From e004aa173df172a4d4325611050f8d0bc703cac4 Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Tue, 10 Jun 2025 14:33:27 +0200
Subject: [PATCH] Check origin GCP project

---
 .../gcp-api-keys-unauthenticated-enum.md      | 34 +++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md b/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md
index 76edb9531..ad731c461 100644
--- a/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md
+++ b/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md
@@ -18,9 +18,39 @@ The regex is: **`AIza[0-9A-Za-z_-]{35}`**
 
 Search it for example in Github following: [https://github.com/search?q=%2FAIza%5B0-9A-Za-z\_-%5D%7B35%7D%2F\&type=code\&ref=advsearch](https://github.com/search?q=%2FAIza%5B0-9A-Za-z_-%5D%7B35%7D%2F&type=code&ref=advsearch)
 
-### Check origin GCP project - `apikeys.keys.lookup`
+### Check origin GCP project 
 
-This is extremely useful to check to **which GCP project an API key that you have found belongs to**:
+This is extremely useful to check to **which GCP project an API key that you have found belongs to**. We have different options:
+
+- Contact `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key`
+
+For the sake of brevity the output was truncated, but in the complete output the project ID appears more than 5 times
+
+```bash
+curl -s "https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=AIzaSyD[...]uE8Y"
+
+{
+  "error": {
+    "code": 403,
+    "message": "Identity Toolkit API has not been used in project 943955951114 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=943955951114 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
+    [...]
+```
+
+- Contact `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key`
+
+For the sake of brevity the output was truncated, but in the complete output the project ID appears more than 5 times
+
+```bash
+curl -s "https://identitytoolkit.googleapis.com/v1/projects?key=AIzaSyD[...]uE8Y"
+
+{
+  "error": {
+    "code": 403,
+    "message": "Identity Toolkit API has not been used in project 943955951114 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=943955951114 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
+    [...]
+```
+
+- [This one no longer works!] `apikeys.keys.lookup`
 
 ```bash
 # If you have permissions