gcp-inspector
Tool to check publicly accessible GCP bucket.
What it does
- Checks whether the GCP bucket from the list is publicly accessible or not.
- Provides colored description in the cli.
After creating a new project and enabling billing for it, open Cloud Shell and ensure that it points to the project you just created.
Prerequisites
GCP account with project.
- Create a GCP account with project enabled
- Install gsutil tool from the documentation or use pip.
- Run "gsutil config" to configure shell. Else use “gcloud config set project [PROJECT_ID]” to set the project to any other project (external account for attacker's perspective) for checking publicly accessible bucket.
- Run "gsutil ls" to check the command is successful. This will list all the google buckets for project.
- Install python3 and pip for installting dependencies.
- GCP Bucket listing with or without gs:// from the file via path as an argument.
Installation
Python3 virtual environment is required.
python3 -m pip install gsutil
gsutil config OR “gcloud config set project [PROJECT_ID]”
git clone https://github.com/justmorpheus/GCP-Inspector
cd GCP-Inspector
mkdir gcp_inspect
virtualenv -v gcp_inspect
source gcp_inspect/bin/activate
python3 -m pip install -r requirements.txt
python3 gcp_inspector.py -r sample_file.txt
Usage
python3 gcp_inspector.py -r [Name of the file with GCP bucket list]
Reference
- https://docs.google.com/presentation/d/1R7mSTbra24z5uj9N6botjkaXuneSvVV6AK5siKnFrcw/htmlpresent
- https://github.com/clario-tech/s3-inspector
- https://github.com/NicholasSpringer/thunder-ctf
