Simple Google APIs token checker.
Used to determine whether or not a leaked/found Google API key is vulnerable to unauthorized access by other applications.
Most of Bug-bounty platforms mark this type of vulnerability as informational/low impact. If you're passing this off as a bug, double-check the find and impact.
Clone repo:
git clone https://github.com/the29a/GAK-Sprayer
Or
gh repo clone the29a/GAK-Sprayer
Run:
python3 gak-sprayer.py --api-key AIzaSyCxr...Rb-PzMOV8U4n2q...6e4
docker build -t gak-sprayer .
docker run --rm -v $(pwd):/home/gak/ -i docker.io/library/gak-sprayer --api-key AIzaSyCxr...Rb-PzMOV8U4n2q...6e4
- Safe Browsing API
- FCM API
- Books API Using the API
- Custom Search API
- Directions API
- Elevation API
- Find Place From Text API
- Distance Matrix API
- Geocoding API
- Geolocation API
- Maps Embed API
- Nearby Search API
- Nearest Roads API
- Place Autocomplete API
- Place Details API
- Place Photo API
- Directions API
- Snap to Roads API
- Speed Limits API
- Street View Static API
- Text Search Places API
- Timezone API
Non-actual:
- [?] Maps Embed Advanced API
- [?] Maps Static API (embed static maps)
- [?] Playable Locations API deprecated as of October 18, 2021
Google API:
Google Cloud APIs
Google APIs Explorer
Similar and related projects:
gmapsapiscanner
fcm-takeover