GCP - Unauthenticated Enum & Access

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Ugunduzi wa Rasilimali za Umma

Njia moja ya kugundua rasilimali za umma za wingu zinazomilikiwa na kampuni ni kuangalia tovuti zao kwa ajili yao. Zana kama CloudScraper zitachambua wavuti na kutafuta viungo vya rasilimali za umma za wingu (katika kesi hii zana hii inatafuta ['amazonaws.com', 'digitaloceanspaces.com', 'windows.net', 'storage.googleapis.com', 'aliyuncs.com'])

Kumbuka kwamba rasilimali nyingine za wingu zinaweza kutafutwa na kwamba wakati mwingine rasilimali hizi zimefichwa nyuma ya subdomains zinazozielekeza kupitia CNAME registry.

Rasilimali za Umma Brute-Force

Buckets, Firebase, Apps & Cloud Functions

https://github.com/initstring/cloud_enum: Zana hii katika GCP inafanya brute-force kwa Buckets, Firebase Realtime Databases, tovuti za Google App Engine, na Cloud Functions
https://github.com/0xsha/CloudBrute: Zana hii katika GCP inafanya brute-force kwa Buckets na Apps.

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousGCP - Understanding Domain-Wide Delegation NextGCP - API Keys Unauthenticated Enum

Last updated 8 days ago