From ea4d9615f67218defe6a0dcca3b0d6b2a885c2d9 Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Tue, 10 Jun 2025 12:36:21 +0000
Subject: [PATCH] Translated
 ['src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-

---
 .../gcp-api-keys-unauthenticated-enum.md      | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md b/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md
index 907d74b2d..1b3b91e32 100644
--- a/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md
+++ b/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md
@@ -18,9 +18,35 @@ La regex è: **`AIza[0-9A-Za-z_-]{35}`**
 
 Cercala ad esempio su Github seguendo: [https://github.com/search?q=%2FAIza%5B0-9A-Za-z\_-%5D%7B35%7D%2F\&type=code\&ref=advsearch](https://github.com/search?q=%2FAIza%5B0-9A-Za-z_-%5D%7B35%7D%2F&type=code&ref=advsearch)
 
-### Controlla il progetto GCP di origine - `apikeys.keys.lookup`
+### Controlla l'origine del progetto GCP
 
-Questo è estremamente utile per controllare a **quale progetto GCP appartiene una API key che hai trovato**:
+Questo è estremamente utile per controllare a **quale progetto GCP appartiene una API key che hai trovato**. Abbiamo diverse opzioni:
+
+- Contattare `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key`
+
+Per motivi di brevità, l'output è stato troncato, ma nell'output completo l'ID del progetto appare più di 5 volte.
+```bash
+curl -s "https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=AIzaSyD[...]uE8Y"
+
+{
+"error": {
+"code": 403,
+"message": "Identity Toolkit API has not been used in project 943955951114 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=943955951114 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
+[...]
+```
+- Contattare `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key>`
+
+Per brevità, l'output è stato troncato, ma nell'output completo l'ID del progetto appare più di 5 volte.
+```bash
+curl -s "https://identitytoolkit.googleapis.com/v1/projects?key=AIzaSyD[...]uE8Y"
+
+{
+"error": {
+"code": 403,
+"message": "Identity Toolkit API has not been used in project 943955951114 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=943955951114 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
+[...]
+```
+- [Questo non funziona più!] `apikeys.keys.lookup`
 ```bash
 # If you have permissions
 gcloud services api-keys lookup AIzaSyD[...]uE8Y