mrxcavator is a CLI client implementation for the service CRXcavator.io.
The following overview was taken from the service's about page:
CRXcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors. These factors include permissions, inclusion of vulnerable third party javascript libraries, weak content security policies, missing details from the Chrome Web Store description, and more. Organizations can use this tool to assess the Chrome Extensions they have installed and to move towards implementing explicit allow (whitelisting) for their organization.
Python >=3.6.1 is required for application compatibility.
- Execute
pip3 install mrxcavator
- Execute
mrxcavator
- Execute
git clone https://github.com/mstanislav/mrxcavator.git
to download the repository - Execute
cd mrxcavator
to enter the application's root folder - Execute
pip3 install -r requirements.txt
to install Python dependencies - Execute
python3 mrxcavator.py
โ mrxcavator -h
usage: mrxcavator [-c filename] [--extension_path path]
[--crxcavator_key key] [--crxcavator_uri uri]
[--virustotal_key key] [--test_crxcavator_key]
[--test_crxcavator_uri] [--test_virustotal_key] [-s [id]]
[--submit_all] [-r [id]] [--report_all]
[--report_all_table] [--export [filename]]
[--input [filename]] [-e] [-g [id]] [-vt [id]] [-v] [-h]
Features:
-s [id], --submit [id]
submit an extension
--submit_all submit all installed extensions
-r [id], --report [id]
get an extension's report
--report_all retrieve a report for all installed extensions
--report_all_table retrieve a table of details for installed extensions
--export [filename] export a report to a specific filename
--input [filename] load a specific filename for extension identifiers
-e, --extensions list installed extensions
-g [id], --graph [id]
get a graph of an extension's risk
-vt [id], --virustotal [id]
get VirusTotal data for an extension's external calls
Set Configuration:
-c filename, --config filename
specify a configuration filename
--extension_path path
set path to local Chrome extensions
--crxcavator_key key set CRXcavator API key
--crxcavator_uri uri set CRXcavator API URI
--virustotal_key key set VirusTotal API key
Test Configuration:
--test_crxcavator_key
test CRXcavator API key
--test_crxcavator_uri
test CRXcavator API URI
--test_virustotal_key
test VirusTotal API key
Miscellaneous:
-v, --version show program's version number and exit
-h, --help show program's help information and exit
If no extension identifier is passed to the flag, a list of locally installed extensions will be given to select from.
โ mrxcavator -s hdokiejnpimakedhajhdlcegeplioahd
You've successfully submitted hdokiejnpimakedhajhdlcegeplioahd.
This feature supports --input [filename]
to load extension identifiers from a text file.
โ mrxcavator --submit_all
Submitting extensions found in ~/Library/Application Support/Google/Chrome/Default/Extensions/
100%|โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Successful:
> Application Launcher for Drive (by Google)
> Bitwarden - Free Password Manager
> Cisco Webex Extension
> Gmail
> Google Docs Offline
> Google Drive
> Google Keep Chrome Extension
> Honey
> Save to Google Drive
> Save to Pocket
> YouTube
> Zoom
If no extension identifier is passed to the flag, a list of locally installed extensions will be given to select from.
โ mrxcavator -r bmnlcjabgnpnenekpadlanbbkooimhnj
Extension Overview
============================================================
Extension Name: Honey
Extension ID: bmnlcjabgnpnenekpadlanbbkooimhnj
Web Site: https://www.joinhoney.com
Newest Version: 12.4.0 (2020-07-23)
Versions Known: 45
Store Rating: 4.84 stars
Total Risk Score: 604
Content Security Policy
============================================================
386 Total
------------------------------------------------------------
25 child-src
25 connect-src
25 font-src
25 form-action
25 frame-ancestors
25 frame-src
25 img-src
25 manifest-src
25 media-src
1 object-src
25 plugin-types
25 sandbox
10 script-src
25 strict-dynamic
25 style-src
25 upgrade-insecure-requests
25 worker-src
RetireJS
============================================================
80 Total
------------------------------------------------------------
0 Low
80 Medium
0 High
0 Critical
Permissions
============================================================
135 Total
------------------------------------------------------------
135 Required
0 Optional
If no extension identifier is passed to the flag, a list of locally installed extensions will be given to select from.
