GCP-Cheatsheet

Auth

gcloud auth login
gcloud auth activate-service-account --key-file=key.json
gcloud config set account [email protected]
gcloud auth print-access-token

Project-Level IAM

gcloud projects list
gcloud projects get-iam-policy PROJECT_ID --format=json
gcloud projects get-iam-policy PROJECT_ID \
  --flatten="bindings[].members" \
  --format="table(bindings.role)" \
  --filter="bindings.members:serviceAccount:SA_NAME@PROJECT_ID.iam.gserviceaccount.com"

Service Account Enumeration

gcloud iam service-accounts list
gcloud iam service-accounts describe SA_EMAIL
gcloud iam service-accounts get-iam-policy SA_EMAIL
gcloud auth print-access-token \
--impersonate-service-account=SA_EMAIL
gcloud compute instances list \
--impersonate-service-account=SA_EMAIL

Role Enumeration

gcloud iam roles list
gcloud iam roles describe roles/editor
gcloud iam roles list --project=PROJECT_ID
gcloud iam roles describe ROLE_ID --project=PROJECT_ID

Compute IAM Enumeration

gcloud compute instances list
gcloud compute instances describe INSTANCE_NAME \
--zone=ZONE --format="value(serviceAccounts.email)"

PreviousGCP NextPivoting

Last updated 10 days ago

hashtagAuth

hashtagProject-Level IAM

hashtagService Account Enumeration

hashtagRole Enumeration

hashtagCompute IAM Enumeration

Auth

Project-Level IAM

Service Account Enumeration

Role Enumeration

Compute IAM Enumeration