Skip to content

joanbono/gap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github
.github
 
 
img
img
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
checks.go
checks.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

GAP

Google API checker.

Based on the study Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care and Google Maps API (Not the Key) Bugs That I Found Over the Years.

Checks performed

USAGE

# Check API key AIza[REDACTED] and print PoC
$ go run *.go -api AIza[REDACTED] -poc
ℹ️  Performing checks for AIza[REDACTED]
✅ Not vulnerable to DirectionsAPINot vulnerable to StaticMapAPINot vulnerable to StreetViewAPINot vulnerable to EmbedBasicAPINot vulnerable to EmbedAdvancedAPIVulnerable to DirectionsAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/directions/json?origin=Disneyland&destination=Universal+Studios+Hollywood4&key=AIza[REDACTED]

❌ Vulnerable to GeocodeAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key=AIza[REDACTED]

❌ Vulnerable to DistanceMatrixAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/distancematrix/json?units=imperial&origins=40.6655101,-73.89188969999998&destinations=40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626&key=AIza[REDACTED]

❌ Vulnerable to FindPlaceFromTextAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/findplacefromtext/json?input=Museum%20of%20Contemporary%20Art%20Australia&inputtype=textquery&fields=photos,formatted_address,name,rating,opening_hours,geometry&key=AIza[REDACTED]

❌ Vulnerable to AutocompleteAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Bingh&types=%28cities%29&key=AIza[REDACTED]

❌ Vulnerable to ElevationAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/elevation/json?locations=39.7391536,-104.9847034&key=AIza[REDACTED]

✅ Not vulnerable to TimezoneAPINot vulnerable to NearestRoadsAPINot vulnerable to GeolocationAPINot vulnerable to RouteToTraveledAPINot vulnerable to SpeedLimitRoadsAPIVulnerable to PlaceDetailsAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/details/json?place_id=ChIJN1t_tDeuEmsRUsoyG83frY4&fields=name,rating,formatted_phone_number&key=AIza[REDACTED]

❌ Vulnerable to NearbySearchPlacesAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=100&types=food&name=harbour&key=AIza[REDACTED]

❌ Vulnerable to TextSearchPlacesAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/textsearch/json?query=restaurants+in+Sydney&key=AIza[REDACTED]

❌ Vulnerable to PlacesPhotoAPI
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/photo?maxwidth=400&photoreference=CnRtAAAATLZNl354RwP_9UKbQ_5Psy40texXePv4oAlgP4qNEkdIrkyse7rPXYGd9D_Uj1rVsQdWT4oRz4QrYAJNpFX7rzqqMlZw2h2E2y5IKMUZ7ouD_SlcHxYq1yL4KbKUv3qtWgTK0A6QbGh87GB3sscrHRIQiG2RrmU_jF4tENr9wGS_YxoUSSDrYjWmrNfeEHSGSc3FyhNLlBU&key=AIza[REDACTED]

❌ Vulnerable to PlayableLocationsAPI
⚠️  PoC URL: https://playablelocations.googleapis.com/v3:samplePlayableLocations?key=AIza[REDACTED]

✅ Not vulnerable to FCMAPIVulnerable to QueryAutocompletePlaces
⚠️  PoC URL: https://maps.googleapis.com/maps/api/place/queryautocomplete/json?input=pizza+near%20par&key=AIza[REDACTED]

About

Google Maps API checker

Resources

Readme

License

Apache-2.0 license
Activity

Stars

67 stars

Watchers

6 watching

Forks

10 forks
Report repository

Releases 13

v3.0.0 Latest
Mar 5, 2024
+ 12 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 4

Languages