Sputnik — An Open Source Intelligence Browser Extension

Mitch Moser
InfoSec Write-ups
Published in
3 min readDec 29, 2018

Summary

Sputnik is a browser extension which I designed to quickly and easily search IPs, Domains, File Hashes, and URLs using free Open Source Intelligence (OSINT) resources.

As an Incident Response Analyst, this tool has enabled streamlined pivoting on artifacts gathered during investigations. Being able to quickly gather OSINT helps provide context to an investigation and can help when developing a narrative for an incident.

I designed this with convenience and efficiency in mind. In order to use the extension, simply highlight the artifact you wish to search and right click to choose an OSINT tool. You can also right click on hyperlinks, images, audio, and video content and the domain will be extracted from these artifacts. In most cases, you will be redirected straight to results. For tools that require user interaction such as captchas, the highlighted artifact is saved to your clipboard and you will be directed to the submission page to paste the selected artifact.

Sputnik is available for free:

Below are some examples and code snippets to explain how it works.

Skip to the end for screenshots of the extension in both browsers.

Design Samples

Sputnik is implemented as a Context Menu item in Firefox and Chrome. Context Menus are the interface windows in browsers that appear with right clicks such as:

Example Context Menu

A context menu browser extension typically has 2 basic components:

  1. A manifest to store metadata such as version number and permissions.
  2. A javascript file to implement the functionality of the extension.

Manifest

A typical manifest for a browser extension looks something like this:

Sputnik Manifest

As you can see, this contains information such as a brief description, a path to the icon file, a version number, and a set of permissions. In order to implement the menu items in Firefox and Chrome, I had to use each browser’s supported API/framework in order to leverage as much built-in functionality as possible and avoid reinventing the wheel.

Context Menu Functionality

I chose to separate the OSINT sources into their own sub-menus by artifact type (IPs, Domains, File Hashes, and URLs). To do this, I used parent/child menus:

Firefox Context Menu

To launch the chosen OSINT resource, I simply used a switch statement to set the url that will be opened. For tools that supported the artifact in their URL, I appended the selected text after the search link.

Context Menu Functionality

Clipboard Write

Firefox has built-in functionality for writing to the clipboard that is simple to implement:

navigator.clipboard.writeText(info.selectionText);

Although Chrome grants permissions for clipboard write access, there is currently no built-in supported functionality to write to the clipboard. I was able to implement a JavaScript function that wrote text to the clipboard:

Chrome Clipboard Write

The function is invoked to write selected text to the clipboard using:

copyStringToClipboard(info.selectionText);

Visit Sputnik’s GitHub for all of the code to both the Firefox and Chrome extensions! This project has already received amazing suggestions and input from the Open Source community and I look forward to making this tool even better alongside fellow users.

Firefox

Available through Mozilla at the Firefox Add-Ons store.

Firefox Demo

Chrome

Available through the Chrome Web Store.

Chrome Demo

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Responses (1)

What are your thoughts?

Nice tool. Can you add abuseipdb.com to the IP list as well, or can anyone modify the extension?

--