Skip to content

Audit

CIS

Tool Description
GCP CIS Benchmark Inspec Profile
  • Usage: inspec exec https://github.com/GoogleCloudPlatform/inspec-gcp-cis-benchmark.git -t gcp:// --input gcp_project_id=<YOUR_PROJECT_ID>

Enumeration

Tool Description
GCP Cloud Asset Inventory
  • Use Cloud Asset Inventory to search for all your resources globally
  • Example: gcloud asset search-all-resources --asset-types='storage.googleapis.com/Bucket' --limit 2
cloudlist
  • Obtain public assets (hostnames, IPs)
gcptree
  • Like the unix tree command but for GCP Org hierarchy

Audit

Tool Description
ScoutSuite
  • Multi-cloud security auditing tool
  • Permissions: Viewer, Security Reviewer, Stackdriver Account Viewer
  • Enable Service Usage API
  • Usage: docker run --rm -it -v ~/creds/:/creds -v $(pwd)/:/src/ rossja/ncc-scoutsuite scout --provider gcp --service-account --key-file service_account.json --project-id <projectID>
CS-Suite
  • Auditing the security posture of AWS/GCP/Azure infrastructure
  • Permissions: Viewer, Security Reviewer, Stackdriver Account Viewer
  • Usage: docker run --rm -it -v ~/creds/:/creds -v $(pwd)/:/src/ securityftw/cs-suite -env gcp -pId <project_name>
cloudfox
  • Helps gaining situational awareness in unfamiliar cloud environments and finding exploitable attack paths
  • Introducing: CloudFox
gcpdiag
  • Diagnostics tool for GCP
  • It finds and helps to fix common issues in GCP projects, against a wide range of best practices and frequent mistakes
gcp_scanner
  • A GCP resource scanner that can help determine what level of access certain credentials posses on GCP
security-response-automation Take automated actions on your Security Command Center findings