GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → alulsh → drive-public-files

alulsh / drive-public-files

Licence: MIT license
Audit your public Google Drive files.

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

securitygoogle-driveinfosec

Projects that are alternatives of or similar to drive-public-files

bim360appstore-data.management-nodejs-transfer.storage
Autodesk design file transfer app: Transfers files from Autodesk (BIM 360, Fusion 360) to other Storages (Dropbox, Box, Onedrive, Google Drive, Egnyte)
Stars: ✭ 28 (-3.45%)
Mutual labels:  google-drive
diwa
A Deliberately Insecure Web Application
Stars: ✭ 32 (+10.34%)
Mutual labels:  infosec
gdrive-dl
Download and sync Google Drive files and folders without account
Stars: ✭ 15 (-48.28%)
Mutual labels:  google-drive
sec-scannode
SEC分布式资产扫描系统
Stars: ✭ 8 (-72.41%)
Mutual labels:  infosec
gigger
Git folder digger, I'm sure it's worthwhile stuff.
Stars: ✭ 39 (+34.48%)
Mutual labels:  infosec
maalik
Feature-rich Post Exploitation Framework with Network Pivoting capabilities.
Stars: ✭ 75 (+158.62%)
Mutual labels:  infosec
simple-image-server
Host Your Own Image Server based on MongoDB, Azure Blob Storage or Google Drive
Stars: ✭ 29 (+0%)
Mutual labels:  google-drive
rclone-drive
☁️Simple web cloud storage based on rclone, transform cloud storage (s3, google drive, one drive, dropbox) into own custom web-based storage
Stars: ✭ 30 (+3.45%)
Mutual labels:  google-drive
gwdomains
sub domain wild card filtering tool
Stars: ✭ 38 (+31.03%)
Mutual labels:  infosec
materialdrive
Google Drive with Angular Material
Stars: ✭ 43 (+48.28%)
Mutual labels:  google-drive
oscp-omnibus
A collection of resources I'm using while working toward the OSCP
Stars: ✭ 46 (+58.62%)
Mutual labels:  infosec
AutonomousThreatSweep
Threat Hunting queries for various attacks
Stars: ✭ 70 (+141.38%)
Mutual labels:  infosec
incident-response-plan-template
A concise, directive, specific, flexible, and free incident response plan template
Stars: ✭ 288 (+893.1%)
Mutual labels:  infosec
Subcert
Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (+100%)
Mutual labels:  infosec
PasswordKeeper
Web-app to help you securely store your encrypted passwords in your Google Drive.
Stars: ✭ 43 (+48.28%)
Mutual labels:  google-drive
garmdown
Download Garmin Connect Data
Stars: ✭ 14 (-51.72%)
Mutual labels:  google-drive
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+734.48%)
Mutual labels:  infosec
pentest-notes
渗透测试☞经验/思路/总结/想法/笔记
Stars: ✭ 734 (+2431.03%)
Mutual labels:  infosec
mirror-leech-telegram-bot
Aria/qBittorrent Telegram mirror/leech bot
Stars: ✭ 1,289 (+4344.83%)
Mutual labels:  google-drive
Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Stars: ✭ 379 (+1206.9%)
Mutual labels:  infosec
View All Similar Projects ➔

drive-public-files

A Google Apps Script that audits all of your Google Drive files for any publicly shared files and sends you an email with the results.

Public Google Drive documents

Public Google Drive documents can be viewed or edited by anyone with the link. These documents can even show up in Google searches if they are "Public on the web." Public sharing is useful for crowd sourcing information or publishing content, but it's not appropriate for sensitive information.

Often people create public Google Drive files because they're not aware they can share with other Google users directly. Public sharing is also the default sharing option in the Google Drive UI.

Auditing public Google Drive documents

The Google Drive UI does not let you search for your publicly shared files. G Suite Admins or security teams may need to help users identify their public Google Drive files.

I created this project to solve this problem. It uses the Google Drive SDK search feature via the searchFiles() method in Google Apps Script DriveApp to find files with a visibility of anyoneCanFind or anyoneWithLink. The script then emails the user the names and URLs of their public Drive files.

Running the script

I publicly shared this script so that anybody can view or run it. You will see warnings from Google that this script is unsafe. This because I have not published it the Chrome Web Store as a Google-reviewed add-on or web app.

To run the script:

  1. Visit https://script.google.com/d/1BfmF_Iw728kZdTugkzDrH4FmTo0S_i78Fgt61QF55P9uuym8rPIrKIlU/edit.
  2. Click on the triangle run button (next to the spider debugger).
  3. Click "Review Permissions" when asked for authorization.
  4. Sign in to your Google account.
  5. Click on "Advanced" under "This app isn't verified."
  6. Click on "Go to Public Google Drive files audit (unsafe)."
  7. Click "Allow."
  8. The script will start to run. You should see a yellow banner with "Running function getPublicFiles..."
  9. You will receive an email report of your public Drive files when the script finishes.

Creating a copy

If you'd like to make a copy of this script in your own Google account:

  1. Visit https://script.google.com/d/1BfmF_Iw728kZdTugkzDrH4FmTo0S_i78Fgt61QF55P9uuym8rPIrKIlU/edit.
  2. Click on "File" then "Make a copy..."

Cloning a local copy with clasp

I used clasp to develop this script locally with git source control. If you'd like to clone this script locally with clasp:

  1. Globally install clasp - npm install -g @google/clasp.
  2. Login to your Google account with clasp - clasp login.
  3. Enable the Google Apps Script API on your Google account - https://script.google.com/home/usersettings.
  4. Create a copy of the script in your own account, see Creating a copy.
  5. Create a folder for the App Script files and change in to that directory.
  6. Run clasp clone <script ID>. The script ID is in the URL of your copy of the script.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].