GCPBucketBrute
Brute force GCP bucket names to find open storage
Cloud & Assets4 commands
#gcp#bucket#bruteforce#cloud
Installation
1Clone the repository
2Install dependencies
3Verify installation
git clone https://github.com/RhinoSecurityLabs/GCPBucketBrute.git
cd GCPBucketBrute
pip install -r requirements.txt
# Verify
python3 gcpbucketbrute.py --helpBasic Usage
Brute force GCS bucket names using a keyword or wordlist
# Brute force with keyword
python3 gcpbucketbrute.py -k example
# Use a custom wordlist
python3 gcpbucketbrute.py -w wordlist.txt
# Check specific bucket names
python3 gcpbucketbrute.py -b bucket-nameCommand Reference
4 commands
1Keyword to generate bucket names
-k2Wordlist file with bucket names
-w3Specific bucket name to check
-b4Output file for results
-oWhen to Use
1
Finding publicly accessible GCP storage buckets2
Testing for exposed GCS buckets during cloud assessments3
Asset discovery for Google Cloud Platform targetsNotes & Tips
1
Only works with Google Cloud Storage buckets2
Rate limiting may apply from Google's side3
Use with proper authorizationCommon Errors & Solutions
All buckets private
Try different keywords or a larger wordlist
Connection errors
Check internet connectivity or use a VPN