Skip to content

Instantly share code, notes, and snippets.

@PSingletary
Created July 18, 2018 12:16
Show Gist options
  • Save PSingletary/d8973aaad323b5b860edfd1caf3347aa to your computer and use it in GitHub Desktop.
Save PSingletary/d8973aaad323b5b860edfd1caf3347aa to your computer and use it in GitHub Desktop.
Gets a list of the currently installed chrome browser extensions for the user running the script. This will get the names of all the installed extensions and dump them to a file on a server named with COMPUTER-USER.txt for auditing. You can then grep this collection of files for certain vulnerable extension names. Script is compatible with Power…
param([String]$OutputFolder=$null,[String]$ExtensionId=$null,[Switch]$Remove, [Switch]$WhatIf)
##: Globals
$retval = $false
##: If OutputFolder param wasn't given, output the audit file to the desktop
if(!$OutputFolder -or !(Test-Path -Path $OutputFolder)) {
$auditfolderpath = "$($env:USERPROFILE)\Desktop"
} else {
$auditfolderpath = $OutputFolder
}
##: This is the file we will write the extension list to
$auditfilepath = "$($auditfolderpath)\$($env:USERNAME)-$($env:COMPUTERNAME).txt"
if( !(Test-Path -Path $auditfilepath) ) {
echo "Creating: [$auditfilepath]"
if(!($WhatIf)) {
echo "" | Out-File -FilePath $auditfilepath
}
}
if(!($WhatIf)) {
Clear-Content $auditfilepath
}
##: The extensions folder is in local appdata
$extension_folders = Get-ChildItem -Path "$($env:LOCALAPPDATA)\Google\Chrome\User Data\Default\Extensions"
##: Loop through each extension folder
foreach ($extension_folder in $extension_folders ) {
##: Get the version specific folder within this extension folder
$version_folders = Get-ChildItem -Path "$($extension_folder.FullName)"
##: Loop through the version folders found
foreach ($version_folder in $version_folders) {
##: The extension folder name is the app id in the Chrome web store
$appid = $extension_folder.BaseName
##: First check the manifest for a name
$name = ""
if( (Test-Path -Path "$($version_folder.FullName)\manifest.json") ) {
try {
$json = Get-Content -Raw -Path "$($version_folder.FullName)\manifest.json" | ConvertFrom-Json
$name = $json.name
} catch {
#$_
$name = ""
}
}
##: If we find _MSG_ in the manifest it's probably an app
if( $name -like "*MSG*" ) {
##: Sometimes the folder is en
if( Test-Path -Path "$($version_folder.FullName)\_locales\en\messages.json" ) {
try {
$json = Get-Content -Raw -Path "$($version_folder.FullName)\_locales\en\messages.json" | ConvertFrom-Json
$name = $json.appName.message
##: Try a lot of different ways to get the name
if(!$name) {
$name = $json.extName.message
}
if(!$name) {
$name = $json.extensionName.message
}
if(!$name) {
$name = $json.app_name.message
}
if(!$name) {
$name = $json.application_title.message
}
} catch {
#$_
$name = ""
}
}
##: Sometimes the folder is en_US
if( Test-Path -Path "$($version_folder.FullName)\_locales\en_US\messages.json" ) {
try {
$json = Get-Content -Raw -Path "$($version_folder.FullName)\_locales\en_US\messages.json" | ConvertFrom-Json
$name = $json.appName.message
##: Try a lot of different ways to get the name
if(!$name) {
$name = $json.extName.message
}
if(!$name) {
$name = $json.extensionName.message
}
if(!$name) {
$name = $json.app_name.message
}
if(!$name) {
$name = $json.application_title.message
}
} catch {
#$_
$name = ""
}
}
}
##: If we can't get a name from the extension use the app id instead
if( !$name ) {
$name = "[$($appid)]"
}
##: App id given on command line and this one matched it
if( $ExtensionId -and ($appid -eq $ExtensionId) ) {
if( $Remove ) {
echo "Removing item: [$appid] at path: [$($extension_folder.FullName)]"
if(!($WhatIf)) {
##: Remove the extension folder
if (Test-Path -Path $extension_folder.FullName) {
Remove-Item -Path $extension_folder.FullName -Recurse -Force
}
##: Remove the extension registry key
if (Test-Path -Path "HKCU:\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings") {
if( Get-ItemProperty -Name "$appid" -Path "HKCU:\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings" ) {
Remove-ItemProperty -Name "$appid" -Path "HKCU:\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings"
}
}
}
} else {
##: Dump to a file
echo "Appending: [$name ($($version_folder)) - $appid] to audit file: [$auditfilepath]"
if(!($WhatIf)) {
echo "$name ($($version_folder)) - $appid" | Out-File -Append $auditfilepath
}
##: Exit with a TRUE value if the given extension id was found
$retval = $true
}
##: App id given on command line and this did NOT match it
} elseif( $ExtensionId -and ($appid -ne $ExtensionId) ) {
##: NOP
#echo "Skipping: [$appid] output"
##: App id not given on command line
} else {
##: Dump to audit file
echo "Appending: [$name ($($version_folder)) - $appid] to audit file: [$auditfilepath]"
if(!($WhatIf)) {
echo "$name ($($version_folder)) - $appid" | Out-File -Append $auditfilepath
}
}
}
}
exit($retval)
Found on Spiceworks: https://community.spiceworks.com/scripts/show/3911-get-chromeextensions-ps1?utm_source=copy_paste&utm_campaign=growth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment