Skip to content
/ CVE-RAY Public

CVE-RAY for CrowdStrike Falcon Spotlight: An open-source Chrome extension that reads CVE-IDs from news articles, social media, and blogs while you browse and instantly checks your Falcon environment to show if your organization is affected - right in the browser.

www.byteray.com
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ByteRay-Labs/CVE-RAY

BranchesTags

Repository files navigation

CVE-RAY

A browser extension to instantly scan web pages for Common Vulnerabilities and Exposures (CVEs) and check their status against your CrowdStrike Falcon environment.

CVE-RAY streamlines the vulnerability intelligence workflow by providing immediate, in-context feedback on whether a discovered CVE affects your assets, directly within your browser.

Chrome Web Store

Features

  • On-Page CVE Detection: Automatically finds CVE identifiers (e.g., CVE-2025-12345) on any webpage you visit.
  • Three-State Highlighting:
    • Orange: CVE is detected and is being looked up.
    • Green: CVE is not found in your CrowdStrike environment.
    • Red: CVE is found in your environment, indicating affected hosts.
  • Direct CrowdStrike Console Linking: A clickable 🦅 emoji appears next to found (red) CVEs, linking you directly to the vulnerability details page in your Falcon console.
  • Two API Modes:
    • Direct API: A simple setup method using CrowdStrike API credentials stored locally in the browser.
    • AWS API Gateway (Recommended): A secure proxy method where API credentials are never stored on the client, managed entirely within your own AWS account.
  • Global Region Configuration: A single setting to configure your CrowdStrike cloud region (US-1, US-2, EU-1, US-GOV), which automatically updates all API and console links.
  • Exclusion List: Define a list of domains where the extension should not perform scans.
  • Detailed Action Log: View a history of the last 50 CVE lookups, their status, and debug information.
  • Enable/Disable Toggle: Easily toggle the extension's scanning functionality on or off with a single click in the popup menu.

Demo

CVE-RAYDemo-ezgif com-video-to-gif-converter

Installation

Since this extension is not yet on the Chrome Web Store, it must be loaded manually in Developer Mode.

  1. Download: Download the project files from this GitHub repository and unzip them into a folder on your computer.
  2. Open Chrome Extensions: Open Google Chrome and navigate to chrome://extensions.
  3. Enable Developer Mode: In the top-right corner of the page, toggle on "Developer mode".
  4. Load the Extension: Click the "Load unpacked" button that appears on the top-left.
  5. Select Folder: In the file dialog, select the folder where you unzipped the project files.

The CVE-RAY icon should now appear in your browser's toolbar.

Configuration

Before using the extension, you must configure it. Right-click the CVE-RAY icon and select "Options", or open the popup and click "Settings".

1. Set Your Global Region

First, select your CrowdStrike cloud region (e.g., EU-1) from the Global CrowdStrike Region dropdown. This setting applies to all connection methods.

2. Choose an Authentication Method

Method 1: Direct API (Simple Setup)

This method is quick to set up but stores your API credentials in the browser's local storage.

⚠️ Security Warning: It is critical that you create and use a CrowdStrike API key that has only the vulnerabilities:read permission. This follows the Principle of Least Privilege and minimizes risk.

  • In the Settings page, select the "Direct API" radio button.
  • Enter your CrowdStrike Client ID and Client Secret.
  • Click "Save All Settings".

Method 2: AWS API Gateway (Recommended & Secure)

This is the most secure method, as your CrowdStrike API credentials never leave your own AWS account. It requires a one-time setup of a serverless backend.

  • Follow the AWS Backend Setup Guide to create the necessary infrastructure (Lambda, API Gateway, Secrets Manager).
  • At the end of the setup, AWS will provide you with an Invoke URL.
  • In the extension's Settings page, select the "AWS API Gateway" radio button.
  • Paste your Invoke URL into the corresponding field.
  • Click "Save All Settings".

Usage

  1. Enable the Extension: Click the CVE-RAY icon in your toolbar and ensure the "Scan Function" toggle is on.
  2. Browse the Web: Navigate to any news article, report, or website mentioning CVEs.
  3. Observe: CVE-RAY will automatically highlight CVEs in orange as it finds them, then update them to red or green based on the results from your CrowdStrike environment.
  4. Investigate: For any red CVEs, click the 🦅 emoji to jump directly to the list of affected hosts in your Falcon console.

Security

The security of your API credentials is a top priority.

  • Direct API Mode: While convenient, storing secrets on a client machine is inherently less secure. The risk is significantly mitigated by using a read-only API key as recommended.
  • AWS API Gateway Mode: This architecture provides more security. The extension authenticates with your personal, secure AWS endpoint, and the Lambda function handles the secure retrieval and use of your CrowdStrike credentials, which are stored encrypted in AWS Secrets Manager.

About

CVE-RAY for CrowdStrike Falcon Spotlight: An open-source Chrome extension that reads CVE-IDs from news articles, social media, and blogs while you browse and instantly checks your Falcon environment to show if your organization is affected - right in the browser.

www.byteray.com

Topics

chrome-extension crowdstrike

Resources

Readme
Activity
Custom properties

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages