crxcavator.io
Open in
urlscan Pro
18.154.227.7
Public Scan
URL:
https://crxcavator.io/docs.html
Submission: On February 04 via manual from US — Scanned from US
Submission: On February 04 via manual from US — Scanned from US
Form analysis
0 forms found in the DOMText Content
* Getting started * About * CHANGELOG * Report Breakdown * Risk Breakdown * CRXcavator Gatherer * Terms of Use * WebHooks * User Extension Requesting * Verify WebHooks * Technology * Technologies Used * Security ABOUT CRXCAVATOR CRXcavator automatically scans the entire Chrome, Firefox, and Edge Web Stores every 3 hours and produces a quantified risk score for each browser extension based on several factors. These factors include permissions, inclusion of vulnerable third party javascript libraries, weak content security policies, missing details from the associated web store description, and more. Organizations can use this tool to assess the browser extensions they have installed and to move towards implementing explicit allow (allowlisting) for their organization. CRXcavator was created as an internal tool by Duo’s Corporate Security Engineering team to solve a real problem in our organization. When maintaining a list of explicitly allowed browser extensions, it can be difficult to uniformly assess the risk introduced by adding a new extension to the allowed list. Because CRXcavator has solved real problems for us internally, we have made it a publicly available tool. You can get started by scanning an extension, or you can create an account and group to take advantage of our enterprise features. We are offering this tool to the public at no cost under the following terms of use. HOW TO VIEW THE REPORT FOR AN EXTENSION? In the search box on the home page or in the top bar, you can simply type in the name of the extension you’re looking for. If you’re having trouble finding a specific extension or you want to scan an unlisted extension you can enter the extension ID. To locate a Chrome Extension’s ID, navigate to the extension's page on the Chrome Web Store and copy the last section of the URL. It should look something like this: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd. The last part of the url hdokiejnpimakedhajhdlcegeplioahd is the extension ID. HOW DO I GET NOTIFIED WHEN AN EXTENSION UPDATES? You can subscribe RSS feeds for extension you want to be notified about at https://rss.crxcavator.io. An example RSS feed to subscribe to is https://rss.crxcavator.io/hdokiejnpimakedhajhdlcegeplioahd.xml HOW DO I GET IN CONTACT WITH CRXCAVATOR FOR QUESTIONS OR OTHER REQUESTS? Sending an email to support@crxcavator.io is the best way to contact us. POTENTIAL ROADMAP ITEMS * UI Redesign * WebHooks for extension updates * Search through JavaScript of all extensions using RegEx * Diff two versions of an extension * Improved external call parsing * Threat intel enrichment of all urls found in an extension If you have any feature requests or are really interested in a feature listed above, email support@crxcavator.io. We'd love to hear from you.