Extension Details
Context-Aware Verdict
The extension has a relatively small user base of 7,000 users with a decent rating of 4.2 stars, though based on only 9 reviews which is quite limited for assessment. The developer, Vortimo Pty Ltd, appears to be a legitimate company, and the extension's purpose as an OSINT (Open Source Intelligence) tool provides some context for its extensive permissions. However, the low number of reviews relative to users raises questions about user engagement and feedback.
The extension's permission set is extremely broad and powerful for an OSINT tool. The combination of webRequest interception, universal host permissions, and content script injection across all websites creates significant privacy and security risks. These permissions allow the extension to monitor, intercept, and potentially modify all web traffic and inject code into every website visited. The webNavigation permission enables comprehensive browsing tracking, while the tabs permission allows manipulation of browser tabs. This level of access far exceeds what most users would expect from a typical browser extension.
Given the critical risk level, install this extension only in a completely separate Chrome profile dedicated solely to OSINT activities. Never use this profile for personal browsing, banking, or accessing sensitive accounts. Regularly audit the extension's behavior and consider whether the OSINT functionality truly requires such extensive permissions. Monitor network traffic when the extension is active and disable it when not actively conducting OSINT research.
Findings
Security Analysis Details
Required Permissions:
- storage
- contextMenus
- tabs
- activeTab
- webNavigation
- webRequest
- pageCapture
Host Permissions:
- <all_urls>
Embedded URLs (129 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/2000/svg | |
| http://jedwatson.github.io/classnames | https://fengyuanchen.github.io/cropperjs | |
| https://lodash.com/ | https://openjsf.org/ | |
| https://lodash.com/license | http://underscorejs.org/LICENSE | |
| https://npms.io/search?q=ponyfill. | http://fb.me/use-check-prop-types | |
| https://fb.me/react-async-component-lifecycle-hooks | https://reactjs.org/link/react-polyfills | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | https://codepen.io/GhostRider/pen/GHaFw | |
| https://github.com/facebook/regenerator/blob/main/LICENSE | https://find.osint-tool.com | |
| https://find.osint-tool.com/ | https://git.io/JUIaE# | |
| https://clients2.google.com/service/update2/crx | https://gw.alipayobjects.com/mdn/rms_f8c6a0/afts/img/A | |
| https://gw.alipayobjects.com/os/s/prod/antv/assets/image/logo-with-text-73b8a.svg | http://khronos.org/webgl/wiki/Getting_a_WebGL_Implementation | |
| http://get.webgl.org/ | http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd | |
| https://gw.alipayobjects.com/zos/bmw-prod/5d015065-8505-4e7a-baec-976f81e3c41d.svg | https://gw.alipayobjects.com/zos/basement_prod/4f81893c-1806-4de4-aff3-9a6b266bc8a2.svg | |
| https://gw.alipayobjects.com/zos/basement_prod/300a2523-67e0-4cbf-9d4a-67c077b40395.svg | https://feross.org | |
| https://github.com/MikeMcl/decimal.js-light/LICENCE | https://feross.org/opensource | |
| http://momentjs.com/guides/#/warnings/define-locale/ | http://momentjs.com/guides/#/warnings/js-date/ | |
| http://momentjs.com/guides/#/warnings/min-max/ | http://momentjs.com/guides/#/warnings/add-inverted-param/ | |
| http://momentjs.com/guides/#/warnings/zone/ | http://momentjs.com/guides/#/warnings/dst-shifted/ | |
| https://github.com/leandrowd/react-responsive-carousel/blob/master/TROUBLESHOOTING.md | http://get.webgl.org | |
| https://www.npmjs.com/package/glsl-read-float | https://www.google.com/s2/favicons?sz= | |
| https://bit.ly/3cXEKWf | https://redux.js.org/Errors?code= | |
| https://www.google.com/s2/favicons?sz=32&domain_url= | https://license.vortimo.com/client | |
| https://license.vortimo.com/ | http://www.apache.org/licenses/LICENSE-2.0 | |
| https://github.com/ankeetmaini/react-infinite-scroll-component/issues/59 | https://www.vortimo.com/buy-osint-tool | |
| https://osinttool.notaku.site/ | http://vortimo.com/ | |
| https://license.vortimo.com/login/session?session_hash= | https://vortimo.onfastspring.com/account | |
| https://osint-tool.com/thanks | https://vortimo.com/legal/ | |
| https://skylight.vortimo.com/ | http://scripts.sil.org/OFL | |
| https://fontawesome.com | https://fontawesome.com/license | |
| http://www.bohemiancoding.com/sketch | https://github.com/zloirock/core-js/issues/86#issuecomment-115759028 | |
| https://github.com/tc39/proposal-global | https://tc39.github.io/ecma262/#sec-advancestringindex | |
| https://tc39.github.io/proposal-flatMap/#sec-FlattenIntoArray | http://jsperf.lnkit.com/fast-apply/5 | |
| https://github.com/zloirock/core-js/issues/339 | https://tc39.github.io/ecma262/#sec-regexpexec | |
| https://github.com/tc39/proposal-string-pad-start-end | https://tc39.github.io/ecma262/#sec-toindex | |
| https://github.com/websockets/ws/pull/645 | https://github.com/feross/ieee754 | |
| https://code.google.com/p/v8/issues/detail?id=3509 | https://bugs.chromium.org/p/chromium/issues/detail?id=830565 | |
| https://tc39.github.io/ecma262/#sec-string.prototype.match | https://tc39.github.io/ecma262/#sec-regexp.prototype-@@match | |
| https://tc39.github.io/ecma262/#sec-string.prototype.replace | https://tc39.github.io/ecma262/#sec-regexp.prototype-@@replace |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8iBLU7OObV7a7WzJrTOExQX+E0UhnNdPJICr+P4p40L87Nbt7Y5TB54/fhfNGjulQonNzMA7WeQOS41m+QMAvevxydJh6Vo070StgoP7HnmfMWoFWMCw8EYkl57hY5BKRi5zjh89iTqkOyO6LQ5LXvMuss3cSNPqRmb6xJLBZ4/gjqSIKw5D+5Nqcbsgfi1Y0tIl8G+IMog80ZBTCfLDAiuvlY+mSYZXYQzP+3UkB/bOodtSJiSVjiXKZvtZHyVe90JCok2coTjQX74e/IyNp/aeb+6lCyh09XHM90YMw3Is+2E5CiuLL6rNGxAaCrbqq834AIqiaARAASxpYx9kQIDAQAB", "name": "Vortimo OSINT-tool", "icons": { "16": "icon-16.png", "48": "icon-48.png", "128": "icon-128.png" }, "action": { "default_icon": "icon-128.png" }, "version": "5.2.1", "background": { "service_worker": "background.bundle.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "OSINT Swiss army knife:bookmark/record pages, store screenshots, scrape and enrich entities. Finds text on every page + highlight.", "permissions": [ "storage", "contextMenus", "tabs", "activeTab", "webNavigation", "webRequest", "pageCapture" ], "options_page": "options.html", "content_scripts": [ { "js": [ "contentScript.bundle.js" ], "css": [ "content.styles.css" ], "matches": [ "*://*/*" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "ids": [ "engmbahfeipfbgcjnjgekgkpmdfhkicn" ], "matches": [ "*://localhost:*/*", "*://127.0.0.1:*/*", "*://skylight.vortimo.com:*/*", "*://osinttool.com:*/*", "*://osint-tool.com:*/*", "*://find.osint-tool.com:*/*" ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "*.map", "*.css", "*favicon.ico", "*.ttf", "*.png", "*.svg", "*.wav" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.