Created
July 18, 2018 12:16
-
-
Save PSingletary/d8973aaad323b5b860edfd1caf3347aa to your computer and use it in GitHub Desktop.
Gets a list of the currently installed chrome browser extensions for the user running the script. This will get the names of all the installed extensions and dump them to a file on a server named with COMPUTER-USER.txt for auditing. You can then grep this collection of files for certain vulnerable extension names. Script is compatible with Power…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param([String]$OutputFolder=$null,[String]$ExtensionId=$null,[Switch]$Remove, [Switch]$WhatIf) | |
| ##: Globals | |
| $retval = $false | |
| ##: If OutputFolder param wasn't given, output the audit file to the desktop | |
| if(!$OutputFolder -or !(Test-Path -Path $OutputFolder)) { | |
| $auditfolderpath = "$($env:USERPROFILE)\Desktop" | |
| } else { | |
| $auditfolderpath = $OutputFolder | |
| } | |
| ##: This is the file we will write the extension list to | |
| $auditfilepath = "$($auditfolderpath)\$($env:USERNAME)-$($env:COMPUTERNAME).txt" | |
| if( !(Test-Path -Path $auditfilepath) ) { | |
| echo "Creating: [$auditfilepath]" | |
| if(!($WhatIf)) { | |
| echo "" | Out-File -FilePath $auditfilepath | |
| } | |
| } | |
| if(!($WhatIf)) { | |
| Clear-Content $auditfilepath | |
| } | |
| ##: The extensions folder is in local appdata | |
| $extension_folders = Get-ChildItem -Path "$($env:LOCALAPPDATA)\Google\Chrome\User Data\Default\Extensions" | |
| ##: Loop through each extension folder | |
| foreach ($extension_folder in $extension_folders ) { | |
| ##: Get the version specific folder within this extension folder | |
| $version_folders = Get-ChildItem -Path "$($extension_folder.FullName)" | |
| ##: Loop through the version folders found | |
| foreach ($version_folder in $version_folders) { | |
| ##: The extension folder name is the app id in the Chrome web store | |
| $appid = $extension_folder.BaseName | |
| ##: First check the manifest for a name | |
| $name = "" | |
| if( (Test-Path -Path "$($version_folder.FullName)\manifest.json") ) { | |
| try { | |
| $json = Get-Content -Raw -Path "$($version_folder.FullName)\manifest.json" | ConvertFrom-Json | |
| $name = $json.name | |
| } catch { | |
| #$_ | |
| $name = "" | |
| } | |
| } | |
| ##: If we find _MSG_ in the manifest it's probably an app | |
| if( $name -like "*MSG*" ) { | |
| ##: Sometimes the folder is en | |
| if( Test-Path -Path "$($version_folder.FullName)\_locales\en\messages.json" ) { | |
| try { | |
| $json = Get-Content -Raw -Path "$($version_folder.FullName)\_locales\en\messages.json" | ConvertFrom-Json | |
| $name = $json.appName.message | |
| ##: Try a lot of different ways to get the name | |
| if(!$name) { | |
| $name = $json.extName.message | |
| } | |
| if(!$name) { | |
| $name = $json.extensionName.message | |
| } | |
| if(!$name) { | |
| $name = $json.app_name.message | |
| } | |
| if(!$name) { | |
| $name = $json.application_title.message | |
| } | |
| } catch { | |
| #$_ | |
| $name = "" | |
| } | |
| } | |
| ##: Sometimes the folder is en_US | |
| if( Test-Path -Path "$($version_folder.FullName)\_locales\en_US\messages.json" ) { | |
| try { | |
| $json = Get-Content -Raw -Path "$($version_folder.FullName)\_locales\en_US\messages.json" | ConvertFrom-Json | |
| $name = $json.appName.message | |
| ##: Try a lot of different ways to get the name | |
| if(!$name) { | |
| $name = $json.extName.message | |
| } | |
| if(!$name) { | |
| $name = $json.extensionName.message | |
| } | |
| if(!$name) { | |
| $name = $json.app_name.message | |
| } | |
| if(!$name) { | |
| $name = $json.application_title.message | |
| } | |
| } catch { | |
| #$_ | |
| $name = "" | |
| } | |
| } | |
| } | |
| ##: If we can't get a name from the extension use the app id instead | |
| if( !$name ) { | |
| $name = "[$($appid)]" | |
| } | |
| ##: App id given on command line and this one matched it | |
| if( $ExtensionId -and ($appid -eq $ExtensionId) ) { | |
| if( $Remove ) { | |
| echo "Removing item: [$appid] at path: [$($extension_folder.FullName)]" | |
| if(!($WhatIf)) { | |
| ##: Remove the extension folder | |
| if (Test-Path -Path $extension_folder.FullName) { | |
| Remove-Item -Path $extension_folder.FullName -Recurse -Force | |
| } | |
| ##: Remove the extension registry key | |
| if (Test-Path -Path "HKCU:\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings") { | |
| if( Get-ItemProperty -Name "$appid" -Path "HKCU:\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings" ) { | |
| Remove-ItemProperty -Name "$appid" -Path "HKCU:\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings" | |
| } | |
| } | |
| } | |
| } else { | |
| ##: Dump to a file | |
| echo "Appending: [$name ($($version_folder)) - $appid] to audit file: [$auditfilepath]" | |
| if(!($WhatIf)) { | |
| echo "$name ($($version_folder)) - $appid" | Out-File -Append $auditfilepath | |
| } | |
| ##: Exit with a TRUE value if the given extension id was found | |
| $retval = $true | |
| } | |
| ##: App id given on command line and this did NOT match it | |
| } elseif( $ExtensionId -and ($appid -ne $ExtensionId) ) { | |
| ##: NOP | |
| #echo "Skipping: [$appid] output" | |
| ##: App id not given on command line | |
| } else { | |
| ##: Dump to audit file | |
| echo "Appending: [$name ($($version_folder)) - $appid] to audit file: [$auditfilepath]" | |
| if(!($WhatIf)) { | |
| echo "$name ($($version_folder)) - $appid" | Out-File -Append $auditfilepath | |
| } | |
| } | |
| } | |
| } | |
| exit($retval) | |
| Found on Spiceworks: https://community.spiceworks.com/scripts/show/3911-get-chromeextensions-ps1?utm_source=copy_paste&utm_campaign=growth |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment