Skip to content

IAM

Authentication

Tool Description
gcp-sa-key-checker A recon tool for GCP Service Account Keys that requires no permissions

Find Creep/Drift

Tool Description
gcp_scanner A GCP resource scanner that can help determine what level of access certain credentials possess on GCP
gcp-iam-collector Python script for collecting and visualising Google Cloud Platform IAM permissions
gcp_sa_lister Crawls your GCP Org and returns service accounts that have not been used in the past 90 days
GCP API key rotation checker Crawls your entire GCP Organization and inform you of any API keys over 90 days that need to be rotated
gcp-iam-analyzer Compares and analyzes GCP IAM roles

STS

Tool Description
ephemeral-iam
jit-access An AppEngine application that lets you manage just-in-time privileged access to Google Cloud projects
jit-groups JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups