Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Google Service Json

By kannthu

Low
Vidoc logoVidoc Module
#google#cloud#exposure#files
Description

What is the "Google Service Json?"

The "Google Service Json" module is designed to detect misconfigurations in Google Cloud services. It specifically targets the exposure of sensitive files, such as the "google-services.json" file. This module has a low severity level.

Impact

If the "google-services.json" file is exposed, it can potentially lead to unauthorized access to sensitive information stored in Google Cloud services. This can include storage buckets and OAuth client credentials.

How the module works?

The "Google Service Json" module works by sending HTTP requests to specific paths where the "google-services.json" file may be located. It then applies matching conditions to determine if the file is exposed and if the response status is 200 (OK).

For example, one of the HTTP requests sent by this module is:

GET /google-services.json

The module uses two matching conditions:

- The first condition checks if the response body contains the words "storage_bucket" and "oauth_client". - The second condition checks if the response status is 200 (OK).

Both conditions must be met for the module to detect a misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/google-services.jso.../app/google-services.../android/app/google-...
Matching conditions
word: storage_bucket, oauth_clientand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability