Google Calendar Audit Public View

main.rb

###
#
# Setup: This requires an 'emails.txt' file in this directory as well
#
# Simply run 'ruby main.rb' and wait
#
# You may run in to issues when attempting to grab more than 100 addresses without refactoring threading to pools
#
# n.b. you'll get bot banned, be careful
#
###

require 'net/http'
# require 'ruby-progressbar'

email_roster = File.read('emails.txt').split("\n")

def fetch(uri_str, limit = 10)
  # TODO: Beef this part up
  raise ArgumentError, 'too many HTTP redirects' if limit == 0

  response = Net::HTTP.get_response(URI(uri_str))

  case response
  when Net::HTTPSuccess then
    response
  when Net::HTTPRedirection then
    location = response['location']
    warn "redirected to #{location}"
    fetch(location, limit - 1)
  else
    response
  end
end

# progressbar = ProgressBar.create(:total => email_roster.count)
base_url_string = 'https://calendar.google.com/calendar/htmlembed?src='
output_string = ""

threads = []

email_roster.each do |email|
  # progressbar.increment
  url_string = base_url_string + email
  threads << Thread.new {
    response = fetch(url_string)
    if response.code != '404'
      output_string += "email: #{email}\tstatus: #{response.code}\tlink: #{url_string}\n"
    end
  }
end

threads.each(&:join)

puts "#{email_roster.count} calendars checked, any listed may be vulnerable: \n\n#{output_string}"