โ mrxcavator -r hdokiejnpimakedhajhdlcegeplioahd --export lastpass.txt
Extension Overview
============================================================
Extension Name: LastPass: Free Password Manager
Extension ID: hdokiejnpimakedhajhdlcegeplioahd
Web Site: https://www.lastpass.com/
Newest Version: 4.53.0.2 (2020-07-29)
Versions Known: 45
Store Rating: 4.54 stars
Total Risk Score: 395
Content Security Policy
============================================================
70 Total
------------------------------------------------------------
1 child-src
37 connect-src
1 font-src
1 form-action
1 frame-ancestors
8 frame-src
5 img-src
1 manifest-src
1 media-src
1 object-src
1 plugin-types
1 sandbox
1 script-src
1 strict-dynamic
7 style-src
1 upgrade-insecure-requests
1 worker-src
RetireJS
============================================================
190 Total
------------------------------------------------------------
20 Low
80 Medium
90 High
0 Critical
Permissions
============================================================
135 Total
------------------------------------------------------------
110 Required
25 Optional
External Calls
============================================================
- https://www.dropbox.com/logout
- https://www.netflix.com/Login
- https://blog.lastpass.com/2019/03/new-improved-look-lastpass.html/
- http://nowhere.co
- https://lastpass.com/?securitychallenge=1
- https://lastpass.com/
- https://mint.intuit.com/login.event?task=S
- https://accounts.lastpass.com/federated/oidcredirect.html
- https://lastpass.com/forgot.php
- https://www.logmeininc.com/legal/privacy?fromwebsite=1
- https://lastpass.com/safariAppExtension.php?source=dropdown
- https://lastpass.com/?ac=1
- https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
- https://lastpass.com/experience-update
- https://lastpass.com/fake/fake.php
- https://support.logmeininc.com/lastpass/help/lastpass-authenticator-lp030014
- https://lastpass.com/features_joinpremium4.php?a=1
- https://www.lastpass.com/families/
- https://www.lastpass.com/families
- https://lastpass.eu/
- http://link.lastpass.com/InpUsrLpEmb
>> Report saved in /Users/mstanislav/.mrxcavator/reports/lastpass.txt <<
This feature supports --input [filename]
to load extension identifiers from a text file.
โ mrxcavator --report_all
Extension Overview
============================================================
Extension Name: Honey
Extension ID: bmnlcjabgnpnenekpadlanbbkooimhnj
Web Site: https://www.joinhoney.com
Newest Version: 12.4.0 (2020-07-23)
Versions Known: 45
Store Rating: 4.84 stars
Total Risk Score: 604
Content Security Policy
============================================================
386 Total
------------------------------------------------------------
25 child-src
25 connect-src
25 font-src
25 form-action
25 frame-ancestors
25 frame-src
25 img-src
25 manifest-src
25 media-src
1 object-src
25 plugin-types
25 sandbox
10 script-src
25 strict-dynamic
25 style-src
25 upgrade-insecure-requests
25 worker-src
RetireJS
============================================================
80 Total
------------------------------------------------------------
0 Low
80 Medium
0 High
0 Critical
Permissions
============================================================
135 Total
------------------------------------------------------------
135 Required
0 Optional
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Extension Overview
============================================================
Extension Name: Zoom
Extension ID: hmbjbjdpkobdjplfobhljndfdfdipjhg
Newest Version: 5.0.4169.0628 (2020-06-30)
Versions Known: 26
Store Rating: 2.76 stars
Total Risk Score: 251
RetireJS
============================================================
180 Total
------------------------------------------------------------
10 Low
140 Medium
30 High
0 Critical
Web Store
============================================================
6 Total
------------------------------------------------------------
1 Address
1 Last Updated
2 Rating
1 Rating Users
1 Website
Permissions
============================================================
65 Total
------------------------------------------------------------
65 Required
0 Optional
External Calls
============================================================
- https://www.google.com/accounts/Logout
- http://www.w3.org/1998/Math/MathML
- https://www.zoom.us
[...snip...]
This feature supports --input [filename]
to load extension identifiers from a text file.
