├── LICENSE
├── go.mod
├── main.go
├── readme.md
├── short-wordlist
└── wordlist


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 joshua_jebaraj
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/JOSHUAJEBARAJ/gcp-enum
2 | 
3 | go 1.16
4 | 


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"bufio"
  5 | 	"flag"
  6 | 	"fmt"
  7 | 	"net/http"
  8 | 	"os"
  9 | 	"sync"
 10 | )
 11 | 
 12 | const (
 13 | 	GCP_URL = "https://www.googleapis.com/storage/v1/b/"
 14 | 	green   = "\033[32m" // Green color
 15 | 	red     = "\033[31m" // Red color
 16 | 	reset   = "\033[0m"  // Reset color
 17 | )
 18 | 
 19 | func getwords(filename string) []string {
 20 | 
 21 | 	file, err := os.Open(filename)
 22 | 	_ = file
 23 | 	if err != nil {
 24 | 		exit(fmt.Sprintf("Error Opening %s", filename))
 25 | 	}
 26 | 
 27 | 	var wordlist []string
 28 | 	scanner := bufio.NewScanner(file)
 29 | 	for scanner.Scan() {
 30 | 		word := scanner.Text()
 31 | 		wordlist = append(wordlist, word)
 32 | 	}
 33 | 
 34 | 	file.Close()
 35 | 	return wordlist
 36 | 
 37 | }
 38 | func main() {
 39 | 
 40 | 	jobs := make(chan string, 100)
 41 | 
 42 | 	key := flag.String("k", "", "keyword that you want to enumerate")
 43 | 	filename := flag.String("file", "", "File name containing the word list")
 44 | 	concurrency := flag.Int("c", 5, "Default concurrency value is 5 you can change the value using the c flag")
 45 | 	flag.Parse()
 46 | 
 47 | 	if *key == "" && *filename == "" {
 48 | 		flag.PrintDefaults()
 49 | 		exit("")
 50 | 
 51 | 	}
 52 | 
 53 | 	// function to get the words from the file
 54 | 	//fmt.Println(time.Since(start))
 55 | 
 56 | 	wordlist := getwords(*filename)
 57 | 	//fmt.Println(time.Since(start))
 58 | 
 59 | 	// function to generate the worldlist using the file key and words from the file
 60 | 	endpoints := mutate(*key, wordlist)
 61 | 	// fmt.Println(time.Since(start))
 62 | 
 63 | 	//fmt.Println(len(endpoints))
 64 | 	//  go routine
 65 | 
 66 | 	var wg sync.WaitGroup
 67 | 
 68 | 	for i := 0; i < *concurrency; i++ {
 69 | 		wg.Add(1)
 70 | 		go enumerate(jobs, &wg)
 71 | 	}
 72 | 
 73 | 	for _, value := range endpoints {
 74 | 		jobs <- value
 75 | 
 76 | 	}
 77 | 	close(jobs)
 78 | 	wg.Wait()
 79 | 
 80 | }
 81 | 
 82 | func enumerate(jobs chan string, wg *sync.WaitGroup) {
 83 | 	defer wg.Done()
 84 | 	for job := range jobs {
 85 | 		// reading the permutaed world
 86 | 		url := fmt.Sprintf("https://www.googleapis.com/storage/v1/b/%s", job)
 87 | 		res, err := http.Head(url)
 88 | 		if err != nil {
 89 | 			panic(err)
 90 | 		}
 91 | 
 92 | 		if res.StatusCode != (400) && res.StatusCode != (404) {
 93 | 			fmt.Println(green + "Valid:" + job + reset)
 94 | 
 95 | 		} else {
 96 | 			fmt.Println(red + "Invalid:" + job + reset)
 97 | 		}
 98 | 
 99 | 	}
100 | 
101 | }
102 | 
103 | func mutate(key string, words []string) []string {
104 | 	var ret []string
105 | 	for _, word := range words {
106 | 		ret = append(ret, key+"-"+word, word+"-"+key, key+"_"+word, word+"_"+key, key+word, word+key)
107 | 	}
108 | 
109 | 	return ret
110 | }
111 | 
112 | func exit(msg string) {
113 | 	fmt.Println(msg)
114 | 	os.Exit(1)
115 | }
116 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | ## GCP ENUM
 2 | 
 3 | This project was inspired by the [GCPBucketBrute](https://github.com/RhinoSecurityLabs/GCPBucketBrute).
 4 | 
 5 | GCP enum is the tool that helps to find the existence of the GCP buckets. This might be helpful during the pentesting or recon.
 6 | 
 7 | > This tools only checks for the existence of the bucket ,it doesn't check like permission on the existing bucket If you want to check the permission I highly recommend using GCPBucketBrute
 8 | 
 9 | ### Installation
10 | 
11 | - Install the Golang then :
12 | 
13 | ```
14 | go get github.com/JOSHUAJEBARAJ/gcp-enum
15 | ```
16 | 
17 | ### Usage
18 | 
19 | ```
20 | $ gcp-enum
21 |   -c int
22 |         Default concurrency value is 5 you can change the value using the c flag (default 5)
23 |   -file string
24 |         File name containing the word list
25 |   -k string
26 |         keyword that you want to enumerate
27 | 
28 | ```
29 | 
30 | For example to scan for the word netflix
31 | 
32 | ```
33 | $ gcp-enum -k netflix -file wordlist
34 | ```
35 | 
36 | 
37 | By default, this tool will create the 3 concurrent processes To increase the concurrency use the **-c flag**
38 | 
39 | ```
40 | $ gcp-enum -k netflix -file wordlist -c 10
41 | ```
42 | 
43 | The above command will create 10 concurrent process
44 | ### Why GCP enum
45 | 
46 | - Its somewhat faster than **GCPBucketBrute** 
47 | - Because I want to learn GO


