-
Notifications
You must be signed in to change notification settings - Fork 0
Home
bad-antics edited this page Jan 26, 2026
·
2 revisions
Welcome to the Marshall Extensions documentation! A collection of OSINT and security testing extensions for the Marshall Browser.
| Section | Description |
|---|---|
| Getting Started | Quick start guide |
| Extension Development | Build your own extensions |
| Sandbox Architecture | Security sandbox details |
| API Reference | Marshall API documentation |
| Extensions Catalog | Available extensions |
| Contributing | How to contribute |
# Clone the repository
git clone https://github.com/bad-antics/marshall-extensions.git
# Install extension in Marshall
marshall --install-extension extensions/recon/shodan-lookup- Open Marshall Browser
- Navigate to
marshall://extensions - Browse or search for extensions
- Click "Install"
All extensions run inside a secure sandbox with:
- Rust Sandbox Core - Process isolation with seccomp/namespaces
- Go Honeypot System - Deception and intrusion detection
- TypeScript Secure Channel - Encrypted communication
ββββββββββββββββββββββββββββββββββββββββββ
β Marshall Browser β
ββββββββββββββββββββββββββββββββββββββββββ€
β Secure Communication Layer β
β (AES-256-GCM Encrypted) β
ββββββββββββββββββββββββββββββββββββββββββ€
β Sandbox Core Runtime β
β (Rust - seccomp/namespace isolation) β
ββββββββββββββββββββββββββββββββββββββββββ€
β Honeypot System β
β (Go - Threat Detection) β
ββββββββββββββββββββββββββββββββββββββββββ
| Extension | Language | Description |
|---|---|---|
| shodan-lookup | JavaScript | Shodan.io queries |
| whois-inspector | JavaScript | WHOIS lookups |
| xss-scanner | JavaScript | XSS vulnerability detection |
| header-analyzer | JavaScript | Security header analysis |
| cert-inspector | Ruby | SSL/TLS certificate grading |
| Extension | Language | Description |
|---|---|---|
| memory-forensics | C | Memory artifact detection |
| Extension | Language | Description |
|---|---|---|
| traffic-analyzer | TypeScript | Network traffic monitoring |
| Extension | Language | Description |
|---|---|---|
| request-tamper | Lua | HTTP request interception |
Extensions can be written in multiple languages:
| Language | Use Case | Example |
|---|---|---|
| JavaScript | UI extensions, web tools | shodan-lookup |
| TypeScript | Complex tools, APIs | traffic-analyzer |
| Ruby | Scripting, analysis | cert-inspector |
| Lua | Request manipulation | request-tamper |
| C | Performance-critical | memory-forensics |
| Rust | Sandbox integration | Custom extensions |
my-extension/
βββ manifest.json # Extension metadata
βββ main.js # Entry point
βββ lib/ # Libraries
βββ assets/ # Icons, images
βββ README.md # Documentation
{
"name": "my-extension",
"version": "1.0.0",
"description": "My awesome extension",
"main": "main.js",
"author": "Your Name",
"permissions": ["network", "tabs", "storage"],
"category": "recon",
"icon": "assets/icon.png"
}Extensions must declare required permissions:
| Permission | Access |
|---|---|
network |
Make HTTP requests |
tabs |
Access browser tabs |
storage |
Persistent storage |
clipboard |
Read/write clipboard |
notifications |
Show notifications |
dom |
Access page DOM |
The sandbox monitors for suspicious behavior:
- Unauthorized API calls
- Excessive network requests
- Credential access attempts
- File system traversal
- Memory scanning
Threat score exceeds threshold β Honeypot redirection
- Marshall Browser - OSINT browser
- NullSec Tools - Security toolkit
- NullSec Linux - Security distro
Extensions are for authorized security testing only. Obtain proper authorization before testing systems you don't own.
Part of the NullSec Security Suite
@bad-antics