gmalvertising - Google Malvertising

Perform Google searches for software that is being abused by threat actors.

Setup

python3 -m venv env
source env/bin/activate
pip3 install --upgrade pip
pip3 install -r requirements.txt

Customize

Legitmate advertising domains should be added to allowed-custom.txt

Discovered malicious domains should be added to malicious-custom.txt

Run

./gsearch.sh | tee -a "findings-$(date +%Y%m%d).txt"

Example Output

$ ./gsearch.sh | tee -a findings.txt
Fri Jan 27 09:27:52 AM EST 2023
Fri Jan 27 09:29:32 AM EST 2023
Found https://anydeks-access.com/ output/20230127/anydesk-1674840572.html

Found files can be opened locally in Chrome to see them in their full glory. From there you can right-click on the link to grab it.

$ google-chrome output/teamviewer-1674573968.html
Opening in existing browser session.

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.gitignore		.gitignore
.pylintrc		.pylintrc
README.md		README.md
allowed.txt		allowed.txt
bparse.py		bparse.py
gparse.py		gparse.py
gsearch.py		gsearch.py
gsearch.sh		gsearch.sh
malicious.txt		malicious.txt
queries.txt		queries.txt
requirements.txt		requirements.txt
teaimviewer.png		teaimviewer.png
util.py		util.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

gmalvertising - Google Malvertising

Setup

Customize

Run

Example Output

About

Releases

Packages

Languages

rmceoin/gmalvertising

Folders and files

Latest commit

History

Repository files navigation

gmalvertising - Google Malvertising

Setup

Customize

Run

Example Output

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages