├── README.md ├── gmap-check.png └── gmaps.rb /README.md: -------------------------------------------------------------------------------- 1 | # GapiChecker 2 | Google maps api key checker for pentesting 3 | 4 | ![Alt text](https://github.com/z3n70/GapiChecker/blob/main/gmap-check.png?raw=true "gapcheck") 5 | 6 | #install 7 | - gem install httparty 8 | - gem install colorize 9 | 10 | ruby gmaps.rb 11 | -------------------------------------------------------------------------------- /gmap-check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/z3n70/GapiChecker/74b23a591653b3806ae1c5022ff0eb4db48a9639/gmap-check.png -------------------------------------------------------------------------------- /gmaps.rb: -------------------------------------------------------------------------------- 1 | require 'httparty' 2 | require 'colorize' 3 | 4 | color = " 5 | 6 | 7 | █▀▀ █▀▄▀█ ▄▀█ █▀█ █▀   ▄▀█ █▀█ █   █▀▀ █░█ █▀▀ █▀▀ █▄▀ █▀▀ █▀█ 8 | █▄█ █░▀░█ █▀█ █▀▀ ▄█   █▀█ █▀▀ █   █▄▄ █▀█ ██▄ █▄▄ █░█ ██▄ █▀▄ 9 | 10 | coded : [Little_Boy] 11 | " 12 | 13 | puts color.colorize(:red) 14 | 15 | def scan() 16 | print 'Enter You Google Maps API Key : ' 17 | apikey = gets.chomp 18 | puts 19 | # apikey="AIzaSyA3bsDl1xddiU_w38hA-fsGea8kWsp5uJM" #api vuln 20 | # apikey="AIzaSyB41WOlRVKsPo0ZCoznE3qvwQ-AkWoONIY"#api gk vuln 21 | # apikey="AIzaSyDDGnGXfMSJASUkudAzyIjaOXuCeWxxyN0"#api invalid 22 | puts "1. APIKey Google Apis Consumersearch 5$ Per 1000 Request" 23 | url = "https://www.googleapis.com/customsearch/v1?cx=017576662512468239146:omuauf_lfve&q=lectures&key=#{apikey}" 24 | 25 | result = HTTParty.get(url, follow_redirects: false) 26 | 27 | if result.body.include?('PERMISSION_DENIED' || 'SERVICE_DISABLED' || 'API key not valid') || result.code == 400 28 | puts 'Not Vulnerable'.colorize(:red) 29 | else !result.body.include?('PERMISSION_DENIED' || 'SERVICE_DISABLED' || 'forbidden' || 'API key not valid') 30 | puts "Vulnerable => #{url}".colorize(:yellow) 31 | end 32 | puts 33 | 34 | puts "2. APIKey Staticmap $2 Per 1000 Request" 35 | url = "https://maps.googleapis.com/maps/api/staticmap?center=45%2C10&zoom=7&size=400x400&key=#{apikey}" 36 | result = HTTParty.get(url, follow_redirects: false) 37 | 38 | if result.body.include?('server rejected your request.' || 'The provided API key is invalid.') 39 | puts 'Not Vulnerable'.colorize(:red) 40 | else !result.body.include?('server rejected your request.' || 'The provided API key is invalid.') 41 | puts "Vulnerable => #{url}".colorize(:yellow) 42 | end 43 | puts 44 | 45 | puts "3. APIKey Streetview $7 Per 1000 Request" 46 | url = "https://maps.googleapis.com/maps/api/streetview?size=400x400&location=40.720032,-73.988354&fov=90&heading=235&pitch=10&key=#{apikey}" 47 | result = HTTParty.get(url, follow_redirects: false) 48 | 49 | if result.body.include?('rejected your request.' || 'API key is invalid.') 50 | puts "Not Vulnerable".colorize(:red) 51 | else !result.body.include?('rejected your request.' || 'API key is invalid.') 52 | puts "Vulnerable => #{url}".colorize(:yellow) 53 | end 54 | puts 55 | 56 | puts "4. APIKey Direction $10 Per 1000 Request" 57 | url = "https://maps.googleapis.com/maps/api/directions/json?origin=Disneyland&destination=Universal+Studios+Hollywood4&key=#{apikey}" 58 | result = HTTParty.get(url, follow_redirects: false) 59 | 60 | if result.body.include?('REQUEST_DENIED') 61 | puts 'Not Vulnerable'.colorize(:red) 62 | else !result.body.include?('REQUEST_DENIED') 63 | puts "Vulnerable => #{url}".colorize(:yellow) 64 | end 65 | puts 66 | 67 | puts "5. APIKey Geocode $10 Per 1000 Request" 68 | url = "https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key=#{apikey}" 69 | result = HTTParty.get(url, follow_redirects: false) 70 | 71 | if result.body.include?('REQUEST_DENIED') 72 | puts 'Not Vulnerable'.colorize(:red) 73 | else !result.body.include?