Skip to content

ElevenPaths/AMSIext

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
 
 
 
 
 
 

Version License

AMSIext

AMSIext is a Firefox and Chrome plugin that allows you to send any data stream from the browser to AMSI. AMSI is the way to communicate RAM memory with Windows Defender (or any other endpoint security system). This means that while browsing the web, AMSIext will alert you to malicious JavaScript, PowerShell or whatever − even before it may be executed or downloaded in your system!

AMSI is a native way in Windows 10 to send data in memory to your favorite AV solution. It is active by default in PowerShell and (soon) in Office. This way, if anything not detected by your AV in your local hard drive is executed by PowerShell, thanks to AMSI it will be analyzed against Defender. So, this extension sends any JavaScript, PowerShell, etc. pointed by your browser on a given web to AMSI, even before executing or downloading it.

Since Firefox and Chrome do not have methods yet to connect to AMSI, we need a little script to achieve it.

Install

Run install.bat script in the desired directory. This script installs the native messaging host for the current user, by creating a registry key:

Chrome

HKEY_CURRENT_USER\Software\Google\Chrome\NativeMessagingHosts\com.elevenpaths.amsiext

Firefox

HKEY_CURRENT_USER\SOFTWARE\Mozilla\NativeMessagingHosts\amsiext

Set its default value to:

amsiext.json

If you want to install the native messaging host for all users, change HKCU to HKLM.

For uninstall use uninstall.bat to completely remove it from the system.

License

This project is licensed under the MPL Mozilla Public License Version 2.0 - see the LICENSE file for details

Icons made by Freepik from www.flaticon.com

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

This software doesn't have a QA Process. This software is a Proof of Concept.