HackTricks CloudGCP - Unauthenticated Enum & Access
Reading time: 2 minutes
tip
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Public Assets Discovery
One way to discover public cloud resources that belongs to a company is to scrape their webs looking for them. Tools like CloudScraper will scrape the web an search for links to public cloud resources (in this case this tools searches ['amazonaws.com', 'digitaloceanspaces.com', 'windows.net', 'storage.googleapis.com', 'aliyuncs.com'])
Note that other cloud resources could be searched for and that some times these resources are hidden behind subdomains that are pointing them via CNAME registry.
Public Resources Brute-Force
Buckets, Firebase, Apps & Cloud Functions
- https://github.com/initstring/cloud_enum: This tool in GCP brute-force Buckets, Firebase Realtime Databases, Google App Engine sites, and Cloud Functions
- https://github.com/0xsha/CloudBrute: This tool in GCP brute-force Buckets and Apps.
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.