[Not an issue] TODO LIST & Discord for researches #433

New issue

Closed

opened 2025-10-14 17:25:40 -06:00 by navan · 0 comments

navan commented

2025-10-14 17:25:40 -06:00

Owner

Originally created by @mxrch on 10/9/2020

Docker

✅ Link Dockerhub to automate the Docker image build
✅ Adapt the Docker build in the Readme for Windows users too

Features

✅ Not load cookies by default in Google Photos & Google Maps & Youtube to have a public view and avoiding seeing private informations if we test with our own email. Gonna add options in config.py to load them.
✅ (just write for the moment) Add a check to know if the target has a default profile picture or not, and if not, maybe open the image in a new window (will obviously not work on systems with no graphical display like Linux VPS) or find a way to print it directly in the terminal (but can cause incompatibility between terminals), or just print the link. I'll think about what we can do and what's better.
✅ Adding the target's Google Calendar if it is in public (it is not by default)
✅ Adding support to use scripts from outside the GHunt directory (issue #25)
Adding the extraction of the phone model associated to the Google Account, in the Password Forgot steps. Without Selenium it is a little hard but I'm studying it, it works with the same type of challenges used in the login, and a code is generated in the requests to let us access it. I already found how to generate the code per accounts, now I'm searching how to activate it, to then just go on the page with the right code activated, which always starts with "AM3QAY", you'll notice it easily. It's the "TL" parameter in the URL. Sometimes Google send a notification in the target's phone when we start the recovery procedure, so this eventual feature will be deactivated by default.
Adding the last Youtube activity with some stats, and extracts maybe the last 15 comments to analyze them with the JigSaw Perspective API (Jigsaw is a Google division) and calculating the aggressivity of the target.

I'm also thinking about creating a Discord for the reverse-engineering and trying to dig together in the Google code, and why not communicate between the contributors.
Let me know what do you think about the Discord or one of the element in the list !

(PS: I just write this to-do so people know what is planned, to avoid issues like #75 )

*Originally created by @mxrch on 10/9/2020* ## Docker - ✅ Link Dockerhub to automate the Docker image build - ✅ Adapt the Docker build in the Readme for Windows users too ## Features - ✅ Not load cookies by default in Google Photos & Google Maps & Youtube to have a public view and avoiding seeing private informations if we test with our own email. Gonna add options in config.py to load them. - ✅ (just write for the moment) Add a check to know if the target has a default profile picture or not, and if not, maybe open the image in a new window (will obviously not work on systems with no graphical display like Linux VPS) or find a way to print it directly in the terminal (but can cause incompatibility between terminals), or just print the link. I'll think about what we can do and what's better. - ✅ Adding the target's Google Calendar if it is in public (it is not by default) - ✅ Adding support to use scripts from outside the GHunt directory (issue #25) - Adding the extraction of the phone model associated to the Google Account, in the Password Forgot steps. Without Selenium it is a little hard but I'm studying it, it works with the same type of challenges used in the login, and a code is generated in the requests to let us access it. I already found how to generate the code per accounts, now I'm searching how to activate it, to then just go on the page with the right code activated, which always starts with "AM3QAY", you'll notice it easily. It's the "TL" parameter in the URL. Sometimes Google send a notification in the target's phone when we start the recovery procedure, so this eventual feature will be deactivated by default. - Adding the last Youtube activity with some stats, and extracts maybe the last 15 comments to analyze them with the JigSaw Perspective API (Jigsaw is a Google division) and calculating the aggressivity of the target. I'm also thinking about creating a Discord for the reverse-engineering and trying to dig together in the Google code, and why not communicate between the contributors. Let me know what do you think about the Discord or one of the element in the list ! (PS: I just write this to-do so people know what is planned, to avoid issues like #75 )