├── src ├── icons │ ├── icon128.png │ ├── icon16.png │ └── icon48.png ├── manifest-chrome.json ├── manifest-firefox.json ├── background.js └── js │ ├── urlList.js │ └── menuitems.js ├── LICENSE └── README.md /src/icons/icon128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zdhenard42/SOC-Multitool/HEAD/src/icons/icon128.png -------------------------------------------------------------------------------- /src/icons/icon16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zdhenard42/SOC-Multitool/HEAD/src/icons/icon16.png -------------------------------------------------------------------------------- /src/icons/icon48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zdhenard42/SOC-Multitool/HEAD/src/icons/icon48.png -------------------------------------------------------------------------------- /src/manifest-chrome.json: -------------------------------------------------------------------------------- 1 | { 2 | "manifest_version": 3, 3 | "name": "SOC Multi-tool", 4 | "version": "1.0.1", 5 | "description": "SOC Multi-tool is a powerful and user-friendly browser extension that streamlines investigations for security professionals.", 6 | "background": { 7 | "service_worker": "background.js", 8 | "type": "module" 9 | }, 10 | "icons": { 11 | "16": "/icons/icon16.png", 12 | "48": "/icons/icon48.png", 13 | "128": "/icons/icon128.png" 14 | }, 15 | "permissions": [ 16 | "contextMenus" 17 | ] 18 | } -------------------------------------------------------------------------------- /src/manifest-firefox.json: -------------------------------------------------------------------------------- 1 | { 2 | "manifest_version": 3, 3 | "name": "SOC Multi-tool", 4 | "version": "1.0.1", 5 | "description": "SOC Multi-tool is a powerful and user-friendly browser extension that streamlines investigations for security professionals.", 6 | "background": { 7 | "scripts": ["background.js"], 8 | "type": "module" 9 | }, 10 | "icons": { 11 | "16": "/icons/icon16.png", 12 | "48": "/icons/icon48.png", 13 | "128": "/icons/icon128.png" 14 | }, 15 | "permissions": [ 16 | "contextMenus" 17 | ], 18 | "browser_specific_settings": { 19 | "gecko": { 20 | "id": "soc-multitool@zdhenard42", 21 | "strict_min_version": "109.0" 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Zachary Henard 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/background.js: -------------------------------------------------------------------------------- 1 | import menuItems from './js/menuitems.js'; 2 | import urls from './js/urlList.js'; 3 | 4 | const fixedEncodeURI = (str) => { 5 | return encodeURI(str).replace('/%5B/g', '[').replace('/%5D/g', ']'); 6 | } 7 | 8 | chrome.runtime.onInstalled.addListener(() => { 9 | for (let i = 0; i < menuItems.length; i++) { 10 | chrome.contextMenus.create({ 11 | id: menuItems[i].id, 12 | title: menuItems[i].title, 13 | contexts: menuItems[i].contexts, 14 | parentId: menuItems[i].parentId 15 | }); 16 | } 17 | }); 18 | 19 | chrome.contextMenus.onClicked.addListener((contextClick) => { 20 | if (contextClick.selectionText && contextClick.menuItemId in urls) { 21 | const urlsForMenuItem = urls[contextClick.menuItemId]; 22 | switch (contextClick.menuItemId) { 23 | case "CC_Magic": 24 | urlsForMenuItem.forEach((url) => { 25 | let encoded = url + btoa(fixedEncodeURI(contextClick.selectionText)).replaceAll('=', ''); 26 | chrome.tabs.create({ url: encoded }); 27 | }); 28 | break; 29 | case "CC_Defang": 30 | urlsForMenuItem.forEach((url) => { 