OSINT Chrome Extension: ThreatPinch Lookup
OSINT Chrome Extension: ThreatPinch Lookup
OSINT Chrome Extension
ThreatPinch was designed to enable information security professionals quick reference checks for commonly looked up indicators without having to leave the comfort of their current webpage. Be it, IPv4 addresses, MD5/SHA2 hashes, these indicators are usually copied and pasted into other tools or web dashboards, at best other threat related plugins allow you to highlight the indicator, right click and open a new page which is still a time consuming process and usually requires a fair bit of back and forth between windows.
Threat Pinch does the following:
- Creates on hover tooltip over any defined indicator expressed through a regex.
- Allows configuration of size, draggability, length of time needed to trigger and length of time the tooltip lasts.
- Complete control over the information provided in the tooltip.
- Ability to add indicators and icons for the lookup information displayed.
- A quick copy button button for the information displayed.
- Sophisticated filtering through allow/deny lists.
Current IOC Support
- IPv4
- MD5
- SHA2
- CVE
- FQDN (EFQDN is for Internet FQDN, IFQDN is for internal domains)
- Add your own in the options with regex!
Current Integrations
- ThreatMiner for IPv4, FQDN, MD5 and SHA2 lookups.
- Alienvault OTX for IPv4, MD5 and SHA2 lookups.
- IBM X-Force Exchange for IPv4 lookups.
- VirusTotal for MD5 and SHA2 lookups.
- Cymon.io for IPv4 lookups.
- CIRCL (Computer Incident Response Center Luxembourg) for CVE Lookups.
- PassiveTotal for FQDN Whois Lookups
- Add your own in the developers options page!
How Does ThreatPinch Work?
ThreatPinch works by injecting a Chrome Extension Content Script into every webpage you visit and monitoring for DOM Mutations that contain the indicators then wraps those indicators with a tooltip. If the idea of the plugin running on every website you visit is uncomfortable for you, or perhaps there are pages that ThreatPinch has negative interactions for, ThreatPinch has you covered, we have a number of filtering features which allow you to deny/allow certain sites, IP ranges and more. Visit the filtering section for more details.
We’ve taken great care to ensure the speed and performance of the plugin, using every javascript optimization technique in our toolbelt but if you do encounter any websites with performance issues let us know!
By default ThreatPinch has IPv4, MD5, SHA2 and CVE pre-defined by regex already, however you are free to add any indicator on your own by defining a custom “LookupType”, be careful with defining regex’s of your own though since it will be run on every element on every webpage. FQDN and URL are in the works, feel free to request a regex for any other indicator of interest in the issues section of this GitHub. My hopes are that we can create a community around customizing this plugin.
https://n0where.net/osint-chrome-extension-threatpinch-lookup/