├── Apps Script
├── getIPGeo.gs
├── suspicious_logins.gs
└── version_monit_public.gs
├── asset_inventory
├── 01_GCP_VM.gs
├── 02_GCP_GKE.gs
└── main.gs
├── compute_engine_vulnerabilities_management
├── 01_enumerate_vms.sh
├── 02_enumerate_vulns.sh
└── 03_list_vms_with_fixes_available.sh
├── gcp_org_policy
├── all_projects_policies.sh
└── org_all_folders_policies.sh
├── list_all_ip_all_projects_also_not_active.sh
├── list_fw_rules_all_projects.sh
├── list_private_ip_all_projects.sh
├── list_public_ip_all_projects.sh
├── list_roles.sh
├── list_roles_for_user.sh
├── list_users_all_roles_per_project.sh
├── list_users_for_role.sh
├── service_accounts_with_keys.sh
├── service_accounts_with_roles.sh
├── shared_outside_organization.gs
└── teamdrive_enum.gs
/Apps Script/getIPGeo.gs:
--------------------------------------------------------------------------------
1 | function getIpGeolocationData(ip = "", returnType = "") {
2 | try {
3 | ipData = isBlank(ip)
4 | ? getResponseJsonData("https://api.ipbase.com/v2/info")
5 | : getResponseJsonData("https://api.ipbase.com/v2/info?ip=" + ip);
6 | } catch (error) {
7 | return "Request error";
8 | }
9 |
10 | if (isBlank(ipData)) return "Response error";
11 |
12 | let locationData;
13 |
14 | switch (returnType.toUpperCase()) {
15 | case "CITY":
16 | locationData = ipData["city"];
17 | break;
18 |
19 | case "COUNTRY":
20 | locationData = ipData["country_name"];
21 | break;
22 |
23 | default:
24 | var datas = ipData["data"];
25 | var locations = datas["location"];
26 | var cities = locations["city"];
27 |
28 | var conutries = locations["country"];
29 | var continents = locations["continent"];
30 |
31 | locationData =
32 | cities.name +
33 | ", " +
34 | conutries.alpha2 +
35 | ", " +
36 | conutries.name +
37 | ", " +
38 | continents.name;
39 |
40 | break;
41 | }
42 |
43 | return locationData;
44 | }
45 | function getResponseJsonData(url) {
46 | if (isBlank(url)) return;
47 |
48 | let response = UrlFetchApp.fetch(url, {
49 | headers: {
50 | apikey: APIKEY,
51 | },
52 | });
53 |
54 | let json = response.getContentText();
55 |
56 | return JSON.parse(json);
57 | }
58 | function isBlank(str) {
59 | return !str || /^\s*$/.test(str);
60 | }
61 |
62 |
--------------------------------------------------------------------------------
/Apps Script/suspicious_logins.gs:
--------------------------------------------------------------------------------
1 | function Logins(starts, ends) {
2 | var pageToken, responseX;
3 | var userKey = "all";
4 | var applicationName = "login";
5 | var table = [];
6 |
7 | do {
8 | var optionalArgs = {
9 | maxResults: 20,
10 | startTime: starts,
11 | endTime: ends,
12 | pageToken: pageToken,
13 | };
14 | responseX = AdminReports.Activities.list(
15 | userKey,
16 | applicationName,
17 | optionalArgs
18 | );
19 | var activities = responseX.items;
20 | if (activities && activities.length > 0) {
21 | for (i = 0; i < activities.length; i++) {
22 | var activity = activities[i];
23 | if (
24 | activity.events[0].name == "login_failure" ||
25 | activity.events[0].name == "login_success"
26 | )
27 | table.push([
28 | activity.actor.email,
29 | activity.events[0].name,
30 | activity.id.time,
31 | activity.ipAddress,
32 | ]);
33 | }
34 | } else {
35 | Logger.log("No logins found.");
36 | }
37 |
38 | pageToken = responseX.nextPageToken;
39 | } while (pageToken);
40 |
41 | return table;
42 | }
43 |
--------------------------------------------------------------------------------
/Apps Script/version_monit_public.gs:
--------------------------------------------------------------------------------
1 | function main_version_monitor() {
2 | //main function to check OS version
3 |
4 | var dates = read_dates(); //read dates of last script execution and write current date of execution
5 | var entries_to_monitor2 = read_events(dates[1][0], dates[0][0]); //call function of reading events from gsuite
6 |
7 | var ntablica2 = [];
8 |
9 | for (uio2 = 0; uio2 < entries_to_monitor2.length; uio2++) {
10 | Logger.log(entries_to_monitor2[uio2]);
11 | if (entries_to_monitor2[uio2][6] != "unknown")
12 | ntablica2.push([
13 | entries_to_monitor2[uio2][0],
14 | entries_to_monitor2[uio2][4],
15 | entries_to_monitor2[uio2][6],
16 | entries_to_monitor2[uio2][3],
17 | ]);
18 | }
19 |
20 | var size_table = ntablica2.length;
21 | if (size_table > 0) {
22 | for (var uuz = 0; uuz < size_table; uuz++) {
23 | var result_of_check = compare_version_v2(ntablica2[uuz][2]);
24 |
25 | if (result_of_check == false) {
26 | var iOS_text =
27 | "iOS: https://support.apple.com/en-us/HT204204#:~:text=Go%20to%20Settings%20%3E%20General%20%3E%20Software,version%20of%20iOS%20or%20iPadOS.";
28 | var macOS_text = "";
29 | var android_text =
30 | "Android information about update procedure: https://support.google.com/android/answer/7680439?hl=en";
31 | var windows = "";
32 | var linux = "";
33 |
34 | var text_do = "Hello " + ntablica2[uuz][0] + "
";
35 | var content =
36 | '
Please update your operating system: ' +
37 | ntablica2[uuz][2] +
38 | " to the latest version.
";
39 | var endend = "";
40 |
41 | var android2 =
42 | "
Your Android device has not been updated for at least 150 days....
";
43 |
44 | var full_text = text_do + content;
45 | var full_text2 = text_do + content;
46 |
47 | if (ntablica2[uuz][1] == "WINDOWS" || ntablica2[uuz][1] == "LINUX") {
48 | Logger.log("");
49 | //other script is called.
50 | } else {
51 | if (ntablica2[uuz][1] == "MAC") {
52 | MailApp.sendEmail(
53 | ntablica2[uuz][0],
54 | "[Action required] Update MacOS device",
55 | "",
56 | {
57 | htmlBody: full_text + macOS_text + endend,
58 | noReply: true,
59 | }
60 | );
61 | }
62 |
63 | if (ntablica2[uuz][1] == "iOS") {
64 | MailApp.sendEmail(
65 | ntablica2[uuz][0],
66 | "[Action required] Update iOS device",
67 | "",
68 | {
69 | htmlBody: full_text + iOS_text + endend,
70 | noReply: true,
71 | }
72 | );
73 | }
74 |
75 | if (ntablica2[uuz][1] == "ANDROID") {
76 | if (check_android_patch_date(ntablica2[uuz][3]) == true)
77 | MailApp.sendEmail(
78 | ntablica2[uuz][0],
79 | "[Action required] Update Android device.",
80 | "",
81 | {
82 | htmlBody: full_text + android2 + android_text + endend,
83 | noReply: true,
84 | }
85 | );
86 | }
87 | }
88 | }
89 | } //end of for
90 | } //end of IF
91 | }
92 |
93 | function check_android_patch_date(serial_value) {
94 | var mobiles_db = open_spreadsheet_file("", "");
95 | var result_check = 0;
96 | for (var countx2 = 0; countx2 < mobiles_db.length; countx2++) {
97 | if (mobiles_db[countx2][7] == serial_value) {
98 | //serial or device id
99 | result_check = old_update(mobiles_db[countx2][5]);
100 | if (result_check == true) {
101 | return true;
102 | }
103 | if (result_check == false) {
104 | return false;
105 | }
106 | }
107 | }
108 | }
109 |
110 | function old_update(epoch1) {
111 | const MILLIS_PER_DAY = 1000 * 60 * 60 * 24;
112 |
113 | var datenew = new Date();
114 |
115 | if (datenew.getTime() / MILLIS_PER_DAY - epoch1 / MILLIS_PER_DAY > 150) {
116 | //update older than 150 days
117 | return true;
118 | } else {
119 | return false;
120 | }
121 | }
122 |
123 | function compare_version_v2(version_to_check) {
124 | var handler_to_file = open_spreadsheet_file("", "supported versions");
125 |
126 | for (var zmx = 1; zmx < handler_to_file[10].length; zmx++) {
127 | if (handler_to_file[10][zmx] == version_to_check) return true;
128 | }
129 |
130 | return false;
131 | }
132 |
133 | function update_mobile_devices_ios_android() {
134 | //dump all mobile devices
135 |
136 | customerId = "";
137 | var pageToken;
138 | var Device_compliance_file = "";
139 |
140 | var handler2 = SpreadsheetApp.openById("");
141 | var tab_devices = handler2.getSheetByName("");
142 |
143 | var dane_device = [];
144 |
145 | do {
146 | var page = AdminDirectory.Mobiledevices.list(customerId, {
147 | orderBy: "EMAIL",
148 | maxResults: 20,
149 | pageToken: pageToken,
