Google Maps API Scanner
Google Maps API Scanner
Used for determining whether a leaked/found Google Maps API Key is vulnerable to unauthorized access by other applications or not.
Blog Post #1 – Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care
Blog Post #2 – Google Maps API (Not the Key) Bugs That I Found Over the Years
Checked APIs:
- Staticmap API
- Streetview API
- Embed (Basic-Free) API
- Embed (Advanced-Paid) API
- Directions API
- Geocode API
- Distance Matrix API
- Find Place From Text API
- Autocomplete API
- Elevation API
- Timezone API
- Roads API
- Geolocation API
- Route to Traveled API
- Speed Limit-Roads API
- Place Details API
- Nearby Search-Places API
- Text Search-Places API
- Places Photo API
- Playable Locations API
- FCM API
- Custom Search API
Semi-Auto Checked APIs:
- JavaScript API
Usage:
- Download maps_api_scanner.py file (git clone https://github.com/ozguralp/gmapsapiscanner.git) and run as python maps_api_scanner.py & paste API key wanted to test when asked.
- The script will return API key is vulnerable for aaa API! message and the PoC link/code if determine any unauthorized access within this API key within any API.
- Now it supports also api key as an argument such as python maps_api_scanner.py –api-key API_KEY.
- If you want to use python3, download maps_api_scanner_python3.py file and run as: python3 maps_api_scanner_python3.py.
Copyright (c) 2020 Ozgur Alp
Source: https://github.com/ozguralp/
