Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you how to write the Google Storage Bucket security enumeration script GCPBucketBrute. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

GCPBucketBrute

GCPBucketBrute is a powerful script that enumerates Google Storage Bucket. This script can help you identify the access rights of the target Bucket and determine whether the rights can be raised on the target.

1. The script (optional) can accept GCP user / service account credentials and keywords.

2. Next, the script generates a list of replacement combinations based on the keywords passed in, which the script uses to scan the existing Google Storage Bucket.

3. Even if access credentials are provided, most enumerations will still be performed in an unauthenticated state. Once the non-authenticated enumeration status is scanned to any Bucket, the script will attempt to enumerate Bucket permissions using TestIamPermissions API and the provided access credentials.

4. However, the script attempts to enumerate Bucket permissions using TestIamPermissions API, regardless of whether or not access credentials are provided. This means that if you do not enter access credentials, you will only see the permissions that non-authenticated users have, but when you enter credentials, you will see the permissions that authenticated users have, making it easier for us to compare permissions.

Brief introduction of tools

1. Provide a keyword, and the script will generate a list of permutation combinations according to the keyword, and then enumerate the Google Storage Bucket according to the list.

2. Next, output all scanned Bucket.

3. Then, output the relevant access permissions of the target Bucket.

4. Finally, the script checks these permissions, attempts to storage.buckets.setIamPolicy them, and outputs the results.

Tool requirements

Non-authenticated user rights scanning can only be performed under Linux/OS X:Windows because the script has problems when scanning using the subprocess module.

Python3

Pip3

Tool installation

Git clone https://github.com/RhinoSecurityLabs/GCPBucketBrute.git

Cd GCPBucketBrute/

Pip3 install-r requirements.txt or python3-m pip install-r requirements.txt

Tool use

First, determine the types of authentication that need to be enumerated. If we are using a service account, we need to provide the private key as a file through the "- f/--service-account-credential-file-path" parameter. If you are using a user account, you do not need to provide any authentication parameters. After running, the tool will prompt you to enter the access token of the user's account to access GCP API. If you want to perform a full scan in an unauthenticated state, you need to use the "- u/--unauthenticated" parameter.

Perform a full scan in an unauthenticated state and scan Bucket using the keyword "test":

Python3 gcpbucketbrute.py-k test-u

Scan Bucket with the authentication service account and the keyword "test", save the results to out.txt and output to the current directory:

Python3 gcpbucketbrute.py-k test-f.. / sa-priv-key.pem-o. / out.txt

Scan Bucket with the keyword "test", use the user account token, and run 10 child processes:

Python3 gcpbucketbrute.py-k test-s 10 available parameter-k/--keyword

This parameter can specify the keyword used to generate a list of permutation combinations.

-- check

This parameter can receive a string and perform permission detection for a specific Bucket.

-- check-list

This parameter detects the permissions of Bucket in the list of files, with each Bucket in the txt file on a line.

-s/--subprocesses

This parameter is used to specify the number of child processes to be used during Bucket enumeration, which defaults to 5.

-f/--service-account-credential-file-path

This parameter specifies the path to the private key file of the GCP service account. This parameter is optional.

-u/--unauthenticated

This parameter can be used to force non-authentication enumerations.

-o/--out-file

This parameter allows us to specify the path to the output file, automatically creates a new file if the target path file does not exist, and appends the output to the end of the file if the target path file exists.

This is how the Google Storage Bucket security enumeration script GCPBucketBrute shared by the editor is written. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.