Malcore: Simple File Analysis
  • Malcore API docs
  • Packer Checking
  • Deep Static Analysis
  • PCAP diffing
  • Gather sections
  • Shellcode Emulation
  • Executable File Analysis
  • Binary Diffing
  • Script Analysis
  • Ransom Note Comparison
  • PCAP Analysis
  • Snort Rule Generation
  • Hash Checksum
  • Strings
  • Imports and Exports
  • Status Check
  • Yara Rule Scanning
  • Parse Exif Data
  • Domain Analysis
  • Threat Score
  • Execute From URL
  • Document File Analysis
  • URL Checking
  • Browser Extension Analysis
  • Android Permission Lookup
  • AndroidManifest Parsing
  • Phone Application Analysis
  • Dynamic Analysis
  • Threat Feed
  • AI Classifier
  • Scan Results Manipulation
Powered by GitBook
On this page
  • [ POST ] https://api.malcore.io/api/browserext
  • Query Params
  • Headers
  • Request
  • Response

Browser Extension Analysis

[ POST ] https://api.malcore.io/api/browserext

Perform analysis on a browser extension file, this endpoint will accept Chromnium and Firefox based extensions


Query Params

  • filename1 file

Headers

  • apiKey string


Request

curl -X POST https://api.malcore.io/api/browserext \
-F "filename1=@/path/to/browser/extension" \
  -H "apiKey: my-api-key" \

Response

🟢 200

{'data': {'data': {'extension_type': 'firefox', 'file_count': {'discovered_files': {'.mf': 1, '.png': 9, '.sig': 1, '.js': 21, '.json': 2, '.sf': 1, '.css': 7, '.manifest': 1, '.md': 1, '.rsa': 1, '.html': 4, '.svg': 1, '.wasm': 1, '.rulesets': 1

                }

            }, 'threat_score': {'vulnerability_signatures': [], 'score': 30, 'permissions_signatures': [

                    {'severity': 'low', 'name': 'webNavigation', 'description': 'Use the chrome.webNavigation API to receive notifications about the status of navigation requests in-flight.'

                    },

                    {'severity': 'critical', 'name': 'webRequest', 'description': 'Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight.'

                    },

                    {'severity': 'high', 'name': 'tabs', 'description': "Use the chrome.tabs API to interact with the browser's tab system. You can use this API to create, modify, and rearrange tabs in the browser."

                    },

                    {'severity': 'high', 'name': 'cookies', 'description': 'Use the chrome.cookies API to query and modify cookies, and to be notified when they change.'

                    },

                    {'severity': 'medium', 'name': 'storage', 'description': 'Use the chrome.storage API to store, retrieve, and track changes to user data.'

                    },

                    {'severity': 'info', 'name': '*: //*/*', 'description': '...'}]}, 'manifest_information': {'extension_content_scripts': ['no content scripts'], 'extension_name': '__MSG_about_ext_name__', 'background_scripts': {'scripts': ['...', '...', '...', '...', '...', '...', '...', '...', '...', '...', '...', '...', '...']}, 'extension_hot_keys': ['no hot keys'], 'permissions': ['webNavigation', 'webRequest', 'webRequestBlocking', 'tabs', 'cookies', 'storage', '*://*/*', 'ftp://*/*'], 'extension_version': '2022.5.11'}, 'interesting_strings': ['...', '...', '..', '...', '...', '...', '...', '...', '...', '....', '...', '...', '...', '....', '...'}, 'isMaintenance': False, 'success': True, 'messages': [{'type': 'success', 'code': 200, 'message': 'Scan is running'}]}, 'isMaintenance': False, 'success': True}

🔴 400

{}
PreviousURL CheckingNextAndroid Permission Lookup

Last updated 1 year ago