use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json | |
# gcloud projects list | |
project="my-projet" | |
space="" | |
echo "gcloud auth list" | |
gcloud auth list | |
echo -e "$space" | |
echo "[+] Enumerate project info [+]" | |
echo "gcloud projects list" | |
gcloud projects list | |
echo -e "$space" | |
echo "gcloud projects get-iam-policy $project" | |
gcloud projects get-iam-policy $project | |
echo -e "$space" | |
echo "[+] List services accounts for the project [+]" | |
echo "gcloud iam service-accounts list --project=$project" | |
gcloud iam service-accounts list --project=$project | |
echo -e "$space" | |
echo "[+] List services for the project [+]" | |
echo "gcloud services list --project=$project" | |
gcloud services list --project=$project | |
echo -e "$space" | |
echo "[+] App access [+]" | |
echo "gcloud app instances list --project=$project" | |
gcloud app instances list --project=$project | |
echo -e "$space" | |
echo "gcloud app services list --project=$project" | |
gcloud app services list --project=$project | |
echo -e "$space" | |
echo "gcloud app domain-mappings list --project=$project" | |
gcloud app domain-mappings list --project=$project | |
echo -e "$space" | |
echo "gcloud app firewall-rules list --project=$project" | |
gcloud app firewall-rules list --project=$project | |
echo -e "$space" | |
echo "gcloud app operations list --project=$project" | |
gcloud app operations list --project=$project | |
echo -e "$space" | |
echo "[+] Bigquery access [+]" | |
echo "bq ls --format=prettyjson --project_id $project" | |
bq ls --format=prettyjson --project_id $project | |
echo -e "$space" | |
echo "[+] Bigtable access [+]" | |
echo "gcloud bigtable clusters list --project=$project" | |
gcloud bigtable clusters list --project=$project | |
echo -e "$space" | |
echo "gcloud bigtable instances list --project=$project" | |
gcloud bigtable instances list --project=$project | |
echo -e "$space" | |
echo "[+] Builds access [+]" | |
echo "gcloud builds list --project=$project" | |
gcloud builds list --project=$project | |
echo -e "$space" | |
echo "[+] Compute access [+]" | |
echo "gcloud compute instances list --filter=RUNNING --project=$project" | |
gcloud compute instances list --filter=RUNNING --project=$project | |
echo -e "$space" | |
echo "gcloud compute images list --project=$project" | |
gcloud compute images list --project=$project | |
echo -e "$space" | |
echo "gcloud compute firewall-rules list --project=$project" | |
gcloud compute firewall-rules list --project=$project | |
echo -e "$space" | |
echo "[+] Container access [+]" | |
echo "gcloud container images list --project=$project" | |
gcloud container images list --project=$project | |
echo -e "$space" | |
echo "gcloud container clusters list --project=$project" | |
gcloud container clusters list --project=$project | |
echo -e "$space" | |
echo "[+] Dataflow access [+]" | |
echo "gcloud dataflow jobs list --project=$project" | |
gcloud dataflow jobs list --project=$project | |
echo -e "$space" | |
echo "[+] Dataproc access [+]" | |
echo "gcloud dataproc clusters list --project=$project" | |
gcloud dataproc clusters list --project=$project | |
echo -e "$space" | |
echo "gcloud dataproc jobs list --project=$project" | |
gcloud dataproc jobs list --project=$project | |
echo -e "$space" | |
echo "[+] Datastore access [+]" | |
echo "gcloud datastore indexes list --project=$project" | |
gcloud datastore indexes list --project=$project | |
echo -e "$space" | |
echo "[+] Debug access [+]" | |
echo "gcloud debug targets list --project=$project" | |
gcloud debug targets list --project=$project | |
echo -e "$space" | |
echo "gcloud debug snapshots list --project=$project" | |
gcloud debug snapshots list --project=$project | |
echo -e "$space" | |
echo "[+] Deployment-Manager access [+]" | |
echo "gcloud deployment-manager deployments list --project=$project" | |
gcloud deployment-manager deployments list --project=$project | |
echo -e "$space" | |
echo "[+] DNS access [+]" | |
echo "gcloud dns managed-zones list --project=$project" | |
gcloud dns managed-zones list --project=$project | |
echo -e "$space" | |
echo "gcloud dns project-info describe $project" | |
gcloud dns project-info describe $project | |
echo -e "$space" | |
echo "[+] Domains access [+]" | |
echo "gcloud domains list-user-verified --project=$project" | |
gcloud domains list-user-verified --project=$project | |
echo -e "$space" | |
echo "[+] Endpoints access [+]" | |
echo "gcloud endpoints services list --project=$project" | |
gcloud endpoints services list --project=$project | |
