If you want to use docker to run the tool, you can use the existing Dockerfile to create a container with the tool and all dependencies installed.
It will then drop you into a venv inside the docker container when starting allowing you to run “python3 main.py”. Note because it is docker, unless you mount volumes with -v, your data will be wiped upon exiting the docker container
# From gcpwn base directory
docker build -t gcpwn .
docker run -it gcpwn
Note I cannot guarantee support for other OS types/deviations from instructions below, but feel free to file issues if there are any major items that arise.
Supported OS: Kali Linux 6.6.9
Python Version: Python3 3.11.8
python3 main.py
. If this is your first time, the tool will ask you to create a workspace. # Setup a virtual environment
python3 -m venv ./myenv
source myenv/bin/activate
# Clone the tool
git clone https://github.com/NetSPI/gcpwn.git
# Run setup.sh; This will install gcloud CLI tool and pip3 install -r requirements if you want to do those separately
chmod +x setup.sh; ./setup.sh
# Launch the tool after all items installed & create first workspace
python3 main.py
[*] No workspaces were detected.
New workspace name: my_workspace
[*] Workspace 'my_workspace' created.
Welcome to your workspace! Type 'help' or '?' to see available commands.
[*] Listing existing credentials...
Submit the name or index of an existing credential from above, or add NEW credentials via Application Default
Credentails (adc - google.auth.default()), a file pointing to adc credentials, a standalone OAuth2 Token,
or Service credentials. See wiki for details on each. To proceed with no credentials just hit ENTER and submit
an empty string.
[1] *adc <credential_name> [tokeninfo] (ex. adc mydefaultcreds [tokeninfo])
[2] *adc-file <credential_name> <filepath> [tokeninfo] (ex. adc-file mydefaultcreds /tmp/name2.json)
[3] *oauth2 <credential_name> <token_value> [tokeninfo] (ex. oauth2 mydefaultcreds ya[TRUNCATED]i3jJK)
[4] service <credential_name> <filepath_to_service_creds> (ex. service mydefaultcreds /tmp/name2.json)
*To get scope and/or email info for Oauth2 tokens (options 1-3) include a third argument of
"tokeninfo" to send the tokens to Google's official oauth2 endpoint to get back scope.
tokeninfo will set the credential name for oauth2, otherwise credential name will be used.
Advised for best results. See https://cloud.google.com/docs/authentication/token-types#access-contents.
Using tokeninfo will add scope/email to your references if not auto-picked up.
Input:
Two folders, “GatheredData” and “LoggedActions” are auto-created and populated as you run the tool:
modules run enum_buckets --download
will try to download blobs to the specified folder, or running modules run process_iam_bindings
will write the summary reports to this folder if --csv
or --txt
is specified.Internal databases store the information. You don’t need to know the details below but if interested:
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…