Sputnik is a browser extension which I designed to quickly and easily search IPs, Domains, File Hashes, and URLs using free Open Source Intelligence (OSINT) resources.
As an Incident Response Analyst, this tool has enabled streamlined pivoting on artifacts gathered during investigations. Being able to quickly gather OSINT helps provide context to an investigation and can help when developing a narrative for an incident.
I designed this with convenience and efficiency in mind. In order to use the extension, simply highlight the artifact you wish to search and right click to choose an OSINT tool. You can also right click on hyperlinks, images, audio, and video content and the domain will be extracted from these artifacts. In most cases, you will be redirected straight to results. For tools that require user interaction such as captchas, the highlighted artifact is saved to your clipboard and you will be directed to the submission page to paste the selected artifact.
Sputnik is available for free:
Below are some examples and code snippets to explain how it works.
Skip to the end for screenshots of the extension in both browsers.
Sputnik is implemented as a Context Menu item in Firefox and Chrome. Context Menus are the interface windows in browsers that appear with right clicks such as:
A context menu browser extension typically has 2 basic components:
- A manifest to store metadata such as version number and permissions.
A typical manifest for a browser extension looks something like this:
As you can see, this contains information such as a brief description, a path to the icon file, a version number, and a set of permissions. In order to implement the menu items in Firefox and Chrome, I had to use each browser’s supported API/framework in order to leverage as much built-in functionality as possible and avoid reinventing the wheel.
Context Menu Functionality
I chose to separate the OSINT sources into their own sub-menus by artifact type (IPs, Domains, File Hashes, and URLs). To do this, I used parent/child menus:
To launch the chosen OSINT resource, I simply used a switch statement to set the url that will be opened. For tools that supported the artifact in their URL, I appended the selected text after the search link.
Firefox has built-in functionality for writing to the clipboard that is simple to implement:
The function is invoked to write selected text to the clipboard using:
Visit Sputnik’s GitHub for all of the code to both the Firefox and Chrome extensions! This project has already received amazing suggestions and input from the Open Source community and I look forward to making this tool even better alongside fellow users.
Available through Mozilla at the Firefox Add-Ons store.
Available through the Chrome Web Store.