Google Safe Browsing is Google’s blacklist service that provides lists of URLs for web resources containing malware or phishing content. Being on this list is a big problem because it indicates that Google considers us the origin of malware or phishing. This is usually because our website has been hacked and malicious content is being published on our server.
Fortunately, Google provides us with an API with which we can check the status of a website and verify if it is blacklisted. If any of our websites are marked as dangerous, we can suspect a possible security breach and start investigating.
First, we must create a project:
https://code.google.com/apis/console/
It will create the project and we click on “view”:
To create access credentials:
Top left -> Navigation menu (Three horizontal lines) next to Google APIs
APIs & Services -> Library
Search for “Safe Browsing API” using the search bar:
Choose the current version:
Enable the API:
Create access credentials for the API:
Let’s create an IP restriction to ensure that nobody accesses the API without permission:
Click on Save:
It will show us the list of credentials:
Now we just need to install the Python savebrowsing libraries using pip and write a small script:
With the following code we can check the status of the websites:
#!/usr/local/bin/python3.7
from pysafebrowsing import SafeBrowsing
s = SafeBrowsing('XXXXXXXXXXXXXXXXXXXXXXXXXXX')
r = s.lookup_urls(http://alfaexploit.com)
print(r)
NOTE: Obviously we will have to replace the X with the API key that we can consult from the Google management panel.
Assign the necessary permissions:
Run the script and see that alfaexploit is not blacklisted by Google:
{'http://alfaexploit.com': {'malicious': False}}
If it were blacklisted, it would say True and when trying to access it through the browser, we would see the following warning page: