Support HackTricks and get benefits!
- If you want to see your company advertised in HackTricks or if you want access to the latest version of the PEASS or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
One way to discover public cloud resources that belongs to a company is to scrape their webs looking for them. Tools like CloudScraper will scrape the web an search for links to public cloud resources (in this case this tools searches ['amazonaws.com', 'digitaloceanspaces.com', 'windows.net', 'storage.googleapis.com', 'aliyuncs.com'])
Note that other cloud resources could be searched for and that some times these resources are hidden behind subdomains that are pointing them via CNAME registry.
- https://github.com/initstring/cloud_enum: This tool in GCP brute-force Buckets, Firebase Realtime Databases, Google App Engine sites, and Cloud Functions
- https://github.com/0xsha/CloudBrute: This tool in GCP brute-force Buckets and Apps.
As other clouds, GCP also offers Buckets to its users. These buckets might be (to list the content, read, write...).
The following tools can be used to generate variations of the name given and search for miss-configured buckets with that names:
If you find that you can access a bucket you might be able to escalate even further, check:
{% content-ref url="gcp-public-buckets-privilege-escalation.md" %} gcp-public-buckets-privilege-escalation.md {% endcontent-ref %}
Support HackTricks and get benefits!
- If you want to see your company advertised in HackTricks or if you want access to the latest version of the PEASS or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.