150 | });
151 |
152 | var device_temp = page.mobiledevices;
153 | var size_devices = device_temp.length;
154 | for (
155 | var number_devices = 0;
156 | number_devices < size_devices;
157 | number_devices++
158 | ) {
159 | dane_device.push([
160 | device_temp[number_devices].email,
161 | device_temp[number_devices].status,
162 | device_temp[number_devices].model,
163 | device_temp[number_devices].os,
164 | device_temp[number_devices].type,
165 | device_temp[number_devices].securityPatchLevel,
166 | device_temp[number_devices].deviceId,
167 | device_temp[number_devices].serialNumber,
168 | device_temp[number_devices].resourceId,
169 | device_temp[number_devices].deviceCompromisedStatus,
170 | device_temp[number_devices].buildNumber,
171 | device_temp[number_devices].manufacturer,
172 | device_temp[number_devices].releaseVersion,
173 | device_temp[number_devices].hardware,
174 | device_temp[number_devices].encryptionStatus,
175 | device_temp[number_devices].devicePasswordStatus,
176 | device_temp[number_devices].managedAccountIsOnOwnerProfile,
177 | device_temp[number_devices].userAgent,
178 | ]);
179 | }
180 |
181 | pageToken = page.nextPageToken;
182 | } while (pageToken);
183 |
184 | tab_devices.getDataRange().clear();
185 | tab_devices
186 | .getRange(1, 1, dane_device.length, dane_device[0].length)
187 | .setValues(dane_device);
188 | }
189 |
190 | function read_events(sdate, edate) {
191 | var start_data = sdate;
192 | var end_data = edate;
193 |
194 | var userKeyA = "all";
195 | var applicationNameA = "mobile";
196 | var pageToken, response;
197 | var table_mobile = [];
198 |
199 | do {
200 | var optionalArgsA = {
201 | maxResults: 20,
202 | startTime: start_data,
203 | endTime: end_data,
204 | pageToken: pageToken,
205 | };
206 | try {
207 | response = AdminReports.Activities.list(
208 | userKeyA,
209 | applicationNameA,
210 | optionalArgsA
211 | );
212 | } catch (error) {
213 | Logger.log(error);
214 | }
215 |
216 | var abcdef = response.items;
217 |
218 | if (abcdef && abcdef.length > 0) {
219 | for (var zm2 = 0; zm2 < abcdef.length; zm2++) {
220 | var event_temp = abcdef[zm2];
221 | var device_type_vod, device_model_vod, os_version_vod, serial_id_vod;
222 | os_version_vod = "unknown";
223 | for (var zm3 = 0; zm3 < event_temp.events.length; zm3++) {
224 | var params_event = event_temp.events[zm3].parameters;
225 |
226 | for (var zm4 = 0; zm4 < params_event.length; zm4++) {
227 | if (params_event[zm4].name == "DEVICE_TYPE")
228 | device_type_vod = params_event[zm4].value;
229 | if (params_event[zm4].name == "DEVICE_MODEL")
230 | device_model_vod = params_event[zm4].value;
231 | if (params_event[zm4].name == "OS_VERSION")
232 | os_version_vod = params_event[zm4].value;
233 | if (params_event[zm4].name == "SERIAL_NUMBER")
234 | //we can also use device_id.