31 | let encoded = url + btoa(fixedEncodeURI(contextClick.selectionText)).replaceAll('=', ''); 32 | chrome.tabs.create({ url: encoded }); 33 | }); 34 | break; 35 | case "CC_Resolve_Domain": 36 | urlsForMenuItem.forEach((url) => { 37 | let encoded = url + btoa(fixedEncodeURI(contextClick.selectionText)).replaceAll('=', ''); 38 | chrome.tabs.create({ url: encoded }); 39 | }); 40 | break; 41 | case "fileExt Info": 42 | urlsForMenuItem.forEach((url) => { 43 | let encoded = url + fixedEncodeURI(contextClick.selectionText).replaceAll(".", ""); 44 | chrome.tabs.create({ url: encoded }); 45 | }); 46 | break; 47 | default: 48 | urlsForMenuItem.forEach((url) => { 49 | let encoded = url + fixedEncodeURI(contextClick.selectionText); 50 | chrome.tabs.create({ url: encoded }); 51 | }); 52 | break; 53 | } 54 | } 55 | }); 56 | -------------------------------------------------------------------------------- /src/js/urlList.js: -------------------------------------------------------------------------------- 1 | const urls = { 2 | "IP Abuse": ["https://www.virustotal.com/gui/search/", "https://www.abuseipdb.com/check/", "https://viz.greynoise.io/ip/", "https://exchange.xforce.ibmcloud.com/ip/", "https://www.talosintelligence.com/reputation_center/lookup?search=", "https://www.shodan.io/host/", "https://www.projecthoneypot.org/ip_", "https://feodotracker.abuse.ch/browse/host/"], 3 | "IP Info": ["https://www.whois.com/whois/", "https://whois.domaintools.com/"], 4 | "Hash Rep": ["https://www.virustotal.com/gui/search/", "https://exchange.xforce.ibmcloud.com/malware/", "https://www.talosintelligence.com/talos_file_reputation?s=", "https://bazaar.abuse.ch/browse.php?search=sha256:"], 5 | "Domain Rep": ["https://otx.alienvault.com/indicator/domain/", "https://www.virustotal.com/gui/search/", "https://www.barracudacentral.org/lookups/lookup-reputation?lookup_entry=", "https://urlhaus.abuse.ch/browse.php?search="], 6 | "Crypto Info": ["https://www.blockchain.com/explorer/search?search="], 7 | "LOLBin Lookup": ["https://lolbas-project.github.io/#"], 8 | "Winbindex Lookup": ["https://winbindex.m417z.com/?file="], 9 | "CC_Magic": ["https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'')&input="], 10 | "CC_Defang": ["https://gchq.github.io/CyberChef/#recipe=Defang_URL(true,true,true,'Valid%20domains%20and%20full%20URLs')Defang_IP_Addresses()URL_Decode()&input="], 11 | "CC_Resolve_Domain": ["https://gchq.github.io/CyberChef/#recipe=Find_/_Replace(%7B'option':'Simple%20string','string':'%2520'%7D,'%5C%5Cn',true,false,true,false)Fork('%5C%5Cn','%5C%5Cn',false)DNS_over_HTTPS('https://dns.google.com/resolve','A',false,false)JPath_expression('Answer%5B0%5D%5B%5C'name,data%5C'%5D','',true)Find_/_Replace(%7B'option':'Simple%20string','string':'.%22%22'%7D,'%20%3D%3E%20',true,false,true,false)Find_/_Replace(%7B'option':'Simple%20string','string':'%22'%7D,'',true,false,true,false)&input="], 12 | "CVE Info": ["https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword="], 13 | "fileExt Info": ["https://fileinfo.com/extension/"], 14 | "file Info": ["https://www.file.net/search.html?q=site:file.net+"], 15 | "MAC Info": ["https://maclookup.app/search/result?mac="], 16 | "UA Info": ["https://Henard.tech/ua-parser.html?ua="], 17 | "Error Info": ["https://login.microsoftonline.com/error?code="], 18 | "Event Info": ["https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid="], 19 | "VPN Info": ["https://iphub.info/?ip=", "https://www.ip2location.com/demo/", "https://db-ip.com/", "https://metrics.torproject.org/rs.html#search/"], 20 | "Email Info": ["https://exchange.xforce.ibmcloud.com/url/", "https://mxtoolbox.com/SuperTool.aspx?run=toolpage&action=blacklist:"] 21 | }; 22 | 23 | 24 | 25 | export default urls; 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SOC Multi-tool 2 | 3 | Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft Edge, Chrome, Brave, and Opera. 