Light

vhssunny1 / gmapsapiscanner Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ozguralp/gmapsapiscanner

0.0 1.0 0.0 107 KB

License: MIT License

Python 100.00%

gmapsapiscanner's Introduction

Google Maps API Scanner

Used for determining whether a leaked/found Google Maps API Key is vulnerable to unauthorized access by other applications or not.

Blog Post #1 - Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care

Blog Post #2 - Google Maps API (Not the Key) Bugs That I Found Over the Years

Usage:

Download maps_api_scanner.py file and run as: python maps_api_scanner.py & paste API key wanted to test when asked.
Script will return API key is vulnerable for XXX API! message and the PoC link/code if determines any unauthorized access within this API key within any API's.
Now it supports also api key as argument such as python maps_api_scanner.py --api-key API_KEY.
If you want to use python3, download maps_api_scanner_python3.py file and run as: python3 maps_api_scanner_python3.py.

Checked APIs:

Staticmap API
Streetview API
Embed (Basic-Free) API
Embed (Advanced-Paid) API
Directions API
Geocode API
Distance Matrix API
Find Place From Text API
Autocomplete API
Elevation API
Timezone API
Roads API
Geolocation API
Route to Traveled API
Speed Limit-Roads API
Place Details API
Nearby Search-Places API
Text Search-Places API
Places Photo API
Playable Locations API
FCM API
Custom Search API

Semi-Auto Checked APIs:

JavaScript API

Notes:

Because JavaScript API needs manual confirmation from a web browser directly, only file is created via the script for manual checks/confirmation.
For Staticmap, Streetview and Embed API's, if used from another domain instead of just testing from browser; whether referer checks are enabled or not on the server-side for the key, script still could return it as vulnerable due to a server-side vulnerability. If you cannot reproduce the vulnerability via browser while the script says so, please read the Blog Post #2 for more information & a better understanding about what is going on.
If you find any Google Maps API's which are not mentioned in this document/script, create an issue with details so I can also add them.
Special thanks to Yatin for his contributions on both discovery of additional API's & cost information!

gmapsapiscanner's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.