235 | serial_id_vod = params_event[zm4].value;
236 | }
237 | }
238 | table_mobile.push([
239 | event_temp.actor.email,
240 | event_temp.actor.callerType,
241 | event_temp.id.time,
242 | serial_id_vod,
243 | device_type_vod,
244 | device_model_vod,
245 | os_version_vod,
246 | ]);
247 | }
248 | }
249 | pageToken = response.nextPageToken;
250 | } while (pageToken);
251 | return table_mobile;
252 | }
253 |
254 | function read_dates() {
255 | var handX2 = open_spreadsheet_file("", "");
256 |
257 | var now2 = new Date();
258 | now2.getTime();
259 | var new_endTime112 = now2.toISOString();
260 |
261 | var start_2 = handX2[0][0];
262 | var ret_tab = [];
263 |
264 | ret_tab.push([new_endTime112, "Last Exec Time"]);
265 | ret_tab.push([start_2, "start"]);
266 |
267 | handX2.getRange(1, 1).setValue(new_endTime112); //
268 |
269 | return ret_tab;
270 | }
271 |
272 |
--------------------------------------------------------------------------------
/asset_inventory/01_GCP_VM.gs:
--------------------------------------------------------------------------------
1 | function vms_inventory_main(){
2 |
3 | var pageToken = 0;
4 | var table_with_vms = [];
5 | var date_of_scan_vms = Utilities.formatDate(new Date(), "GMT+2", "dd/MM/yyyy");
6 |
7 | do {
8 | const payload = {
9 | method: "GET",
10 | contentType: 'application/json',
11 | muteHttpExceptions: true,
12 | requestedPolicyVersion: 3,
13 | headers: {
14 | Authorization: 'Bearer ' + getAccessToken()
15 | }};
16 |
17 | var url_request = "https://cloudasset.googleapis.com/v1/organizations/"+GCP_Org_ID+"/:searchAllResources?assetTypes=compute.googleapis.com/Instance&readMask=additionalAttributes,displayName,createTime,state,parentFullResourceName,labels";
18 |
19 | if (pageToken != 0){
20 | url_request = url_request + "&pageToken=" + pageToken;
21 | }
22 |
23 | var pageX2 = JSON.parse(UrlFetchApp.fetch(url_request,payload).getContentText());
24 | let result4 = pageX2.results;
25 |
26 | if (result4 && result4.length > 0) {
27 | for(zm4 = 0; zm4 < result4.length; zm4++){
28 | //part related to prepare name of project
29 | var minBoundary2 = "projects/";
30 | var min2 = result4[zm4].parentFullResourceName.indexOf(minBoundary2) + minBoundary2.length;
31 | var max2 = result4[zm4].parentFullResourceName.length;
32 | var name_of_project = result4[zm4].parentFullResourceName.substring(min2,max2);
33 | //name of VM
34 | let name_of_vm = result4[zm4].displayName;
35 | //part related to labels
36 | var env_data = ""
37 | if(result4[zm4].labels)
38 | {
39 | if(result4[zm4].labels.environment)
40 | env_data = result4[zm4].labels.environment; //label env
41 | if(result4[zm4].labels.env)
42 | env_data = result4[zm4].labels.env; //label env
43 | }
44 | //part related to vulerabilities
45 |
46 | if(result4[zm4].state != "TERMINATED"){
47 | table_with_vms.push([name_of_vm, result4[zm4].additionalAttributes.osLongName, result4[zm4].additionalAttributes.osShortName , name_of_project ,result4[zm4].createTime, result4[zm4].additionalAttributes.externalIPs,result4[zm4].additionalAttributes.internalIPs, date_of_scan_vms, env_data]);
48 | }
49 | }
50 |
51 | }
52 | pageToken = pageX2.nextPageToken;
53 | } while(pageToken)
54 |
55 | var handler02 = SpreadsheetApp.openById(Cache_DB);
56 | var tab_for_all_vms = handler02.getSheetByName("COMPUTE_ENGINES");
57 | tab_for_all_vms.clear();
58 |
59 | if(table_with_vms.length > 0){
60 | tab_for_all_vms.getRange(1, 1, table_with_vms.length, table_with_vms[0].length).setValues(table_with_vms);
61 | }
62 |
63 | }
64 |
65 |
66 | function run_scheduled_scan_vm_asset_inventory(){
67 |
68 | var loaded_vm_table = open_spreadsheet_tab(Cache_DB, "COMPUTE_ENGINES");
69 |
70 | for(var counter_02 = 0; counter_02 < loaded_vm_table.length; counter_02++){
71 |
72 | var vm_name = loaded_vm_table[counter_02][0].toString();
73 | var date_of_scan = loaded_vm_table[counter_02][7];
74 | var label_product_name = loaded_vm_table[counter_02][8].toString();
75 | var project__name = loaded_vm_table[counter_02][3].toString();
76 | var os_type = loaded_vm_table[counter_02][1];
77 | var external_ip = loaded_vm_table[counter_02][5];
78 | var internal_ip = loaded_vm_table[counter_02][6];
79 |
80 |
81 | //load file
82 | //check and save or only update