โ mrxcavator --report_all_table
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโ
โ Name โ Identifier โ Version โ Updated โ Rating โ Risk โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโชโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโชโโโโโโโโโโโโโโโโชโโโโโโโโโโโโโชโโโโโโโโโชโโโโโโโก
โ Google Docs Offline โ ghbmnnjooekpmoecnnnilnnbdlolhkhi โ 1.9.1 โ 2020-03-04 โ 2.87 โ 423 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Honey โ bmnlcjabgnpnenekpadlanbbkooimhnj โ 12.4.0 โ 2020-07-23 โ 4.84 โ 604 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Gmail โ pjkljhegncpnkpknbcohdijeoejaedia โ 8.2 โ 2019-03-26 โ 4.53 โ 15 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Bitwarden - Free Password Manager โ nngceckbapebfimnlniiiahkandclblb โ 1.45.0 โ 2020-06-30 โ 4.84 โ 509 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Google Drive โ apdfllckaahabafndbhieahigkjlhalf โ 14.2 โ 2018-10-16 โ 4.43 โ 41 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Application Launcher for Drive (by Google) โ lmjegmlicamnimmfhcmpkclmigmmcbeh โ 3.2 โ 2014-11-10 โ 2.95 โ 399 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Cisco Webex Extension โ jlhmfgmfgeifomenelglieieghnjghma โ 1.9.0 โ 2020-06-15 โ 2.4 โ 392 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Vue.js devtools โ nhdogjmejiglipccpnnnanhbledajbpd โ 5.3.3 โ 2019-11-25 โ 4.64 โ 438 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Zoom โ hmbjbjdpkobdjplfobhljndfdfdipjhg โ 5.0.4169.0628 โ 2020-06-30 โ 2.76 โ 251 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Save to Pocket โ niloccemoadcdkdjlinkgdfekeahmflj โ 3.0.6.8 โ 2019-07-24 โ 4.29 โ 479 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ YouTube โ blpcfgokakmgnkcojhhkbfbldkacnbeo โ 4.2.8 โ 2015-09-24 โ 4.52 โ 11 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโ
โ mrxcavator -e
Extensions Found in ~/Library/Application Support/Google/Chrome/Default/Extensions/
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Name โ Version โ Identifier โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโชโโโโโโโโโโโโโโโโชโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโก
โ Google Docs Offline โ 1.11.0 โ ghbmnnjooekpmoecnnnilnnbdlolhkhi โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Honey โ 12.3.2 โ bmnlcjabgnpnenekpadlanbbkooimhnj โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Gmail โ 8.2 โ pjkljhegncpnkpknbcohdijeoejaedia โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Bitwarden - Free Password Manager โ 1.45.0 โ nngceckbapebfimnlniiiahkandclblb โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Google Drive โ 14.2 โ apdfllckaahabafndbhieahigkjlhalf โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Application Launcher for Drive (by Google) โ 3.2 โ lmjegmlicamnimmfhcmpkclmigmmcbeh โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Cisco Webex Extension โ 1.9.0 โ jlhmfgmfgeifomenelglieieghnjghma โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Google Keep Chrome Extension โ 4.20282.540.1 โ lpcaedmchfhocbbapmcbpinfpgnhiddi โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Zoom โ 5.0.4169.628 โ hmbjbjdpkobdjplfobhljndfdfdipjhg โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Save to Pocket โ 3.0.6.8 โ niloccemoadcdkdjlinkgdfekeahmflj โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Save to Google Drive โ 2.1.1 โ gmbmikajjgmnabiglmofipeabaddhgne โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ YouTube โ 4.2.8 โ blpcfgokakmgnkcojhhkbfbldkacnbeo โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
If no extension identifier is passed to the flag, a list of locally installed extensions will be given to select from.
โ mrxcavator -g bmnlcjabgnpnenekpadlanbbkooimhnj
674 โค
668 โค โญโฎ
662 โค โโ
656 โค โโฐโโโโ
650 โค โ
644 โค โญโฎ โ
638 โค โโ โ
631 โค โโ โญโโโฏ
625 โค โโ โ
619 โค โโ โ
613 โค โญโโฎ โโ โญโโโโโโโฏ
607 โค โ โโญโโฎ โโ โ
601 โค โ โโ โ โโ โ
595 โค โ โโ โ โโ โ
589 โค โ โโ โ โโ โ
583 โค โ โโ โ โโฐโโฎ โ
577 โค โ โโ โ โ โ โ
571 โค โ โโ โ โ โ โ
565 โค โ โโ โ โ โ โ
559 โค โ โโ โ โ โ โ
552 โค โ โโ โ โ โ โ
546 โค โ โโ โ โ โ โ
540 โค โ โโ โ โ โ โ
534 โค โ โโ โ โ โ โ
528 โผโโโโโโฏ โฐโฏ โฐโโโโโโโฏ โฐโฎ โ
522 โค โฐโโโโโโฏ
516 โค
If no extension identifier is passed to the flag, a list of locally installed extensions will be given to select from.
