id: gcp-bucket-enum

info:
  name: GCP Buckets - Cloud Enumeration
  author: initstring
  severity: info
  description: |
    Searches for open and protected buckets in GCP.
  metadata:
    verified: true
    max-request: 1
  tags: cloud,enum,cloud-enum,gcp

self-contained: true

variables:
  BaseDNS: "storage.googleapis.com"

http:
  - raw:
      - |
        GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
        Host: {{wordlist}}.{{BaseDNS}}

    redirects: false

    attack: batteringram
    threads: 10

    matchers:
      - type: status
        name: "Open GCP Bucket"
        status:
          - 200

      - type: status
        name: "Protected GCP Bucket"
        status:
          - 403
# digest: 490a0046304402201c96ae60fa7a4b6502e37d1f0a368a06326c5d1c0621e333e1baa733a42b1a4902207412bf98d7e4aaf9b755810b30bda7827b495eae85a5607855376c0a1e1d8ab1:922c64590222798bb761d5b6d8e72950