4 | [Available on Chrome Web Store!](https://chrome.google.com/webstore/detail/soc-multi-tool/diagjgnagmnjdfnfcciocmjcllacgkab?hl=en&authuser=0) 5 | [Available on Firefox Add-Ons Store!](https://addons.mozilla.org/en-US/firefox/addon/soc-multi-tool/) 6 | 7 | ## Featured on: 8 | [#22 On Github Trending!](http://web.archive.org/web/20230111033410/https://github.com/trending/javascript?since=daily) 9 | ["Awesome Incident Response"!](https://github.com/meirwah/awesome-incident-response#all-in-one-tools) 10 | ["Awesome Threat Detection"!](https://github.com/0x4D31/awesome-threat-detection) 11 | ["Bad Sector Blogs"!](https://blog.badsectorlabs.com/last-week-in-security-lwis-2023-01-09.html#tools-and-exploits) 12 | ["Kali Linux Tutorials"!](https://kalilinuxtutorials.com/soc-multitool/) 13 | ["Security Online"](https://securityonline.info/soc-multitool-makes-investigations-faster-and-more-efficient/) 14 | ["OneStopSOC"!](https://github.com/AlbusNoir/OneStopSOC/blob/182f80da967f5513daea55ac8f516841f269dbdb/README.md#acknowledgements--contributions) 15 | ["Dinosn Twitter"!](https://twitter.com/Dinosn/status/1611600077314985984) 16 | 17 | 18 | 19 | 20 | SOC Multi-tool in action 21 | 22 | ## Streamline your investigations 23 | 24 | SOC Multi-tool eliminates the need for constant copying and pasting during investigations. Simply highlight the text you want to investigate, right-click, and navigate to the type of data highlighted. The extension will then open new tabs with the results of your investigation. 25 | 26 | ## Modern and feature-rich 27 | 28 | The SOC Multi-tool is a modernized multi-tool built from the ground up, with a range of features and capabilities. Some of the key features include: 29 | 30 | - IP Reputation Lookup using VirusTotal & AbuseIPDB 31 | - IP Info Lookup using Tor relay checker & WHOIS 32 | - Hash Reputation Lookup using VirusTotal 33 | - Domain Reputation Lookup using VirusTotal & AbuseIPDB 34 | - Domain Info Lookup using Alienvault 35 | - Living off the land binaries Lookup using the LOLBas project 36 | - Windows Binary Lookup using the Winbindex project 37 | - Decoding of Base64 & HEX using CyberChef 38 | - File Extension & Filename Lookup using fileinfo.com & File.net 39 | - MAC Address manufacturer Lookup using maclookup.com 40 | - Parsing of UserAgent using user-agents.net 41 | - Microsoft Error code Lookup using Microsoft's DB 42 | - Event ID Lookup (Windows, Sharepoint, SQL Server, Exchange, and Sysmon) using ultimatewindowssecurity.com 43 | - Blockchain Address Lookup using blockchain.com 44 | - CVE Info using cve.mitre.org 45 | 46 | 47 | ## Easy to install 48 | 49 | You can easily install the extension by downloading the release from the [Chrome Web Store!](https://chrome.google.com/webstore/detail/soc-multi-tool/diagjgnagmnjdfnfcciocmjcllacgkab?hl=en&authuser=0) 50 | If you wish to make edits you can download from the [releases page](https://github.com/zdhenard42/SOC-Multitool/releases), extract the folder and make your changes. 51 | To load your edited extension turn on developer mode in your browser's extensions settings, click "Load unpacked" and select the extracted folder! 52 |
