crxcavator.io Open in urlscan Pro
18.154.227.7  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Getting started
   
   * About
   * CHANGELOG
   * Report Breakdown
   * Risk Breakdown
   * CRXcavator Gatherer
   * Terms of Use

 * WebHooks
   
   * User Extension Requesting
   * Verify WebHooks

 * Technology
   
   * Technologies Used
   * Security


ABOUT CRXCAVATOR

CRXcavator automatically scans the entire Chrome, Firefox, and Edge Web Stores
every 3 hours and produces a quantified risk score for each browser extension
based on several factors. These factors include permissions, inclusion of
vulnerable third party javascript libraries, weak content security policies,
missing details from the associated web store description, and more.
Organizations can use this tool to assess the browser extensions they have
installed and to move towards implementing explicit allow (allowlisting) for
their organization.

CRXcavator was created as an internal tool by Duo’s Corporate Security
Engineering team to solve a real problem in our organization. When maintaining a
list of explicitly allowed browser extensions, it can be difficult to uniformly
assess the risk introduced by adding a new extension to the allowed list.
Because CRXcavator has solved real problems for us internally, we have made it a
publicly available tool. You can get started by scanning an extension, or you
can create an account and group to take advantage of our enterprise features.

We are offering this tool to the public at no cost under the following terms of
use.


HOW TO VIEW THE REPORT FOR AN EXTENSION?

In the search box on the home page or in the top bar, you can simply type in the
name of the extension you’re looking for. If you’re having trouble finding a
specific extension or you want to scan an unlisted extension you can enter the
extension ID.

To locate a Chrome Extension’s ID, navigate to the extension's page on the
Chrome Web Store and copy the last section of the URL. It should look something
like this:
https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd.
The last part of the url hdokiejnpimakedhajhdlcegeplioahd is the extension ID.




HOW DO I GET NOTIFIED WHEN AN EXTENSION UPDATES?

You can subscribe RSS feeds for extension you want to be notified about at
https://rss.crxcavator.io. An example RSS feed to subscribe to is
https://rss.crxcavator.io/hdokiejnpimakedhajhdlcegeplioahd.xml


HOW DO I GET IN CONTACT WITH CRXCAVATOR FOR QUESTIONS OR OTHER REQUESTS?

Sending an email to support@crxcavator.io is the best way to contact us.


POTENTIAL ROADMAP ITEMS

 * UI Redesign
 * WebHooks for extension updates
 * Search through JavaScript of all extensions using RegEx
 * Diff two versions of an extension
 * Improved external call parsing
 * Threat intel enrichment of all urls found in an extension

If you have any feature requests or are really interested in a feature listed
above, email support@crxcavator.io. We'd love to hear from you.