83 | //var inventory_db_file = open_spreadsheet_tab(Inventory_DB,"GKE_ASSETS")
84 |
85 | var inventory_db_file = SpreadsheetApp.openById(Inventory_DB);
86 | var inventory_db_file_tab = inventory_db_file.getSheetByName("COMPUTE_ENGINES");
87 | var inventory_db_file_tab_data = inventory_db_file_tab.getDataRange().getValues();
88 | //Logger.log("load Inventory_DB")
89 | //Logger.log(inventory_db_file_tab_data.length)
90 | var flag_update_only = 0;
91 |
92 |
93 | for (var counter_03 = 0; counter_03< inventory_db_file_tab_data.length; counter_03++){
94 |
95 | var vm_name_1 = inventory_db_file_tab_data[counter_03][0];
96 |
97 | if(vm_name == vm_name_1)
98 | {
99 | flag_update_only=1;
100 | break;
101 | }
102 |
103 |
104 | }
105 | if(flag_update_only==0){
106 | inventory_db_file_tab.appendRow([vm_name,,project__name,date_of_scan,,label_product_name,,,,,,,,,os_type,internal_ip,external_ip]);
107 | }
108 |
109 | if(flag_update_only==1){
110 | inventory_db_file_tab.getRange((counter_03+1),4).setValue(date_of_scan)
111 | inventory_db_file_tab.getRange((counter_03+1),3).setValue(project__name)
112 | inventory_db_file_tab.getRange((counter_03+1),6).setValue(label_product_name)
113 | inventory_db_file_tab.getRange((counter_03+1),15).setValue(os_type)
114 | inventory_db_file_tab.getRange((counter_03+1),16).setValue(internal_ip)
115 | inventory_db_file_tab.getRange((counter_03+1),17).setValue(external_ip)
116 |
117 | }
118 |
119 | }
120 |
121 |
122 | }
123 |
--------------------------------------------------------------------------------
/asset_inventory/02_GCP_GKE.gs:
--------------------------------------------------------------------------------
1 |
2 | function gke_inventory_main(){
3 |
4 | for (var counter = 0; counter < config_scope.length; counter++)
5 | {
6 | //Asset inventory for GKE Cluster
7 | if(config_scope[counter] == "GKE_CLUSTERS") {
8 | Logger.log("GKE_CLUSTERS is RUNNING")
9 | var gke_cluster_list = open_spreadsheet_tab(Cache_DB, "GKE_Clusters")
10 |
11 | for (var zmienna = 0; zmienna> all_vms.txt
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/compute_engine_vulnerabilities_management/02_enumerate_vulns.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #MB2024
3 |
4 | current_date=$(date +"%Y-%m-%d")
5 | file_name="_list_of_vms_and_vulns.csv"
6 | file_name_errors="_list_of_vms_without_osconfig.csv"
7 |
8 | handle_error(){
9 | echo "error"
10 | echo "$vm_name,$vm_project" >> "${current_date}${file_name_errors}"
11 | }
12 |
13 | trap 'handle_error' ERR
14 |
15 | while IFS= read -r line; do
16 | # echo "$line"
17 | vm_name=$(echo "$line" | awk '{print $1}')
18 | vm_id=$(echo "$line" | awk '{print $2}')
19 | vm_location=$(echo "$line" | awk '{print $3}')
20 | vm_project_long=$(echo "$line" | awk '{print $4}')
21 |
22 | vm_project="${vm_project_long##*/}"
23 |
24 | echo "$vm_name $vm_project"
25 |
26 | DETAILS=$(gcloud compute os-config vulnerability-reports describe "$vm_name" --location="$vm_location" --project="$vm_project" --flatten="vulnerabilities[]" --format="csv[no-heading](vulnerabilities.details.cve,vulnerabilities.details.severity,vulnerabilities.details.cvssV3.baseScore,vulnerabilities.createTime,vulnerabilities.updateTime,vulnerabilities.details.cvssV3.attackVector,vulnerabilities.details.cvssV3.attackComplexity,vulnerabilities.details.cvssV3.privilegesRequired,vulnerabilities.details.references.url,vulnerabilities.installedInventoryItemIds,vulnerabilities.items[0].upstreamFix)")
27 | if [ ! -z "$DETAILS" ]; then
28 |
29 | while IFS= read -r line3; do
30 | FINAL3="$vm_name,$vm_project,$line3"
31 | echo "$FINAL3" >> "${current_date}${file_name}"
32 | done <<< "$DETAILS"
33 |
34 | fi
35 |
36 |
37 | done < all_vms.txt
38 | rm current_vms_with_vulns.csv
39 | cp "${current_date}${file_name}" current_vms_with_vulns.csv
40 |
--------------------------------------------------------------------------------
/compute_engine_vulnerabilities_management/03_list_vms_with_fixes_available.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #MB2024
3 |
4 | current_date=$(date +"%Y-%m-%d")
5 | file_name="_vulns_with_fixes"
6 |
7 | while IFS= read -r line; do
8 | # echo "$line"
9 | fix=$(echo "$line" | cut -d ',' -f 13)
