0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#2817] update

This commit is contained in:
CPol 2021-10-28 15:53:17 +00:00 committed by gitbook-bot
parent 0455778d02
commit 488081b64f
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
cloud-security/gcp-security/README.md
View File

@ -227,17 +227,19 @@ We've automated this completely using [this python script](https://gitlab.com/gi
### IAM
| Description | Command |
| ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
| List **roles** | `gcloud iam roles list --filter='etag:AA=='` |
| Get **description** and permissions of a role | gcloud iam roles describe roles/container.admin |
| Get iam **policy** of a **organisation** | `gcloud organizations get-iam-policy` |
| Get iam **policy** of a **project** | `gcloud projects get-iam-policy <project-id>` |
| Get iam **policy** of a **folder** | `gcloud resource-manager folders get-iam-policy` |
| [**Testable permissions**](https://cloud.google.com/iam/docs/reference/rest/v1/permissions/queryTestablePermissions) on a resource | `gcloud iam list-testable-permissions --filter "NOT apiDisabled: true` |
| List of **grantable** **roles** for a resource | `gcloud iam list-grantable-roles <project URL>` |
| List **custom** **roles** on a project | `gcloud iam roles list --project $PROJECT_ID` |
| List **service accounts** | `gcloud iam service-accounts list` |
| Description | Command |
| ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ |
| List **roles** | `gcloud iam roles list --filter='etag:AA=='` |
| Get **description** and permissions of a role | gcloud iam roles describe roles/container.admin |
| Get iam **policy** of a **organisation** | `gcloud organizations get-iam-policy` |
| Get iam **policy** of a **project** | `gcloud projects get-iam-policy <project-id>` |
| Get iam **policy** of a **folder** | `gcloud resource-manager folders get-iam-policy` |
| Get **members** of a **group** | `gcloud identity groups memberships search-transitive-memberships --group-email=email@group.com` |
| Get **permissions** of a **role** | `gcloud iam roles describe roles/accessapproval.approver` |
| [**Testable permissions**](https://cloud.google.com/iam/docs/reference/rest/v1/permissions/queryTestablePermissions) on a resource | `gcloud iam list-testable-permissions --filter "NOT apiDisabled: true` |
| List of **grantable** **roles** for a resource | `gcloud iam list-grantable-roles <project URL>` |
| List **custom** **roles** on a project | `gcloud iam roles list --project $PROJECT_ID` |
| List **service accounts** | `gcloud iam service-accounts list` |
## Unauthenticated Attacks