HackTricks Cloud
HackTricks Cloud
Ask or search…
Comment on page

GCP - Unauthenticated Enum

Support HackTricks and get benefits!

Public Assets Discovery

One way to discover public cloud resources that belongs to a company is to scrape their webs looking for them. Tools like CloudScraper will scrape the web an search for links to public cloud resources (in this case this tools searches ['amazonaws.com', 'digitaloceanspaces.com', 'windows.net', 'storage.googleapis.com', 'aliyuncs.com'])
Note that other cloud resources could be searched for and that some times these resources are hidden behind subdomains that are pointing them via CNAME registry.

Public Resources Brute-Force

Buckets, Firebase, Apps & Cloud Functions


As other clouds, GCP also offers Buckets to its users. These buckets might be (to list the content, read, write...).
The following tools can be used to generate variations of the name given and search for miss-configured buckets with that names:
If you find that you can access a bucket you might be able to escalate even further, check:
Support HackTricks and get benefits!