You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
List google cloud organizations the user has access too
gcloud organizations list
List GCP folders
gcloud resource-manager folders list --organization <ORG ID>
List resources
Required cloudasset.googleapis.com to be enabled for project
gcloud beta asset search-all-resources
Projects
All Google Cloud resources are in projects. When quering for resources it is limited to the projects. You gotta change projects to enumerate everything!
Get projects
gcloud projects list
Get hierachy of project
gcloud projects get-ancestors <PROJECT ID>
Set a project
gcloud config set project <PROJECT NAME>
Get current project set
gcloud config get project
Get information about project
gcloud projects describe <PROJECT ID>
Gives a list of all APIs that are enabled in project
gcloud services list
IAM
Three roletypes
Basic roles, provides broader access to Google Cloud resources - Owner, Editor, Viewer
Predefined roles, provides granular access to specific Google Cloud resources.
Custom Roles, provides custom access to Google Cloud resources.
Policies
A policy defines members for each role
Enumerate all IAM policies on ORG-wide level
gcloud organizations list
gcloud organizations get-iam-policy <ORG ID>
gcloud iam roles describe <ROLE NAME> --project <PROJECT ID>
List all permissions of a role
For example roles/viewer
gcloud iam roles describe <ROLE>
List permissions of service account
gcloud iam service-accounts list
gcloud iam service-accounts get-iam-policy <SERVICE ACCOUNT EMAIL>
Oneliner to check permissions of all service accounts
gcloud iam service-accounts list --format="value(email)" | while read serviceaccount; do echo "\n [+] checking: $serviceaccount\n" && gcloud iam service-accounts get-iam-policy $serviceaccount 2>/dev/null; done
Oneliner to check permissions of a user on all service accounts
GCUSER=<USER EMAIL>
gcloud iam service-accounts list --format="value(email)" | while read serviceaccount; do echo "\n [+] checking: $serviceaccount\n" && gcloud iam service-accounts get-iam-policy $serviceaccount --flatten="bindings[].members" --filter="bindings.members=user:$GCUSER" --format="value(bindings.role)" 2>/dev/null; done
ORG Policies
List org policies on org level
gcloud resource-manager org-policies list --organization=<ORG ID>
List org policies on folder level
gcloud resource-manager org-policies list --folder=<FOLDER ID>
List org policies on project level
gcloud resource-manager org-policies list --project=<PROJECT ID>
Use the --log-http flag withing Gcloud CLI to see the requests it makes. Get the body, api endpoint etc and use it with Burp with other access token :)