id: gcp-bucket-enum

info:
  name: GCP Buckets - Cloud Enumeration
  author: initstring
  severity: info
  description: |
    Searches for open and protected buckets in GCP.
  metadata:
    verified: true
    max-request: 1
  tags: cloud,enum,cloud-enum,gcp

self-contained: true

variables:
  BaseDNS: "storage.googleapis.com"

http:
  - raw:
      - |
        GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
        Host: {{wordlist}}.{{BaseDNS}}

    redirects: false

    attack: batteringram
    threads: 10

    matchers:
      - type: status
        name: "Open GCP Bucket"
        status:
          - 200

      - type: status
        name: "Protected GCP Bucket"
        status:
          - 403
# digest: 4a0a00473045022038ad1830fc8e77debc4c9fcab4d7eb4c62b9930c3f98860f5e6877c1e72578a4022100e3ea9b5730d32e9219e4716c79b5203733ff802460ee921d0f0c2199ecca7989:922c64590222798bb761d5b6d8e72950