Home

Awesome

Google Maps API Scanner

Used for determining whether a leaked/found Google Maps API Key is vulnerable to unauthorized access by other applications or not.

Blog Post #1 - Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care

Blog Post #2 - Google Maps API (Not the Key) Bugs That I Found Over the Years

Please note that most of the bug bounty platforms marking this vulnerability type as informational/low impact. So please make sure that the platform or program is accepting this kind of issues before reporting.

Usage:

Checked APIs:

Semi-Auto Checked APIs:

Notes:

Docker

To run this script in a Dockerized Alpine Linux environment, use the following commands:

docker build -t google_maps_api_scanner .
docker run --rm -v $(pwd):/opt/html -i docker.io/library/google_maps_api_scanner <api key>