hstsparser

A tool to parse Firefox and Chrome HSTS databases into forensic artifacts.


Keywords
chrome, firefox, dfir, forensics, hsts
License
MIT
Install
pip install hstsparser==1.1.4

Documentation

HSTS Parser

Lint Codebase Build Releases Licence Python 3.11.x PyPI Downloads Copr build status

HSTS Parser is a simple tool to parse Firefox and Chrome's HSTS databases into actually helpful forensic artifacts! You can read more about the research behind this tool and potential uses for it over on my blog!

Installation

HSTS Parser can be installed via pip, or as a native executable.

From PyPi

If you already have Python installed, you can install HSTS Parser using pip.

pip install hstsparser

On Fedora

HSTS Parser is available through Fedora COPR for Fedora 38+.

dnf copr enable thebeanogamer/hstsparser
dnf install hstsparser

On Windows

Windows binaries are published by GitHub Actions CI for each release of HSTS Parser. You can download these on the releases page.

Usage

All of the below documentation is written for the Python version rather than the standalone executable, but the commands will be the same.

$ hstsparser -h
usage: hstsparser [-h] [-w WORDLIST] [--csv CSV] (--firefox | --chrome) FILE

Process HSTS databases

positional arguments:
  FILE         The path to the database to be processed

optional arguments:
  -h, --help   show this help message and exit
  -w WORDLIST  The path to the database to be processed
  --csv CSV    Output to a CSV file
  --firefox    Process a Firefox database
  --chrome     Process a Chrome database

Examples

Firefox

hstsparser --firefox SiteSecurityServiceState.txt

Chrome

hstsparser --chrome TransportSecurity

Chrome with Wordlist

hstsparser -w wordlist.txt --chrome TransportSecurity

Screenshots

Firefox

Screenshot of Firefox Processing

Chrome with Wordlist

Screenshot of Chrome Processing with a wordlist

Links