Skip to content

Br2850/gmapsapiscanner

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

Google Maps API Scanner

Used for determining whether a leaked/found Google Maps API Key is vulnerable to unauthorized access by other applications or not.

Usage:

  • Download maps_api_scanner.py file and run as: python maps_api_scanner.py.
  • Paste API key wanted to test when asked.
  • Script will return API key is vulnerable for XXX API! message and the PoC link/code if determines any unauthorized access within this API key within any API's.

Checked APIs:

  • Staticmap API
  • Streetview API
  • Embed API
  • Directions API
  • Geocode API
  • Distance Matrix API
  • Find Place From Text API
  • Autocomplete API
  • Elevation API
  • Timezone API
  • Roads API

Not Checked APIs:

  • JavaScript API

Notes:

  • Because JavaScript API needs manual confirmation from a web browser directly, checks are not conducted for that API. If the script didn't found any vulnerable endpoints above or JavaScript API also wanted to be tested, manual checks can be conducted on this API within going to https://developers.google.com/maps/documentation/javascript/tutorial URL & copying HTML code and changing 'key' parameter with the one wanted to test. After opening file on the browser, if loaded without errors, then the API key is also vulnerable for JavaScript API.
  • If you find any Google Maps API's which are not mentioned in this document/script, ping me via Twitter with details so I can also add them.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%