
  -u, --update          Checks for update
  -q, --quiet           Quiet mode shows only errors on cli!
  --help                Shows this help menu and exits

Docker Build

$ docker build -t extanalysis .

Docker Usage

$ docker run --rm -it -p 13337:13337 extanalysis -h 0.0.0.0

Python Modules Used:

  • flask for the webserver
  • python-whois for Whois lookup
  • maxminddb for parsing the Geo-IP database
  • requests for http headers and source code viewer

Screenshots

Main Menu Results

GitHub