A professional browser extension for law enforcement and security professionals to gather comprehensive forensic information about websites.
- WHOIS Data: Comprehensive domain registration information
- DNS Records: A records, reverse DNS lookups
- SSL Certificates: Certificate details and validation
- Website Metadata: Meta tags, titles, descriptions
- Digital Artifacts: Cookies, localStorage, sessionStorage
- PDF Reports: Professional forensic reports with integrity hashing
- Caching: Intelligent caching to prevent rate limiting
- Input Validation: All inputs are validated and sanitized
- XSS Prevention: All data is sanitized to prevent cross-site scripting
- Limited Permissions: Minimal required permissions for security
- Secure Communications: HTTPS-only API communications
- Data Integrity: SHA-256 hashing for report verification
- Local Storage: All data stored locally, no external data transmission
- Chrome Browser (Manifest V3 compatible)
- APILayer WHOIS API key (for comprehensive WHOIS data)
- Clone this repository
- Open Chrome and navigate to
chrome://extensions/ - Enable "Developer mode"
- Click "Load unpacked" and select the
ForensicsWHOISfolder
Install from the Chrome Web Store (coming soon)
The extension uses the APILayer WHOIS API for reliable WHOIS data. For production use:
- Obtain an API key from APILayer
- Replace the API key in the configuration (see Security Considerations below)
IMPORTANT: The current implementation includes a demo API key in the source code. For production use:
- Option 1: Use environment variables or build-time configuration
- Option 2: Implement a proxy server to hide the API key
- Option 3: Use Chrome's identity API for secure key management
- All data is processed locally in the browser
- No data is transmitted to external servers except for API calls
- Cached data is automatically expired after 1 hour
- Users can clear all data by reinstalling the extension
- APILayer WHOIS API: Primary WHOIS data source
- RDAP Servers: Official registry data fallback
- Google DNS: DNS record lookups
- crt.sh: SSL certificate information
ForensicsWHOIS/
├── manifest.json # Extension configuration
├── popup/
│ ├── popup.html # Main UI
│ ├── popup.js # Core logic
│ └── popup.css # Styling
├── scripts/
│ ├── background.js # Background service worker
│ └── content.js # Content script for data extraction
├── libs/
│ ├── jspdf.umd.min.js # PDF generation
│ └── crypto-js.min.js # Cryptographic functions
├── icons/ # Extension icons
├── styles/ # Additional styles
├── PRIVACY.md # Privacy policy
└── README.md # This file
- Navigate to any website
- Click the ForensicsWHOIS extension icon
- Click "Generate Report" to gather forensic data
- Review the collected information
- Click "Download Report" to generate a PDF report
The generated PDF report includes:
- Header: Domain, timestamp, and SHA-256 hash for integrity
- WHOIS Information: Registration details, contacts, dates
- DNS Records: A records and reverse DNS lookups
- SSL Certificate: Certificate details and validation
- Metadata: Website meta tags and information
- Digital Artifacts: Cookies and storage data
- ESLint configuration for code quality
- Input validation and sanitization
- Error handling and logging
- Modular architecture
- Test on various websites and domains
- Verify API rate limiting handling
- Check PDF generation with large datasets
- Validate security measures
[Specify your license here]
- Fork the repository
- Create a feature branch
- Implement your changes with proper security measures
- Add tests if applicable
- Submit a pull request
This extension is designed for legitimate forensic and security research purposes. Users are responsible for:
- Complying with applicable laws and regulations
- Respecting website terms of service
- Using the tool ethically and responsibly
- Obtaining proper authorization when required
For support, bug reports, or feature requests:
- Create an issue on GitHub
- Contact: [Your Contact Information]
- Initial release
- WHOIS data collection via APILayer API
- DNS and SSL certificate information
- PDF report generation with integrity hashing
- Comprehensive security measures
- Privacy-focused design