Skip to content
Nuclei Templates

Google API Token Usage Enumeration

ID: google-api-token-usage-enumeration

Severity: “

Author: tanq16

Tags:

Description

Section titled “Description”

This template is a workflow that allows enumeration of usage capabilities for an exposed Google API Key. A key found or discovered in front-end or source code can be validated for authorization of use and can also be used to make multiple requests and produce high bills for the owner if usage is unrestricted

YAML Source

Section titled “YAML Source”
id: google-api-token-usage-enumeration


info:
  name: Google API Token Usage Enumeration
  author: tanq16
  description: This template is a workflow that allows enumeration of usage capabilities for an exposed Google API Key. A key found or discovered in front-end or source code can be validated for authorization of use and can also be used to make multiple requests and produce high bills for the owner if usage is unrestricted
workflows:
  - template: http/token-spray/google-autocomplete.yaml


  - template: http/token-spray/google-books.yaml


  - template: http/token-spray/google-customsearch.yaml


  - template: http/token-spray/google-directions.yaml


  - template: http/token-spray/google-elevation.yaml


  - template: http/token-spray/google-fcm.yaml


  - template: http/token-spray/google-findplacefromtext.yaml


  - template: http/token-spray/google-gedistancematrix.yaml


  - template: http/token-spray/google-geocode.yaml


  - template: http/token-spray/google-geolocation.yaml


  - template: http/token-spray/google-mapsembed.yaml


  - template: http/token-spray/google-mapsembedadvanced.yaml


  - template: http/token-spray/google-nearbysearch.yaml


  - template: http/token-spray/google-nearestroads.yaml


  - template: http/token-spray/google-placedetails.yaml


  - template: http/token-spray/google-placesphoto.yaml


  - template: http/token-spray/google-playablelocations.yaml


  - template: http/token-spray/google-routetotraveled.yaml


  - template: http/token-spray/google-speedlimit.yaml


  - template: http/token-spray/google-staticmaps.yaml


  - template: http/token-spray/google-streetview.yaml


  - template: http/token-spray/google-timezone.yaml


  - template: http/token-spray/google-textsearchplaces.yaml

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "workflows/google-api-enumeration-workflow.yaml"

View on Github