Parsing Google Docs HTML

This analysis demonstrates a method to extract document metadata, text, embedded links, and images from Google Docs HTML script tags, and applies it to a corpus of 25,000+ public docs to uncover a phishing campaign targeting financial brands (e.g., American Express) with observable malicious links; the author provides a parsing tool and searchable corpus to hunt related documents.