-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChromeExtension_Bumble.ps1
82 lines (61 loc) · 2.82 KB
/
ChromeExtension_Bumble.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<#
.NOTES
===========================================================================
Created on: 2022-04-27
Created by: Brian Thorp
===========================================================================
.Description
POC to list extensions chrome has installed per user
#>
$ChromeDataPath = "\AppData\Local\Google\Chrome\User Data\Default\Extensions"
# Google Drive, Youtube, Gmail, + other unkown built in extensions
$ExcludedID = @('apdfllckaahabafndbhieahigkjlhalf','blpcfgokakmgnkcojhhkbfbldkacnbeo','pjkljhegncpnkpknbcohdijeoejaedia','fedbieoalmbobgfjapopkghdmhgncnaa','nmmhkkegccagdldgiimedpiccmgmieda','pkedcjkdefgpdelpbcmbmeomcjbeemfm')
function Get-AppName
{
param(
$id
)
#https://groups.google.com/a/chromium.org/forum/#!topic/chromium-extensions/U0NP0dh0mmM
$URI = 'https://chrome.google.com/webstore/detail/'
$data = try{Invoke-WebRequest -Uri ($URI + $id) | select Content}catch{}
$data = $data.Content
# Regex which pulls the title from og:title meta property
$title = [regex] '(?<=og:title" content=")([\S\s]*?)(?=">)'
$out_title = $title.Match($data).value.trim()
$results = @(New-Object PSObject -Property @{'extension id'=$id; Name=$Out_Title})
return $results
}
# Regex pattern for SIDs
$PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$'
# Excluded, Built-In Profiles
# Local System | NT Authority | NT Authority
$SystemProfiles = 'S-1-5-18', 'S-1-5-19', 'S-1-5-20'
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} | Where-Object {$_.SID -notin $SystemProfiles} |
Select-Object @{name="SID";expression={$_.PSChildName}},
@{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}},
@{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
$ChromeExtensions = foreach ($UsrProfile in $Profilelist)
{
$UserHive = $UsrProfile.UserHive
$UserName = $UsrProfile.UserName
$Hostname = $env:COMPUTERNAME
$ExtensionsInstalled = $null
$UserDir = Split-Path -Path $UserHive -Parent
$UserChromePath = $UserDir + $ChromeDataPath
if (Test-Path $UserChromePath)
{
$ExtensionsInstalled = $(Get-ChildItem -Path $UserChromePath).name
}
foreach ($URI in $ExtensionsInstalled)
{
if ($ExcludedID -notcontains $uri)
{
$AppRes = Get-AppName -id $uri
$ExtName = $AppRes.Name
New-Object PSObject -Property @{'Computer Name' = $HostName;UserName=$UserName; ExtensionID=$uri; 'Extension Name'=$ExtName}
}
}
}
##########################
$ChromeExtensions | Ogv