Check this page for some tools to perform this brute force:
Enumerate Open Cloud Functions
With the following code taken from here you can find Cloud Functions that permit unauthenticated invocations.
#!/bin/bash############################# Run this tool to find Cloud Functions that permit unauthenticated invocations# anywhere in your GCP organization.# Enjoy!############################for proj in $(gcloudprojectslist--format="get(projectId)"); doecho"[*] scraping project $proj" enabled=$(gcloudserviceslist--project"$proj"|grep"Cloud Functions API")if [ -z"$enabled" ]; thencontinuefi for func_region in $(gcloud functions list --quiet --project "$proj" --format="value[separator=','](NAME,REGION)"); do
# drop substring from first occurence of "," to end of string. func="${func_region%%,*}"# drop substring from start of string up to last occurence of "," region="${func_region##*,}" ACL="$(gcloudfunctionsget-iam-policy "$func" --project "$proj" --region "$region")" all_users="$(echo "$ACL" |grepallUsers)" all_auth="$(echo "$ACL" |grepallAuthenticatedUsers)"if [ -z"$all_users" ]then:elseecho"[!] Open to all users: $proj: $func"fiif [ -z"$all_auth" ]then:elseecho"[!] Open to all authenticated users: $proj: $func"fidonedone
