A comprehensive scanner for Google Cloud
☆355Dec 5, 2025Updated 3 months ago
Alternatives and similar repositories for gcp_scanner
Users that are interested in gcp_scanner are comparing it to the libraries listed below
Sorting:
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated last year
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆289May 16, 2025Updated 10 months ago
- ☆19Jul 9, 2022Updated 3 years ago
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆415Oct 6, 2025Updated 5 months ago
- Tweets when new GCP IAM updates are found☆13Mar 14, 2026Updated last week
- Tools and blogs I use to perform GCP red teams☆140Jul 23, 2024Updated last year
- These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok☆173Feb 6, 2025Updated last year
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339Updated this week
- GATOR - GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments☆89Jun 22, 2024Updated last year
- Identify privilege escalation paths within and across different clouds☆719Feb 6, 2026Updated last month
- Automated Persistence and Lateral Movement using GCP Patch Management☆16Aug 11, 2022Updated 3 years ago
- ☆27Aug 18, 2023Updated 2 years ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆1,011Mar 11, 2026Updated last week
- RepoReaper is an automated tool crafted to meticulously scan and identify exposed .git repositories within specified domains and their su…☆35Feb 20, 2024Updated 2 years ago
- GCP CSPM using Google Sheets☆38Apr 4, 2025Updated 11 months ago
- ☆65May 21, 2024Updated last year
- APK Infrastructure Investigator☆64Jun 20, 2023Updated 2 years ago
- ☆89Feb 11, 2022Updated 4 years ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆736Mar 5, 2026Updated 2 weeks ago
- Automating situational awareness for cloud penetration tests.☆2,309Mar 10, 2026Updated last week
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆17Jun 11, 2024Updated last year
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆435Oct 29, 2024Updated last year
- Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threa…☆1,409Jun 24, 2025Updated 8 months ago
- ☆169Sep 30, 2025Updated 5 months ago
- ☆117Feb 11, 2026Updated last month
- Detects CanaryTokens in Office docs and PDFs (docx, xlsx, pptx, pdf) without triggering alerts☆129Dec 23, 2025Updated 2 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆341Mar 10, 2026Updated last week
- FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily bui…☆175Nov 7, 2022Updated 3 years ago
- Python library to carry out DFIR analysis on the Cloud☆502Mar 2, 2026Updated 2 weeks ago
- ☆14Jun 20, 2022Updated 3 years ago
- A fast enumeration tool for publicly exposed Azure Storage blobs.☆117Mar 25, 2023Updated 2 years ago
- A small library to alter AWS API requests; Used for fuzzing research☆22Nov 2, 2023Updated 2 years ago
- Enumerate valid users within Microsoft Teams and OneDrive with clean output.☆60Feb 4, 2025Updated last year
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- ☆29Mar 2, 2023Updated 3 years ago
- A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.☆30Oct 26, 2025Updated 4 months ago
- Burp Extension for AWS Signing☆92Jan 10, 2025Updated last year
- Terraform to run Scoutsuite security scan of projects within a Google Cloud Org. Report will be published to a GCS bucket.☆17Jan 5, 2026Updated 2 months ago