Merlin
PERS - The Passive Expired Resource Scanner

PERS - The Passive Expired Resource Scanner

A passive scanning tool for finding expired domain vulnerabilites while you browse.

What is PERS - The Passive Expired Resource Scanner?
PERS - The Passive Expired Resource Scanner is a Chrome extension that detects expired domains in webpage resources, allowing you to identify vulnerabilities passively. It alerts you to the details and offers ways to verify the domain expiration, helping penetration testers and auditors in finding and preventing hijacking of vulnerable webpages.
Download
Merlin
Stats
Users: 100 ▲ 4
Version: 0.0.2 (Last updated: 2016-10-09)
Creation date: 2016-10-08
Risk impact: High risk impact
Risk likelihood: Low risk likelihood
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • <all_urls>
Size: 711.68K
URLs: Website
Stats date:

Chrome-Stats Rank

# 65100 ▲ 350
Other rankings
#7226 in Developer Tools ▲ 6 #35 in resource keyword 32 ▼ 4 #175 in script keyword 46 ▼ 10 #233 in domain keyword 13 ▲ 45 #288 in detect keyword 17 ▼ 14

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.
Chrome-Stats extension
Merlin
Summary
Analyze keywords

A Chrome extension which detects expired domains in webpage resources (such as external images, CSS, and JavaScript) while you browse. Once detected it alerts you to the details and offers multiple ways to verify that the domain is expired. These vulnerabilities often allow for hijacking of the vulnerable webpage.

Useful for penetration testers and auditors who wish to automatically identify these vulnerabilities passively while they browse.

Reason for various permissions requested by extension:

  • webRequest: Required to hook the onErrorOcurred function in Chrome to detect when a resource load has resulted in a network error occurring (e.g. "net::ERR_NAME_NOT_RESOLVED").
  • webRequestBlocking: Required to block and add headers for certain domain availability querying APIs (e.g. add Origin header).
  • <all_urls>: Required because we have to be able to detect failed network loads for resources from any domain/URL.
Safety
Risk impact

PERS - The Passive Expired Resource Scanner is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install PERS - The Passive Expired Resource Scanner if you trust the publisher.

Risk likelihood

PERS - The Passive Expired Resource Scanner has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details
Screenshots
PERS - The Passive Expired Resource Scanner
Similar extensions

Here are some Chrome extensions that are similar to PERS - The Passive Expired Resource Scanner:

FrustratedTech - Server Admin Tool
FrustratedTech - Server Admin Tool
https://frustratedtech.com
3.80
301
ScriptMix
ScriptMix
https://idilernia.com
N/A
19
Domain Hunter Plus
Domain Hunter Plus
Netvantage Marketing
2.53
4,000+
Perceptual image analysis
Perceptual image analysis
Martin Saturka
5.00
660
Domain Check Plugin
Domain Check Plugin
https://domaincheckups.com
4.00
24
Vulners Web Scanner
Vulners Web Scanner
vankyver
4.53
9,000+
Cyber Web Tools
Cyber Web Tools
https://cyberwebtools.com
1.00
1,000+
Domain Info
Domain Info
https://dmns.app
5.00
629
Orphaned Resources
Orphaned Resources
https://thehackerblog.com
N/A
49
Tracy
Tracy
jacob.heath.ncc
4.00
657
Opener Detector
Opener Detector
Harry Cutts
5.00
77
Bishop Vulnerability Scanner
Bishop Vulnerability Scanner
Jack Kingsman
3.75
4,000+