└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome GCP Pentesting 
  2 | Hi my name is Shannon and I am a consultant focusing on GCP. Finding GCP offensive security resources was hard so I put them all together so no one else has to search for hours. 
  3 | 
  4 | The purpose of this page is to provide useful tools and resources to anyone who wants to learn offensive GCP security.
  5 | PM me on twitter @_shannon_mchale if you think something else should be included!
  6 | 
  7 | ## Terminology
  8 | + https://github.com/priyankavergadia/google-cloud-4-words
  9 | 
 10 | ## The best resource I have found
 11 | + https://cloud.hacktricks.xyz/pentesting-cloud/gcp-pentesting
 12 | 
 13 | ## Tools
 14 | 
 15 | ### Gain Access 
 16 | + https://github.com/RhinoSecurityLabs/GCPBucketBrute
 17 | 
 18 | + https://github.com/initstring/cloud_enum
 19 | 
 20 | + https://github.com/oldrho/ip2provider
 21 | 
 22 | + https://grayhatwarfare.com/
 23 | 
 24 | ### Enumeration
 25 | + https://github.com/nccgroup/ScoutSuite
 26 | 
 27 | + https://github.com/darkbitio/gcp-iam-role-permissions
 28 | 
 29 | + https://github.com/bartcode/gcp-iam-viz
 30 | 
 31 | + https://github.com/lyft/cartography
 32 | 
 33 | + https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcp_misc
 34 | 
 35 | + https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcp_firewall_enum
 36 | 
 37 | + https://github.com/NotSoSecure/cloud-service-enum
 38 | 
 39 | ### Priv Esc
 40 | 
 41 | + https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
 42 | 
 43 | + https://github.com/dxa4481/gcploit
 44 | 
 45 | + https://github.com/google/gcp_scanner
 46 | 
 47 | + https://github.com/carlospolop/PurplePanda
 48 | 
 49 | ### Impact
 50 | + https://github.com/rek7/patchy
 51 | 
 52 | ## Practice Ranges & Trainings
 53 | + https://pwnedlabs.io
 54 | 
 55 | + https://cyberwarfare.live
 56 | 
 57 | + https://github.com/ine-labs/GCPGoat
 58 | 
 59 | + https://thunder-ctf.cloud/
 60 | 
 61 | ## Blogs
 62 | 
 63 | + https://book.hacktricks.xyz/cloud-security/gcp-security
 64 | 
 65 | + https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
 66 | 
 67 | + https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea
 68 | 
 69 | + https://mbrancato.github.io/2021/12/28/rce-dataflow.html
 70 | 
 71 | + https://desi-jarvis.medium.com/gcphound-a-swiss-army-knife-offensive-toolkit-for-google-cloud-platform-gcp-fb9e18b959b4
 72 | 
 73 | + https://89berner.medium.com/persistant-gcp-backdoors-with-googles-cloud-shell-2f75c83096ec
 74 | 
 75 | + https://cloudsecdocs.com/gcp/offensive/attacks/writeups/
 76 | 
 77 | + https://github.com/dxa4481/AttackingAndDefendingTheGCPMetadataAPI
 78 | 
 79 | + https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-1
 80 | 
 81 | + https://medium.com/@tomaszwybraniec/google-cloud-platform-pentest-notes-service-accounts-b960dc59d93a
 82 | 
 83 | + https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/
 84 | 
 85 | + https://jryancanty.medium.com/stop-downloading-google-cloud-service-account-keys-1811d44a97d9
 86 | 
 87 | + https://kloudle.com/academy/escalating-privileges-in-google-cloud-from-app-to-cloud-access/
 88 | 
 89 | + https://www.praetorian.com/blog/google-cloud-platform-gcp-service-account-based-privilege-escalation-paths/
 90 | 
 91 | + https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794
 92 | 
 93 | + https://infosecwriteups.com/gcp-inspector-auditing-publicly-exposed-gcp-bucket-ac6cad55618c
 94 | 
 95 | + https://expel.com/blog/incident-report-spotting-an-attacker-in-gcp/
 96 | 
 97 | + https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
 98 | 
 99 | ## Conference Talks
100 | + [Google Cloud Post-Exploitation Tactics & Techniques (BSides 2020 "Plundering GCP" Talk)](https://www.youtube.com/watch?v=OJ_wUcVrGx0)
101 | + [IAM Concerned: OAuth Token Hijacking in Google Cloud (GCP)](https://www.youtube.com/watch?v=motZouxkVZ0)
102 | + [Compromise any GCP Org Via Cloud API Lateral Movement and Privilege Escalation](https://www.youtube.com/watch?v=Ml09R38jpok&t=15s)
103 | + [The GCP Metadata API](https://www.youtube.com/watch?v=z5hPU3g2aZ8)
104 | + [Can I hack GCP?](https://www.youtube.com/watch?v=GvO2Xtx8p9w)
105 | + [Instant Threat Modeling - GCP](https://www.youtube.com/watch?v=jP-JYU_jSHw)
106 | + [May The Cloud Be With You](https://speakerdeck.com/tweekfawkes/may-the-cloud-be-with-you-red-teaming-gcp-google-cloud-platform)
107 | 
108 | ## Research Projects
109 | + https://github.com/pumasecurity/serverless-prey/tree/main/cheetah - Cloud Function reverse shell
110 | 
111 | ## Defense Things
112 | + https://github.com/rigup/ephemeral-iam A CLI tool for temporarily escalating GCP IAM privileges to perform high privilege tasks.
113 | + https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/
114 | + https://expel.com/wp-content/uploads/2022/08/Expel-GCP-mind-map-kit-080422.pdf
115 | + https://github.com/log2timeline/dftimewolf/blob/main/docs/user-manual.md
116 | 


--------------------------------------------------------------------------------