A comprehensive scanner for Google Cloud
☆353Dec 5, 2025Updated 2 months ago
Alternatives and similar repositories for gcp_scanner
Users that are interested in gcp_scanner are comparing it to the libraries listed below
Sorting:
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆287May 16, 2025Updated 9 months ago
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆414Oct 6, 2025Updated 4 months ago
- Tools and blogs I use to perform GCP red teams☆137Jul 23, 2024Updated last year
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆17Jun 11, 2024Updated last year
- These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok☆172Feb 6, 2025Updated last year
- APK Infrastructure Investigator☆64Jun 20, 2023Updated 2 years ago
- GATOR - GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments☆89Jun 22, 2024Updated last year
- ☆89Feb 11, 2022Updated 4 years ago
- Tweets when new GCP IAM updates are found☆13Updated this week
- GitHub Actions Pipeline Enumeration and Attack Tool☆733Sep 17, 2025Updated 5 months ago
- Detects CanaryTokens in Office docs and PDFs (docx, xlsx, pptx, pdf) without triggering alerts☆128Dec 23, 2025Updated 2 months ago
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆431Oct 29, 2024Updated last year
- RepoReaper is an automated tool crafted to meticulously scan and identify exposed .git repositories within specified domains and their su…☆35Feb 20, 2024Updated 2 years ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Feb 13, 2026Updated 2 weeks ago
- A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes☆43Nov 28, 2025Updated 3 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆315Jan 25, 2026Updated last month
- Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threa…☆1,402Jun 24, 2025Updated 8 months ago
- Identify privilege escalation paths within and across different clouds☆718Feb 6, 2026Updated 3 weeks ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Secrets scanner that understands code☆192Nov 2, 2023Updated 2 years ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆1,005Feb 16, 2026Updated 2 weeks ago
- A fast enumeration tool for publicly exposed Azure Storage blobs.☆116Mar 25, 2023Updated 2 years ago
- Automating situational awareness for cloud penetration tests.☆2,295Feb 21, 2026Updated last week
- ☆30Mar 2, 2023Updated 2 years ago
- Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.☆29Apr 3, 2025Updated 10 months ago
- FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily bui…☆175Nov 7, 2022Updated 3 years ago
- Automated Persistence and Lateral Movement using GCP Patch Management☆16Aug 11, 2022Updated 3 years ago
- A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.☆30Oct 26, 2025Updated 4 months ago
- python3 scripts to help with aws triage needs☆15Feb 11, 2022Updated 4 years ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆817Feb 17, 2025Updated last year
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- Python library to carry out DFIR analysis on the Cloud☆499Oct 8, 2025Updated 4 months ago
- ☆65May 21, 2024Updated last year
- Clean accounts over permissions in GCP infra at scale☆71May 9, 2023Updated 2 years ago
- ☆117Feb 11, 2026Updated 2 weeks ago
- ☆27Aug 18, 2023Updated 2 years ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆438Dec 30, 2025Updated 2 months ago
- ☆169Sep 30, 2025Updated 5 months ago