โ mrxcavator -vt hmbjbjdpkobdjplfobhljndfdfdipjhg
** This API requires throttling. This extension will take approximately 0:01:05 to complete. **
Processing 3 hosts...
* www.google.com, www.w3.org, www.zoom.us
โโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโฌโโโโโโโโ
โ Hostname โ Positives โ Total โ
โโโโโโโโโโโโโโโโโโชโโโโโโโโโโโโชโโโโโโโโก
โ www.google.com โ 0 โ 79 โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโผโโโโโโโโค
โ www.w3.org โ 1 โ 79 โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโผโโโโโโโโค
โ www.zoom.us โ 0 โ 79 โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโดโโโโโโโโ
โ mrxcavator --crxcavator_uri https://api.crxcavator.io/v1
The CRXcavator API URI was set successfully!
โ mrxcavator --crxcavator_key DEnDIwspwQkiMYZzuFbHOHUqDOpSaDIw
The CRXcavator API key was set successfully!
โ mrxcavator --virustotal_key d42d8fb60105539a632d209ed35a42515722a79be2c39f5635d3790b25433acc
The VirusTotal API key was set successfully!
โ mrxcavator --test_crxcavator_uri
The CRXcavator API URI was successfully tested!
โ mrxcavator --test_crxcavator_key
The CRXcavator API key was successfully tested!
โ mrxcavator --test_virustotal_key
The VirusTotal API key was successfully tested!
โ mrxcavator -c testing.ini
/Users/mstanislav/.mrxcavator/testing.ini does not exist, or is corrupted. Creating it...
โ cat /Users/mstanislav/.mrxcavator/testing.ini
[DEFAULT]
crxcavator_api_uri = https://api.crxcavator.io/v1
crxcavator_api_key =
virustotal_api_key =
extension_path = ~/Library/Application Support/Google/Chrome/Default/Extensions/
[custom]
โ mrxcavator -v
v0.6.3
โ cat /Users/mstanislav/.mrxcavator/config.ini
[DEFAULT]
crxcavator_api_uri = https://api.crxcavator.io/v1
crxcavator_api_key =
virustotal_api_key =
extension_path = ~/Library/Application Support/Google/Chrome/Default/Extensions/
[custom]
flake8
is a command-line utility for enforcing style consistency across Python projects. By default it includes lint checks provided by the PyFlakes project, PEP-0008 inspired style checks provided by the PyCodeStyle project, and McCabe complexity checking provided by the McCabe project.
mypy
is an optional static type checker for Python. You can add type hints (PEP 484) to your Python programs, and use mypy to type check them statically. Find bugs in your programs without even running them!
pdoc
the perfect documentation generator for small-to-medium-sized, tidy Python projects. It generates documentation simply from your project's already-existing public modules' and objects' docstrings, like sphinx-apidoc or sphinx.ext.autodoc, but without the hassle of these tools.
black
is the uncompromising Python code formatter. By using it, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyle nagging about formatting. You will save time and mental energy for more important matters.
PEP 3107 introduced syntax for function annotations, but the semantics were deliberately left undefined. There has now been enough 3rd party usage for static type analysis that the community would benefit from a standard vocabulary and baseline tools within the standard library. This PEP introduces a provisional module to provide these standard definitions and tools, along with some conventions for situations where annotations are not available.
Python is the main dynamic language used at Google. This style guide is a list of dos and donโts for Python programs.
Note: The use of this guide is primarily for docstring formatting, which complements type hints nicely.
The argparse module makes it easy to write user-friendly command-line interfaces. The program defines what arguments it requires, and argparse will figure out how to parse those out of sys.argv. The argparse module also automatically generates help and usage messages and issues errors when users give the program invalid arguments.