10 | if [ ! -z "$fix" ]; then
11 | echo "$line" >> "${current_date}${file_name}"
12 | fi
13 |
14 |
15 | done < $1
16 | rm current_vulns_with_fixes.csv
17 | cp "${current_date}${file_name}" current_vulns_with_fixes.csv
18 |
--------------------------------------------------------------------------------
/gcp_org_policy/all_projects_policies.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb2023
3 |
4 | ORG_ID=$(gcloud organizations list --format 'value(ID)')
5 |
6 | for project in $(gcloud asset search-all-resources --scope organizations/$ORG_ID --asset-types='cloudresourcemanager.googleapis.com/Project' --format='value(name.basename())')
7 | do
8 | echo "Org policies for $project"
9 | for constraint in $(gcloud resource-manager org-policies list --project=$project --format='value(constraint.basename())')
10 | do
11 | gcloud alpha resource-manager org-policies describe $constraint --project=$project --effective
12 | done
13 | echo "------"
14 | done
15 |
--------------------------------------------------------------------------------
/gcp_org_policy/org_all_folders_policies.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb2023
3 |
4 | ORG_ID=$(gcloud organizations list --format 'value(ID)')
5 | echo "$ORG_ID"
6 |
7 | for constraint in $(gcloud resource-manager org-policies list --organization $ORG_ID --format='value(constraint.basename())')
8 | do
9 | gcloud resource-manager org-policies describe $constraint --organization $ORG_ID
10 | done
11 |
12 | list_subfolders() {
13 |
14 | local parent_folder=$1
15 | local folders
16 |
17 | # List folders directly under the parent folder
18 | folders=$(gcloud resource-manager folders list --folder="$parent_folder" --format="value(name)")
19 | for folder in $folders; do
20 | TARGET_FOLDERS+="$folder;"
21 | # Recursively list subfolders
22 | list_subfolders "$folder"
23 | done
24 | }
25 |
26 | folders_id+=$(gcloud resource-manager folders list --organization=$ORG_ID --format="value(name)")
27 |
28 | for folderx in $folders_id; do
29 | TARGET_FOLDERS+="$folderx;"
30 | list_subfolders "$folderx"
31 | done
32 |
33 | delimeter=";"
34 | values_final=()
35 | IFS="$delimeter"
36 | read -ra values_final <<< "$TARGET_FOLDERS"
37 |
38 | for folder in ${values_final[@]}; do
39 | FOLDER=$folder
40 | echo "Org policies for $FOLDER"
41 | for constraint in $(gcloud resource-manager org-policies list --folder=$FOLDER --format='value(constraint.basename())')
42 | do
43 | gcloud resource-manager org-policies describe $constraint --folder=$FOLDER
44 | done
45 | echo "--------"
46 | done
47 |
--------------------------------------------------------------------------------
/list_all_ip_all_projects_also_not_active.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb
3 | for project in $(gcloud projects list --format="value(projectId)")
4 | do
5 | echo "+++++++++++++++++++ProjectID: $project ++++++++++++++++++"
6 | echo " $(gcloud compute addresses list --project $project --format="value(address)")"
7 | echo " "
8 | done
9 | #print number of projects
10 |
11 |
12 |
--------------------------------------------------------------------------------
/list_fw_rules_all_projects.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb
3 | for project in $(gcloud projects list --format="value(projectId)")
4 | do
5 | echo "+++++++++++++++++++ProjectID: $project ++++++++++++++++++"
6 | echo " $(gcloud compute firewall-rules list --project $project --format="table(name, network, direction, sourceRanges.list(), allowed[].map().firewall_rule().list(), disabled)")"
7 | echo " "
8 | done
9 | #print number of projects
10 |
11 |
12 |
--------------------------------------------------------------------------------
/list_private_ip_all_projects.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb
3 | for project in $(gcloud projects list --format="value(projectId)")
4 | do
5 | echo "+++++++++++++++++++ProjectID: $project ++++++++++++++++++"
6 | echo " $(gcloud --format="value(networkInterfaces[0].networkIP)" compute instances list --project $project)"
7 | echo " "
8 | done
9 | #print number of projects
10 |
11 |
12 |
--------------------------------------------------------------------------------
/list_public_ip_all_projects.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb
3 | for project in $(gcloud projects list --format="value(projectId)")
4 | do
5 | echo "+++++++++++++++++++ProjectID: $project ++++++++++++++++++"
6 | echo " $(gcloud --format="value(networkInterfaces[0].accessConfigs[0].natIP)" compute instances list --project $project)"
7 | echo " "
8 | done
9 | #print number of projects
10 |
11 |
12 |
--------------------------------------------------------------------------------
/list_roles.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | gcloud iam roles list --format="table(name, description)"
3 |
--------------------------------------------------------------------------------
/list_roles_for_user.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mariusz.burdach 2018
3 |
4 | display() {
5 | echo
6 | echo " -u, --user provide username for example -u accountname"
7 | }
8 |
9 | enumerate() {
10 | echo "Enumerating all roles for user: $1"
11 | #enumerate projects and
12 | for project in $(gcloud projects list --format="value(projectId)")
13 | do
14 | echo "+++++++++++++++++++++ Project ID $project:"
15 | for test2 in $(gcloud projects get-iam-policy $project --flatten="bindings[].members" --format="value(bindings.role)" --filter="bindings.members:$1")
16 | do
17 | if [ -z "$test2" ]
18 | then
19 | echo " no roles"
20 | else
21 | echo " $test2"
22 | fi
23 | done
24 | done
25 |
26 | }
27 |
28 | if [[ -z $1 ]] ; then
29 | display
30 | else
31 | case $1 in
32 | -u|--user)
33 | enumerate $2
34 | ;;
35 | *)
36 | display
37 | ;;
38 | esac
39 | fi
40 |
41 |
--------------------------------------------------------------------------------
/list_users_all_roles_per_project.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mariusz.burdach 2019
3 | prefix="roles/"
4 | #gcloud projects get-iam-policy --format="table(bindings.role)"
5 | for roles in $(gcloud iam roles list --format="value(name)")
6 | do
7 | rola=${roles#"$prefix"}
8 | echo "+++++++++++++++++++++ Users with role: ${rola}"
9 | for project in $(gcloud projects list --format="value(projectId)")
10 | do
11 | echo "+++++++ Project ID $project:"
12 | for test2 in $(gcloud projects get-iam-policy $project --flatten="bindings[].members" --format="value(bindings.members)" --filter="bindings.role:${rola}")
13 | do
14 | if [ -z "$test2" ]
15 | then
16 | echo " no users"
17 | else
18 | echo " $test2 in Project ID: $project"
19 | fi
20 | done
21 | done
22 | done
23 |
24 |
25 |
26 |
27 |
28 |
29 | #gcloud projects get-iam-policy --flatten="bindings[].members" --format="table(bindings.members)" --filter="bindings.role:${arr[1]}"
30 |
--------------------------------------------------------------------------------
/list_users_for_role.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mariusz.burdach 2018
3 | echo "Enumerating all users for role: $1"
4 | #enumerate projects and
5 | for project in $(gcloud projects list --format="value(projectId)")
6 | do
7 | echo "+++++++++++++++++++++ Project ID $project:"
8 | for test2 in $(gcloud projects get-iam-policy $project --flatten="bindings[].members" --format="value(bindings.members)" --filter="bindings.role:$1")
9 | do
10 | if [ -z "$test2" ]
11 | then
12 | echo " no users"
13 | else
14 | echo " $test2"
15 | fi
16 | done
17 | done
18 |
19 |
20 |
--------------------------------------------------------------------------------
/service_accounts_with_keys.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb
3 | for project in $(gcloud projects list --format="value(projectId)")
4 | do
5 | echo "ProjectId: $project"
6 | for robot in $(gcloud iam service-accounts list --project $project --format="value(email)")
7 | do
8 | echo " -> Robot $robot"
9 | for key in $(gcloud iam service-accounts keys list --iam-account $robot --project $project --format="value(name.basename())")
10 | do
11 | echo " $key"
12 | done
13 | done
14 | done
15 |
--------------------------------------------------------------------------------
/service_accounts_with_roles.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #mb
3 | #arr=()
4 | #store projectid in table
5 | for project in $(gcloud projects list --format="value(projectId)")
6 | do
7 | #arr+=($project)
8 | echo "+++++++ Project ID $project:"