--------------------------------------------------------------------------------
/short-wordlist:
--------------------------------------------------------------------------------
 1 | admin
 2 | administrator
 3 | ae
 4 | alpha
 5 | analytics
 6 | android
 7 | app
 8 | appengine
 9 | artifacts
10 | assets
11 | audit
12 | audit-logs
13 | backup
14 | backups


--------------------------------------------------------------------------------
/wordlist:
--------------------------------------------------------------------------------
  1 | 001
  2 | 002
  3 | 003
  4 | 01
  5 | 02
  6 | 03
  7 | 0
  8 | 1
  9 | 2
 10 | 2014
 11 | 2015
 12 | 2016
 13 | 2017
 14 | 2018
 15 | 2019
 16 | 3
 17 | 4
 18 | 5
 19 | 6
 20 | 7
 21 | 8
 22 | 9
 23 | admin
 24 | administrator
 25 | ae
 26 | alpha
 27 | analytics
 28 | android
 29 | app
 30 | appengine
 31 | artifacts
 32 | assets
 33 | audit
 34 | audit-logs
 35 | backup
 36 | backups
 37 | bak
 38 | bamboo
 39 | beta
 40 | betas
 41 | bigquery
 42 | bigtable
 43 | billing
 44 | blog
 45 | bucket
 46 | build
 47 | builds
 48 | cache
 49 | cdn
 50 | ce
 51 | cf
 52 | cloud
 53 | cloudfunction
 54 | club
 55 | cluster
 56 | common
 57 | composer
 58 | compute
 59 | computeengine
 60 | consultants
 61 | contact
 62 | corp
 63 | corporate
 64 | data
 65 | dataflow
 66 | dataproc
 67 | datastore
 68 | debug
 69 | dev
 70 | developer
 71 | developers
 72 | development
 73 | devops
 74 | directory
 75 | discount
 76 | dl
 77 | dns
 78 | docker
 79 | download
 80 | downloads
 81 | elastic
 82 | emails
 83 | endpoints
 84 | es
 85 | events
 86 | export
 87 | files
 88 | fileshare
 89 | filestore
 90 | firestore
 91 | functions
 92 | gcp
 93 | gcp-logs
 94 | gcplogs
 95 | git
 96 | github
 97 | gitlab
 98 | gke
 99 | graphite
100 | graphql
101 | gs
102 | help
103 | hub
104 | iam
105 | images
106 | img
107 | infra
108 | internal
109 | internal-tools
110 | ios
111 | iot
112 | jira
113 | js
114 | kube
115 | kubeengine
116 | kubernetes
117 | kubernetesengine
118 | landing
119 | ldap
120 | loadbalancer
121 | logs
122 | logstash
123 | mail
124 | main
125 | manuals
126 | mattermost
127 | media
128 | memorystore
129 | mercurial
130 | ml
131 | mobile
132 | monitoring
133 | mysql
134 | ops
135 | oracle
136 | packages
137 | photos
138 | pics
139 | pictures
140 | postgres
141 | presentations
142 | preview
143 | private
144 | pro
145 | prod
146 | production
147 | products
148 | project
149 | projects
150 | psql
151 | public
152 | pubsub
153 | repo
154 | reports
155 | resources
156 | screenshots
157 | scripts
158 | sec
159 | security
160 | services
161 | share
162 | shop
163 | sitemaps
164 | slack
165 | snapshots
166 | source
167 | spanner
168 | splunk
169 | sql
170 | src
171 | stackdriver
172 | stage
173 | staging
174 | static
175 | stats
176 | storage
177 | store
178 | subversion
179 | support
180 | svn
181 | syslog
182 | tasks
183 | teamcity
184 | temp
185 | templates
186 | terraform
187 | test
188 | tmp
189 | trace
190 | traffic
191 | training
192 | travis
193 | troposphere
194 | uploads
195 | userpictures
196 | users
197 | ux
198 | videos
199 | web
200 | website
201 | wp
202 | www


--------------------------------------------------------------------------------