GHunt is an OSINT tool to extract information from any Google Account using an email.
It can currently extract:
The features marked with a (P) require the target account to have the default setting of Allow the people you share content with to download your photos and videos
on Picasa, or have used Picasa linked to their Google account.
More info here.
Those marked with a (M) require the Google Maps reviews of the target to be public (they are by default).
Screenshots
Latest News
Installation
You can build the Docker image with:
docker build –build-arg UID=$(id -u ${USER}) –build-arg GID=$(id -g ${USER}) -t ghunt .
Any of the scripts can be invoked through:
docker run -v $(pwd)/resources:/usr/src/app/resources -ti ghunt check_and_gen.py
docker run -v $(pwd)/resources:/usr/src/app/resources -ti ghunt hunt.py
Manual Installation
requirements.txt
and will be installed below.This project uses Selenium and automatically downloads the correct driver for your Chrome version.
⚠️ So just make sure to have Google Chrome installed.
In the GHunt folder, run:
python -m pip install -r requirements.txt
Adapt the command to your operating system if needed.
Usage
For the first run and sometimes after, you’ll need to check the validity of your cookies.
To do this, run check_and_gen.py
.
If you don’t have cookies stored (ex: first launch), you will be asked for the 4 required cookies. If they are valid, it will generate the Authentication token and the Google Docs & Hangouts tokens.
Then, you can run the tool like this:
python hunt.py myemail@gmail.com
⚠️ I suggest you make an empty account just for this or use an account where you never login because depending on your browser/location, re-logging in into the Google Account used for the cookies can deauthorize them.
Where I find these 4 cookies ?
Protecting Yourself
Regarding the collection of metadata from your Google Photos account:
Given that Google shows “X require access” on your Google Account Dashboard, you might imagine that you had to explicitly authorize another account in order for it to access your pictures; but this is not the case.
Any account can access your AlbumArchive (by default):
Here’s how to check and fix the fact that you’re vulnerable (wich you most likely are):
Go to https://get.google.com/albumarchive/ while logged in with your Google account. You will be automatically redirected to your correct albumarchive URL (https://get.google.com/albumarchive/YOUR-GOOGLE-ID-HERE
). After that, click the three dots on the top left corner, and click on setting
Then, un-check the only option there:
On another note, the target account will also be vulnerable if they have ever used Picasa linked to their Google account in any way, shape or form. For more details on this, read PinkDev1’s comment on issue #10.
For now, the only (known) solution to this is to delete the Picasa albums from your AlbumArchive.
WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…
Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…
Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…
Pake is an innovative tool designed to convert any webpage into a desktop application with…
Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…
AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…