reddit hackernews mail facebook facebook linkedin
GCPBucketBrute

GCPBucketBrute

Enumerate Google Storage buckets, check the access and if they can be privilege escalated.

Summary:
- Given a keyword, this script enumerates Google Storage buckets based on a number of permutations generated from the keyword.
- Then, any discovered bucket will be output.
- Then, any permissions that you are granted (if any) to any discovered bucket will be output.
- Then the script will check those privileges for privilege escalation (storage.buckets.setIamPolicy) and will output anything interesting (such as publicly listable, publicly writable, authenticated listable, privilege escalation, etc).