('REQUEST_DENIED') 74 | puts "Vulnerable => #{url}".colorize(:yellow) 75 | end 76 | puts 77 | 78 | puts "6. APIKey Distance Matrix $10 Per 1000 Request" 79 | url = "https://maps.googleapis.com/maps/api/distancematrix/json?units=imperial&origins=40.6655101,-73.89188969999998&destinations=40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626&key=#{apikey}" 80 | result = HTTParty.get(url, follow_redirects: false) 81 | 82 | if result.body.include?('REQUEST_DENIED') 83 | puts 'Not Vulnerable'.colorize(:red) 84 | else !result.body.include?('REQUEST_DENIED') 85 | puts "Vulnerable => #{url}".colorize(:yellow) 86 | end 87 | puts 88 | 89 | puts "7. APIKey Find Place From Text $17 Per 1000 Request" 90 | url = "https://maps.googleapis.com/maps/api/place/findplacefromtext/json?input=Museum%20of%20Contemporary%20Art%20Australia&inputtype=textquery&fields=photos,formatted_address,name,rating,opening_hours,geometry&key=#{apikey}" 91 | result = HTTParty.get(url, follow_redirects: false) 92 | 93 | if result.body.include?('REQUEST_DENIED') 94 | puts 'Not Vulnerable'.colorize(:red) 95 | else !result.body.include?('REQUEST_DENIED') 96 | puts "Vulnerable => #{url}".colorize(:yellow) 97 | end 98 | puts 99 | 100 | puts "8. APIKey Autocomplate $3 Per 1000 Request" 101 | url = "https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Bingh&types=%28cities%29&key=#{apikey}" 102 | result = HTTParty.get(url, follow_redirects: false) 103 | 104 | if result.body.include?('REQUEST_DENIED') 105 | puts 'Not Vulnerable'.colorize(:red) 106 | else !result.body.include?('REQUEST_DENIED') 107 | puts "Vulnerable => #{url}".colorize(:yellow) 108 | end 109 | puts 110 | 111 | puts "9. APIKey Elevation $5 Per 1000 Request" 112 | url = "https://maps.googleapis.com/maps/api/elevation/json?locations=39.7391536,-104.9847034&key=#{apikey}" 113 | result = HTTParty.get(url, follow_redirects: false) 114 | 115 | if result.body.include?('REQUEST_DENIED') 116 | puts 'Not Vulnerable'.colorize(:red) 117 | else !result.body.include?('REQUEST_DENIED') 118 | puts "Vulnerable => #{url}".colorize(:yellow) 119 | end 120 | puts 121 | 122 | puts "10. APIKey Timezone $5 Per 1000 Request" 123 | url = "https://maps.googleapis.com/maps/api/timezone/json?location=39.6034810,-119.6822510×tamp=1331161200&key=#{apikey}" 124 | result = HTTParty.get(url, follow_redirects: false) 125 | 126 | if result.body.include?('REQUEST_DENIED') 127 | puts 'Not Vulnerable'.colorize(:red) 128 | else !result.body.include?('REQUEST_DENIED') 129 | puts "Vulnerable => #{url}".colorize(:yellow) 130 | end 131 | puts 132 | 133 | puts "11. APIKey Nearest Roards $10 Per 1000 Request" 134 | url = "https://roads.googleapis.com/v1/nearestRoads?points=60.170880,24.942795|60.170879,24.942796|60.170877,24.942796&key=#{apikey}" 135 | result = HTTParty.get(url, follow_redirects: false) 136 | 137 | if result.body.include?('PERMISSION_DENIED') || result.code == 400 138 | puts 'Not Vulnerable'.colorize(:red) 139 | else !result.body.include?('PERMISSION_DENIED') 140 | puts "Vulnerable => #{url}".colorize(:yellow) 141 | end 142 | puts 143 | 144 | puts "12. APIKey Geolocation $5 Per 1000 Request" 145 | url = "https://www.googleapis.com/geolocation/v1/geolocate?key=#{apikey}" 146 | result = HTTParty.get(url, follow_redirects: false) 147 | 148 | if result.code == 404 149 | puts 'Not Vulnerable'.colorize(:red) 150 | else !result.code == 404 151 | puts "Vulnerable => #{url}".colorize(:yellow) 152 | end 153 | puts 154 | 155 | puts "13. APIKey Route to Traveled $10 Per 1000 Request" 156 | url = "https://roads.googleapis.com/v1/snapToRoads?path=-35.27801,149.12958|-35.28032,149.12907&interpolate=true&key=#{apikey}" 157 | result = HTTParty.get(url, follow_redirects: false) 158 | 159 | if result.body.include?('PERMISSION_DENIED') || result.code == 400 160 | puts 'Not Vulnerable'.colorize(:red) 161 | else !result.body.include?('PERMISSION_DENIED') 162 | puts "Vulnerable => #{url}".colorize(:yellow) 163 | end 164 | puts 165 | 166 | puts "14. APIKey Speed Limit Roads $20 Per 1000 Request" 167 | url = "https://roads.googleapis.com/v1/speedLimits?path=38.75807927603043,-9.03741754643809&key=#{apikey}" 168 | result = HTTParty.get(url, follow_redirects: false) 169 | 170 | if result.body.include?('PERMISSION_DENIED' || 'SERVICE_DISABLED') 171 | puts 'Not Vulnerable'.colorize(:red) 172 | elsif result.body.include?('PERMISSION_DENIED' || 'API_KEY_HTTP_REFERRER_BLOCKED') 173 | puts 'Not Vulnerable'.colorize(:red) 174 | elsif result.body.include?('INVALID_ARGUMENT' || 'API_KEY_INVALID') 175 | puts 'Not Vulnerable'.colorize(:red) 176 | else !result.body.include?('API_KEY_HTTP_REFERRER_BLOCKED' || 'PERMISSION_DENIED' || 'SERVICE_DISABLED') 177 | puts "Vulnerable => #{url}".colorize(:yellow) 178 | end 179 | puts 180 | 181 | puts "15. APIKey Place Detail $17 Per 1000 Request" 182 | url = "https://maps.googleapis.com/maps/api/place/details/json?place_id=ChIJN1t_tDeuEmsRUsoyG83frY4&fields=name,rating,formatted_phone_number&key=#{apikey}" 183 | result = HTTParty.get(url, follow_redirects: false) 184 | 185 | if result.body.include?('REQUEST_DENIED') 186 | puts 'Not Vulnerable'.colorize(:red) 187 | else !result.body.include?('REQUEST_DENIED') 188 | puts "Vulnerable => #{url}".colorize(:yellow) 189 | end 190 | puts 191 | 192 | puts "16. APIKey Nearby Search-Place $32 Per 1000 Request" 193 | url = "https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=100&types=food&name=harbour&key=#{apikey}" 194 | result = HTTParty.get(url, follow_redirects: false) 195 | 196 | if result.body.include?('REQUEST_DENIED') 197 | puts 'Not Vulnerable'.colorize(:red) 198 | else !result.body.include?('REQUEST_DENIED') 199 | puts "Vulnerable => #{url}".colorize(:yellow) 200 | end 201 | puts 202 | 203 | puts "17. APIKey Text Search-Place $32 Per 1000 Request" 204 | url = "https://maps.googleapis.com/maps/api/place/textsearch/json?query=restaurants+in+Sydney&key=#{apikey}" 205 | result = HTTParty.get(url, follow_redirects: false) 206 | 207 | if result.body.include?('REQUEST_DENIED') 208 | puts 'Not Vulnerable'.colorize(:red) 209 | else !result.body.include?('REQUEST_DENIED') 210 | puts "Vulnerable => #{url}".colorize(:yellow) 211 | end 212 | puts 213 | 214 | puts "18. APIKey Place Photo $7 Per 1000 Request" 215 | url = "https://maps.googleapis.com/maps/api/place/photo?maxwidth=400&photoreference=CnRtAAAATLZNl354RwP_9UKbQ_5Psy40texXePv4oAlgP4qNEkdIrkyse7rPXYGd9D_Uj1rVsQdWT4oRz4QrYAJNpFX7rzqqMlZw2h2E2y5IKMUZ7ouD_SlcHxYq1yL4KbKUv3qtWgTK0A6QbGh87GB3sscrHRIQiG2RrmU_jF4tENr9wGS_YxoUSSDrYjWmrNfeEHSGSc3FyhNLlBU&key=#{apikey}" 216 | result = HTTParty.head(url, follow_redirects: true) 217 | 218 | if result.code == 403 219 | puts 'Not Vulnerable'.colorize(:red) 220 | else result.code == 302 221 | puts "Vulnerable => #{url}".colorize(:yellow) 222 | end 223 | puts 224 | 225 | puts "19. APIKey Query Auto Complate 5$ Per 1000 Request" 226 | url = "https://maps.googleapis.com/maps/api/place/queryautocomplete/json?input=pizza+near%20par&key=#{apikey}" 227 | result = HTTParty.get(url, follow_redirects: false) 228 | 229 | if result.body.include?('REQUEST_DENIED') 230 | puts 'Not Vulnerable'.colorize(:red) 231 | else !result.body.include?('REQUEST_DENIED') 232 | puts "Vulnerable => #{url}".colorize(:yellow) 233 | end 234 | puts 235 | 236 | puts "20. APIKey Place Embed 5$ Per 1000 Request" 237 | url = "https://www.google.com/maps/embed/v1/place?q=Seattle&key=#{apikey}" 238 | result = HTTParty.get(url, follow_redirects: false) 239 | 240 | if result.body.include?('Google Maps Platform rejected your request') 241 | puts 'Not Vulnerable'.colorize(:red) 242 | else result.body.include?('The Google Maps Embed API must be used in an iframe.') 243 | puts "Vulnerable => PoC ".colorize(:yellow) 244 | end 245 | 246 | rescue Interrupt 247 | puts "Leaving the program...".red 248 | end 249 | 250 | scan() 251 | --------------------------------------------------------------------------------