Gecko is a powerful Chrome extension designed to automate the discovery of Client-Side Path Traversals (CSPT) in web applications. It seamlessly integrates with Chrome DevTools and provides a user-friendly interface for identifying and analyzing CSPT vulnerabilities.
- Automated CSPT Discovery: Automatically detect potential CSPT vulnerabilities in web applications.
- DevTools Integration: View all findings in a dedicated DevTools panel.
- Settings Panel: Configure the extension settings using the popup window.
- Real-Time Alerts: Displays a badge with the number of current findings directly on the extension icon.
Before you begin, ensure you have the following installed on your machine:
-
Clone the repository:
git clone https://github.com/vitorfhc/gecko.git cd gecko -
Install the required dependencies:
npm install
-
Build the project:
npm run build
-
The build process will create a
distfolder containing all the necessary files for the extension.
- Open Chrome and go to
chrome://extensions/. - Enable Developer mode (toggle switch in the top-right corner).
- Click on Load unpacked.
- Select the
distfolder inside thegeckodirectory.
The extension should now be loaded and visible in the Chrome toolbar.
-
View Findings in DevTools:
- Open Chrome DevTools.
- Go to the
Geckopanel to see a detailed list of findings and potential vulnerabilities.
-
Configure Settings:
- Click on the Gecko extension icon in the Chrome toolbar to open the settings popup.
- Adjust the configuration options as needed.
-
Monitor Findings:
- The Gecko extension icon displays a badge indicating the number of current findings in real-time.
We welcome contributions from the community! If you'd like to contribute, please follow these steps:
- Fork the repository.
- Create a new branch (
feature/your-feature-name). - Make your changes and commit them (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature/your-feature-name). - Open a pull request.