53 |
54 | SOC Multi-tool is a community-driven project and the developer encourages users to contribute and share better resources. 55 | -------------------------------------------------------------------------------- /src/js/menuitems.js: -------------------------------------------------------------------------------- 1 | 2 | const menuItems = [ 3 | { 4 | id: "Abuse", 5 | title: "Reputation", 6 | contexts: ['selection'] 7 | }, 8 | { 9 | id: "Info", 10 | title: "Information", 11 | contexts: ['selection'] 12 | }, 13 | { 14 | id: "CyberChef", 15 | title: "CyberChef", 16 | contexts: ['selection'] 17 | }, 18 | { 19 | id: "EventError", 20 | title: "Event ID/Error code", 21 | contexts: ['selection'] 22 | }, 23 | { 24 | id: "Other", 25 | title: "Other", 26 | contexts: ['selection'] 27 | }, 28 | { 29 | parentId: "Abuse", 30 | id: "IP Abuse", 31 | title: "IP Reputation", 32 | contexts: ['selection'] 33 | }, 34 | { 35 | parentId: "Info", 36 | id: "IP Info", 37 | title: "IP/Domain WHOIS", 38 | contexts: ['selection'] 39 | }, 40 | { 41 | parentId: "Abuse", 42 | id: "Hash Rep", 43 | title: "Hash Reputation (SHA256)", 44 | contexts: ['selection'] 45 | }, 46 | { 47 | parentId: "Abuse", 48 | id: "Domain Rep", 49 | title: "Domain Reputation", 50 | contexts: ['selection'] 51 | }, 52 | { 53 | parentId: "Other", 54 | id: "Crypto Info", 55 | title: "Blockchain Address Info", 56 | contexts: ['selection'] 57 | }, 58 | { 59 | parentId: "Other", 60 | id: "MAC Info", 61 | title: "MAC Address Info", 62 | contexts: ['selection'] 63 | }, 64 | { 65 | parentId: "Other", 66 | id: "UA Info", 67 | title: "User Agent Info", 68 | contexts: ['selection'] 69 | }, 70 | { 71 | parentId: "Other", 72 | id: "CVE Info", 73 | title: "CVE Info", 74 | contexts: ['selection'] 75 | }, 76 | { 77 | parentId: "EventError", 78 | id: "Error Info", 79 | title: "Microsoft Error Info", 80 | contexts: ['selection'] 81 | }, 82 | { 83 | parentId: "Other", 84 | id: "file Info", 85 | title: "File Info", 86 | contexts: ['selection'] 87 | }, 88 | { 89 | parentId: "Other", 90 | id: "fileExt Info", 91 | title: "File Extension Info", 92 | contexts: ['selection'] 93 | }, 94 | { 95 | parentId: "Other", 96 | id: "LOLBin Lookup", 97 | title: "LOLBin Lookup", 98 | contexts: ['selection'] 99 | }, 100 | { 101 | parentId: "Other", 102 | id: "Winbindex Lookup", 103 | title: "Winbindex Lookup", 104 | contexts: ['selection'] 105 | }, 106 | { 107 | parentId: "EventError", 108 | id: "Event Info", 109 | title: "Event ID Info", 110 | contexts: ['selection'] 111 | }, 112 | { 113 | parentId: "Abuse", 114 | id: "VPN Info", 115 | title: "VPN Check", 116 | contexts: ['selection'] 117 | }, 118 | { 119 | parentId: "Abuse", 120 | id: "Email Info", 121 | title: "Email Check", 122 | contexts: ['selection'] 123 | }, 124 | { 125 | parentId: "CyberChef", 126 | id: "CC_Magic", 127 | title: "Magic", 128 | contexts: ['selection'] 129 | }, 130 | { 131 | parentId: "CyberChef", 132 | id: "CC_Defang", 133 | title: "Defang Content", 134 | contexts: ['selection'] 135 | } 136 | , 137 | { 138 | parentId: "CyberChef", 139 | id: "CC_Resolve_Domain", 140 | title: "Resolve Domain(s)", 141 | contexts: ['selection'] 142 | } 143 | ]; 144 | 145 | export default menuItems; 146 | --------------------------------------------------------------------------------