echo -e "$space" | |
echo "[+] Functions access [+]" | |
echo "gcloud functions list --project=$project" | |
gcloud functions list --project=$project | |
echo -e "$space" | |
echo "[+] IOT access [+]" | |
echo "gcloud iot registries list --project=$project --region=us-central1" | |
gcloud iot registries list --project=$project --region=us-central1 | |
echo "gcloud iot registries list --project=$project --region=europe-west1" | |
gcloud iot registries list --project=$project --region=europe-west1 | |
echo "gcloud iot registries list --project=$project --region=asia-east1" | |
gcloud iot registries list --project=$project --region=asia-east1 | |
echo -e "$space" | |
echo "[+] KMS access [+]" | |
echo "gcloud kms keyrings list --project=$project --location=global" | |
gcloud kms keyrings list --project=$project --location=global | |
echo "gcloud kms keyrings list --project=$project --location=us" | |
gcloud kms keyrings list --project=$project --location=us | |
echo -e "$space" | |
echo "[+] Logging access [+]" | |
echo "gcloud logging logs list --project=$project" | |
gcloud logging logs list --project=$project | |
echo -e "$space" | |
echo "[+] ML access [+]" | |
echo "gcloud ml-engine jobs list --project=$project" | |
gcloud ml-engine jobs list --limit=100 --project=$project | |
echo -e "$space" | |
echo "[+] Organizations access [+]" | |
echo "gcloud organizations list --project=$project" | |
gcloud organizations list --project=$project | |
echo -e "$space" | |
echo "[+] PubSub access [+]" | |
echo "gcloud pubsub subscriptions list --project=$project" | |
gcloud pubsub subscriptions list --project=$project | |
echo "gcloud pubsub topics list --project=$project" | |
gcloud pubsub topics list --project=$project | |
echo -e "$space" | |
echo "[+] Redis access [+]" | |
echo "gcloud redis instances list --region=asia-east1 --project=$project" | |
gcloud redis instances list --region=asia-east1 --project=$project | |
echo "gcloud redis instances list --region=asia-northeast1 --project=$project" | |
gcloud redis instances list --region=asia-northeast1 --project=$project | |
echo "cloud redis instances list --region=asia-southeast1 --project=$project" | |
gcloud redis instances list --region=asia-southeast1 --project=$project | |
echo "gcloud redis instances list --region=australia-southeast1 --project=$project" | |
gcloud redis instances list --region=australia-southeast1 --project=$project | |
echo "gcloud redis instances list --region=europe-north1 --project=$project" | |
gcloud redis instances list --region=europe-north1 --project=$project | |
echo "gcloud redis instances list --region=europe-west1 --project=$project" | |
gcloud redis instances list --region=europe-west1 --project=$project | |
echo "gcloud redis instances list --region=europe-west2 --project=$project" | |
gcloud redis instances list --region=europe-west2 --project=$project | |
echo "gcloud redis instances list --region=europe-west3 --project=$project" | |
gcloud redis instances list --region=europe-west3 --project=$project | |
echo "gcloud redis instances list --region=europe-west4 --project=$project" | |
gcloud redis instances list --region=europe-west4 --project=$project | |
echo "gcloud redis instances list --region=us-central1 --project=$project" | |
gcloud redis instances list --region=us-central1 --project=$project | |
echo "gcloud redis instances list --region=us-east1 --project=$project" | |
gcloud redis instances list --region=us-east1 --project=$project | |
echo "gcloud redis instances list --region=us-east4 --project=$project" | |
gcloud redis instances list --region=us-east4 --project=$project | |
echo "gcloud redis instances list --region=us-west1 --project=$project" | |
gcloud redis instances list --region=us-west1 --project=$project | |
echo "gcloud redis instances list --region=us-west2 --project=$project" | |
gcloud redis instances list --region=us-west2 --project=$project | |
echo -e "$space" | |
echo "[+] Source access [+]" | |
echo "gcloud source repos list --project=$project" | |
gcloud source repos list --project=$project | |
echo -e "$space" | |
echo "[+] Spanner access [+]" | |
echo "gcloud spanner instances list --project=$project" | |
gcloud spanner instances list --project=$project | |
echo -e "$space" | |
echo "[+] SQL access [+]" | |
echo "gcloud sql instances list --project=$project" | |
gcloud sql instances list --project=$project | |
echo -e "$space" | |
echo "[+] Storage access [+]" | |
echo "gsutil ls -p $project" | |
gsutil ls -p $project | |
echo -e "$space" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment