📰 Latest news

• 02/10/2020 : Since few days ago, Google return a 404 when we try to access someone's Google Photos public albums, we can only access it if we have a link of one of his albums.
  Either this is a bug and this will be fixed, either it's a protection that we need to find how to bypass.
• 03/10/2020 : Successfully bypassed. 🕺 (commit 01dc016)
  It requires the "Profile photos" album to be public (it is by default)
• 20/10/2020 : Google WebArchive now returns a 404 even when coming from the "Profile photos" album, so the photos scraping is temporary (or permanently) disabled. (commit e762543)

Installation

Docker

You can build the Docker image with:

docker build --build-arg UID=$(id -u ${USER}) --build-arg GID=$(id -g ${USER}) -t ghunt .

Any of the scripts can be invoked through:

docker run -v $(pwd)/resources:/usr/src/app/resources -ti ghunt check_and_gen.py
docker run -v $(pwd)/resources:/usr/src/app/resources -ti ghunt hunt.py <email_address>

Manual installation

• Make sure you have Python 3.6.1+ installed. (I developed it with Python 3.8.1)
• Some Python modules are required which are contained in requirements.txt and will be installed below.

1. Chromedriver & Google Chrome

This project uses Selenium and automatically downloads the correct driver for your Chrome version.
⚠️ So just make sure to have Google Chrome installed.

2. Requirements

In the GHunt folder, run:

python -m pip install -r requirements.txt

Adapt the command to your operating system if needed.

Usage

For the first run and sometimes after, you'll need to check the validity of your cookies.
To do this, run check_and_gen.py.
If you don't have cookies stored (ex: first launch), you will be asked for the 4 required cookies. If they are valid, it will generate the Authentication token and the Google Docs & Hangouts tokens.

Then, you can run the tool like this:

python hunt.py [email protected]

⚠️ I suggest you make an empty account just for this or use an account where you never login because depending on your browser/location, re-logging in into the Google Account used for the cookies can deauthorize them.

Where I find these 4 cookies ?

1. Log in to accounts.google.com
2. After that, open the Dev Tools window and navigate to the Storage tab (Shift + F9 on Firefox) (It's called "Application" on Chrome)
   If you don't know how to open it, just right-click anywhere and click "Inspect Element".
3. Then you'll find every cookie you need, including the 4 ones.

🛡️ Protecting yourself

Regarding the collection of metadata from your Google Photos account:

Given that Google shows "X require access" on your Google Account Dashboard, you might imagine that you had to explicitly authorize another account in order for it to access your pictures; but this is not the case.
Any account can access your AlbumArchive (by default):

Here's how to check and fix the fact that you're vulnerable (wich you most likely are):
Go to https://get.google.com/albumarchive/ while logged in with your Google account. You will be automatically redirected to your correct albumarchive URL (https://get.google.com/albumarchive/YOUR-GOOGLE-ID-HERE). After that, click the three dots on the top left corner, and click on setting

On another note, the target account will also be vulnerable if they have ever used Picasa linked to their Google account in any way, shape or form. For more details on this, read PinkDev1's comment on issue #10.
For now, the only (known) solution to this is to delete the Picasa albums from your AlbumArchive.

Thanks

This tool is based on Sector's research on Google IDs and completed by my own as well.
If I have the motivation to write a blog post about it, I'll add the link here !

Tutorial 

Help : https://github.com/mxrch/GHunt/issues