9 | for test1 in $(gcloud iam service-accounts list --project $project --format="value(email)")
10 | do
11 | echo "Service account $test1 has roles: "
12 | for test2 in $(gcloud projects get-iam-policy $project --flatten="bindings[].members" --format="value(bindings.role)" --filter="bindings.members:$test1")
13 | do
14 | if [ -z "$test2" ]
15 | then
16 | echo " no roles"
17 | else
18 | echo " $test2"
19 | fi
20 | done
21 | done
22 |
23 | done
24 | #print number of projects
25 | #echo "Number of projects ${#arr[@]}"
26 | #store number of projects in file
27 | #printf "%s\n" "${arr[@]}" > project_list.txt
28 |
29 | #for i in "${arr[@]}"
30 | #do
31 | #echo $i
32 | #done
33 |
--------------------------------------------------------------------------------
/shared_outside_organization.gs:
--------------------------------------------------------------------------------
1 | function enumerate_all_files(teamDriveId) {
2 | var pageToken, result, files;
3 | var test = 0;
4 | var domain = 'domain.com'; //domain name
5 | var allPermitedDomains = ["domain.com"]; //list of trusted domains
6 |
7 | do {
8 | var params = {
9 | corpora: 'teamDrive',
10 | pageToken: pageToken,
11 | maxResults: 10,
12 | useDomainAdminAccess: true,
13 | supportsTeamDrives: true,
14 | includeTeamDriveItems: true,
15 | teamDriveId: teamDriveId,
16 | }
17 |
18 | result = Drive.Files.list(params); //enumeration of all files on team drives
19 |
20 | files = result.items;
21 |
22 |
23 | for(i = 0; i < files.length; i++){
24 |
25 |
26 | Logger.log("File name: %s", files[i].title);
27 | Logger.log("link %s", files[i].embedLink);
28 | Logger.log("mimie %s", files[i].mimeType);
29 | Logger.log("sharedUser %s", files[i].sharingUser);
30 |
31 |
32 |
33 | if(files[i].mimeType == "application/vnd.google-apps.folder")
34 | {
35 | Logger.log("folders have no share feature :(");
36 | //just folder
37 | }
38 |
39 |
40 | var perms = Drive.Permissions.list(files[i].id, {supportsTeamDrives: true}); //optional filed supportsTeamDrieves is key. we enumerate all permissions for file id.
41 | var perms_items = perms.items;
42 | for(j = 0; j < perms_items.length; j++){
43 |
44 | if (perms_items[j].type == 'domain')
45 | {
46 | //Logger.log("Uprawnienia @%s %s %s", perms_items[j].domain, perms_items[j].role, perms_items[j].type);
47 | }
48 | else
49 | {
50 | //Logger.log("Uprawnienia %s %s %s", perms_items[j].emailAddress, perms_items[j].role, perms_items[j].type);
51 | }
52 |
53 |
54 | if (allPermitedDomains.indexOf(perms_items[j].domain) == -1)
55 | {
56 | Logger.log("Uprawnienia @%s %s %s", perms_items[j].domain, perms_items[j].role, perms_items[j].type, owner2);
57 | }
58 |
59 | }
60 |
61 |
62 |
63 | test= test+1;
64 |
65 | }
66 | pageToken = result.nextPageToken;
67 |
68 | } while(pageToken);
69 | Logger.log('Total number of files per Team Drive: %s', test);
70 | }
71 |
72 |
--------------------------------------------------------------------------------
/teamdrive_enum.gs:
--------------------------------------------------------------------------------
1 | function start()
2 | {
3 | var drives2 = enum_team_drives_restrictions();
4 |
5 | for(o=0;o< drives2.length; o++)
6 | {
7 | abc2(drives2[o]);
8 | }
9 |
10 | }
11 |
12 |
13 | function abc2(teamDriveId)
14 | {
15 |
16 | var cba = Drive.Teamdrives.get(teamDriveId, {useDomainAdminAccess: true});
17 | Logger.log(cba.name);
18 | Logger.log(cba.id);
19 |
20 | }
21 |
22 |
23 |
24 | function enum_team_drives_restrictions() {
25 | var pageToken, page;
26 | var lista = [];
27 |
28 | do {
29 | var params = {
30 | pageToken: pageToken,
31 | maxResults: 10,
32 | useDomainAdminAccess: true,
33 | };
34 | page = Drive.Teamdrives.list(params);
35 | var items2 = page.items;
36 | var counter = items2.length;
37 |
38 | for (i = 0; i< counter; i++)
39 | {
40 |
41 | var teamdrive = Drive.Teamdrives.get(items2[i].id, {useDomainAdminAccess: true, fields:'id, name, restrictions',});
42 | lista.push(items2[i].id); //list of teamdrive IDs
43 |
44 | }
45 | pageToken = page.nextPageToken;
46 | } while (pageToken);
47 |
48 | Logger.log(lista);
49 | Logger.log("Number of all team drives is %s",lista.length);
50 | return lista;
51 | }
52 |
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------