SecLists
SecLists copied to clipboard
danielmiessler
Anyone see value in adding a Chrome malicious extension list?
I figured I'd open it up to the collective to see if y'all would find value to the list I keep of malicious Chrome extensions before making a pull request:
Just the IDs: https://github.com/mallorybowes/chrome-mal-ids/blob/master/current-list.csv IDs + metadata: https://github.com/mallorybowes/chrome-mal-ids/blob/master/current-list-meta.csv
I could see ppl using it for figuring out malicious extensions on desktops for various pentest-like engagements or if someone wanted a known malicious id to test AV-type functionality. There's also 2 ppl that currently pull the list to scan through their application inventories for the networks they manage.
If ppl think it would be a good addition, I'll put in the pull request.
Thanks!
SecList:
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
If its used todo security assessments, then it can be added ;) How common is it? Not sure - but thats not the point! However, how would it be kept up-to-date? Thats then something that would need to be kept in sync. On the fence with the submission - open to feedback & comments.
At the very least, can be added to the README ~ Similar Projects
If its used todo security assessments, then it can be added ;)
Technically, when used w/the shell script, it's a security assessment. But just for the user's local Chrome extension directory... :-)
How common is it? Not sure - but thats not the point!
Yeah, that's why I figured I'd ask what ppl do with the lists in this project. I can see where it might provide value but seems to be an edge case. I could def see the info being added to something like an OpenVAS or Nessus vuln scans but I'm not sure if that's what ppl here do with the current lists.
However, how would it be kept up-to-date? Thats then something that would need to be kept in sync.
Right now, it's just me... :-) I'm hoping that more ppl will take an interest at some point and help decide things like when the extension should be listed as malicious and update submissions. (Originally, I didn't think anyone would be interested in what I was doing with the extension list / shell script and was surprised when I was contacted by a few ppl about how they use it. That's what prompted me to reach out to y'all...) The list has been forked a few times which makes me hopeful those ppl could be other contribs at some point...
As far as the info in the list, I usually get the reported malicious extension listed either on the README (if it's still in question) or in the actual malicious list the same day the extension makes the press. To keep the list up-to-date in your repo, I could do periodic pull requests.
Hope this helped! And thx again for taking a look!
I do not think such a list belongs here. Seclists is mainly a collection of lists to be used for fuzzing and asset discovery. A list of malicious chrome extensions would be better suited in an IOCs database.
