OAuth grants make it easier than ever to unintentionally give full access to employee and company data in the cloud to Phishermen/women, companies that data mine, and other undesirables.
This toolkit enables you to keep records about what access is shared and educate the users about the scopes that they grant an application. Currently the Google API does not allow our tooling to take an active role in deciding what access is granted.
- Writes all GSuite token events to Elasticsearch
- Notifies users upon authorizing untrusted or blacklisted apps
- Revokes access to blacklisted apps
- Educates end-users by visualizing risk rating of uncategorized apps using color-coded templates
indexes authorization events from the Google Admin API into Elasticsearch.
sends notifications with educational information about Oauth scopes.
-
Verify that you are a Google Admin or Superadmin with permission to access to the Admin Directory SDK API. Note: OAudit works with a standard admin account, you will not be able to revoke tokens that belong to other admins.
-
Follow Google’s Python Quickstart Guide to create a project with the Admin SDK API enabled.
-
Create a service account under your new project.
-
Save the service account secret file (default:client_secret.json).
-
Install
oaudit-collectorrequirements:sudo pip3 install -r collector/requirements.txt
-
Place the service account secret in a safe location.
-
Run
oaudit-collectorwith CLI args:python3 collector/collector.py \ --secret-file "/run/secrets/oauth-notify" \ --service-account-email "[email protected]" \ --elasticsearch-hosts "esnode1:9200,esnode2:9200"
-
Install
oaudit-notifierrequirements:sudo pip3 install -r notifier/requirements.txt
-
Run
oaudit-notifierwith CLI args:python3 notifier/notifier.py \ --secret-file "/run/secrets/oauth-notify" \ --service-account-email "[email protected]" \ --elasticsearch-hosts "esnode1:9200,esnode2:9200" \ --sender-email "[email protected]" \ --smtp-server "smtp.domain.com" \ --test-email "[email protected]" \ --elasticsearch-index "index"