Skip to content

lightspin-tech/red-bucket-gcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
use_cases
use_cases
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
required_permissions.txt
required_permissions.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Red-Bucket-GCP

Lightspin's Google Cloud Storage Bucket Scanner

Description

Scan your GCP Buckets for public access.

The tool analyzes the following:

  • Bucket's prevent public access
  • Bucket's access control type
  • Bucket policy and ACL
  • Object policy and ACL

You can use the use_cases folder, that contains terraform files of several interesting cases to test our tool.

Our Research

Link to the full security research blog

Requirements

GCP-Red-Bucket is built with Python 3 and google clients.

The tool requires:

Installation

git clone https://github.com/lightspin-tech/red-bucket-gcp.git
cd red-bucket-gcp
pip3 install -r requirements.txt

Usage

python3 main.py --project_id PROJECT_ID --access_token ACCESS_TOKEN [--output_path OUTPUT_PATH] [--output_type {JSON,CSV}]

Note: The output_path parameter should be the directory path you want the results file to be created in.

Contact Us

This research was held by Lightspin's Security Research Team. For more information, contact us at support@lightspin.io.

License

This repository is available under the Apache License 2.0.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

10 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages