ExtensionHound: Open-source tool for Chrome extension DNS forensics

Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions.

ExtensionHound

ExtensionHound features

  • Scans Chrome profiles for extension DNS request history
  • Provides detailed analysis of network connections
  • Optional VirusTotal integration for domain reputation checking
  • Multiple output formats (Console, CSV, JSON)
  • Cross-platform support (Windows, macOS, Linux)

“This tool stands out because it was built from real-world needs, not theoretical concepts. It addresses the operational challenges SOC teams face daily by providing visibility into browser extensions and their underlying behavior—which has historically been difficult to achieve,” Amram Englander, the creator of ExtensionHound, told Help Net Security.

“Unlike other tools focusing on static analysis or generic risk assessments, this tool connects DNS network activity with extensions, giving security teams actionable insights during live investigations. It’s practical, efficient, and specifically designed to streamline workflows for analysts and responders,” Englander added.

Future plans and download

The creator of ExtensionHound told us that future updates aim to enhance the tool’s capabilities, including:

  • Extension metadata extraction: Providing detailed information about extensions, such as their permissions, level of access, and update history.
  • Risk assessment integrations: Partnering with third-party platforms like SecureAnnex to integrate risk scoring directly into the tool, helping teams prioritize threats.
  • AI-powered summaries: Leveraging AI to generate concise summaries of extension behaviors, risky operations.

ExtensionHound is available for free on GitHub.

Must read:

OPIS OPIS


Don't miss