If you want to use docker to run the tool, you can use the existing Dockerfile to create a container with the tool and all dependencies installed.
It will then drop you into a venv inside the docker container when starting allowing you to run “python3 main.py”. Note because it is docker, unless you mount volumes with -v, your data will be wiped upon exiting the docker container
# From gcpwn base directory
docker build -t gcpwn .
docker run -it gcpwn
Note I cannot guarantee support for other OS types/deviations from instructions below, but feel free to file issues if there are any major items that arise.
Supported OS: Kali Linux 6.6.9
Python Version: Python3 3.11.8
python3 main.py
. If this is your first time, the tool will ask you to create a workspace. # Setup a virtual environment
python3 -m venv ./myenv
source myenv/bin/activate
# Clone the tool
git clone https://github.com/NetSPI/gcpwn.git
# Run setup.sh; This will install gcloud CLI tool and pip3 install -r requirements if you want to do those separately
chmod +x setup.sh; ./setup.sh
# Launch the tool after all items installed & create first workspace
python3 main.py
[*] No workspaces were detected.
New workspace name: my_workspace
[*] Workspace 'my_workspace' created.
Welcome to your workspace! Type 'help' or '?' to see available commands.
[*] Listing existing credentials...
Submit the name or index of an existing credential from above, or add NEW credentials via Application Default
Credentails (adc - google.auth.default()), a file pointing to adc credentials, a standalone OAuth2 Token,
or Service credentials. See wiki for details on each. To proceed with no credentials just hit ENTER and submit
an empty string.
[1] *adc <credential_name> [tokeninfo] (ex. adc mydefaultcreds [tokeninfo])
[2] *adc-file <credential_name> <filepath> [tokeninfo] (ex. adc-file mydefaultcreds /tmp/name2.json)
[3] *oauth2 <credential_name> <token_value> [tokeninfo] (ex. oauth2 mydefaultcreds ya[TRUNCATED]i3jJK)
[4] service <credential_name> <filepath_to_service_creds> (ex. service mydefaultcreds /tmp/name2.json)
*To get scope and/or email info for Oauth2 tokens (options 1-3) include a third argument of
"tokeninfo" to send the tokens to Google's official oauth2 endpoint to get back scope.
tokeninfo will set the credential name for oauth2, otherwise credential name will be used.
Advised for best results. See https://cloud.google.com/docs/authentication/token-types#access-contents.
Using tokeninfo will add scope/email to your references if not auto-picked up.
Input:
Two folders, “GatheredData” and “LoggedActions” are auto-created and populated as you run the tool:
modules run enum_buckets --download
will try to download blobs to the specified folder, or running modules run process_iam_bindings
will write the summary reports to this folder if --csv
or --txt
is specified.Internal databases store the information. You don’t need to know the details below but if interested:
WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…
Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…
Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…
Pake is an innovative tool designed to convert any webpage into a desktop application with…
Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…
AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…