/EAR-Detection-Tool

Execution After Redirect (EAR) detection chrome extension and tool

Primary LanguagePython

EAR (Execution After Redirection) Detection tool


Logo

EAR-Tool-README

An awesome tool to search EAR and secure your website!
Explore the docs »

Report Bug · Request Feature

About The Project

EAR Scanner Tools is a set of security tools designed to detect Excessive Access Rights (EAR) vulnerabilities in web applications. It comprises a Chrome extension for real-time scanning of active web pages and a separate fuzz scanning tool that searches for and scans subdomains.

Features

  • Chrome Extension:

    • Allows users to scan the currently active website in their browser for EAR vulnerabilities.
    • If the current tab's URL is vulnerable to EAR, the extension will display the vulnerability details.

  • Fuzz Scanner:

    • Discovers subdomains for a given domain and scans each one for EAR vulnerabilities.
    • Results will be displayed in the console and saved to a log file.

  • Database Integration:

    • Saves scan results to a database to prevent redundant scanning and speed up the process by using cached results within a 10-day window.

Built With

Here are major frameworks/libraries we used to build our project.

Getting Started

Chrome Extension

extension

  1. Git clone and repo and navigate to the folder
git clone https://github.com/Kennnnn774/EAR-Detection-Tool.git
cd EAR-Detection-Tool
  1. OPTIONAL: To run locally, install the required Python packages. ONLY DO THIS if you are running this locally rather than with the hosted service- typically would just be for testing.
pip install -r requirements.txt

Additionally, create a .env file with a 'DB_API_KEY' and 'DB_URL_API_BASE' as keys, with an api key and base url from MongoDB Atlas. ONLY DO THIS if you are running this locally rather than with the hosted service- typically would just be for testing.

image

Finally, change the url in 'scripts/content.js' on line 4 to the localhost url. ONLY DO THIS if you are running it locally rather than with the hosted service- typically would just be for testing. To switch it back to the hosted service, remove the localhost URL and replace it with 'https://ear-extension-backend.onrender.com/scan'

  1. Load the Chrome extension into your browser
    • Navigate to chrome://extensions/
    • Enable Developer mode
    • Click on Load unpacked and select the entire folder from the cloned repository.

Fuzz Scan Tool

fuzzscantool

  1. After cloning the repository, install the required Python packages
pip install -r requirements.txt
  1. navigate to the fuzz_scan_toolfolder after following the previous two steps
cd fuzz_scan_tool
  1. Run the fuzz scanner tool:
python fuzz_scan.py

Contributing

Contributions are what make the development community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork this repo and create a pull request.

Don't forget to give the project a star! ⭐ Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b)
  3. Commit your Changes (git commit -m 'RandomMessage')
  4. Push to the Branch (git push origin)
  5. Open a Pull Request

Contact (listed in alphabetical order)

Acknowledgments

We are thankful for these resources which have helped us on our development journey: