# GCP - Unauthenticated Enum & Access

{{#include ../../../banners/hacktricks-training.md}}

## Public Assets Discovery

Njia moja ya kugundua rasilimali za umma za wingu zinazomilikiwa na kampuni ni kuangalia tovuti zao kutafuta hizo. Zana kama [**CloudScraper**](https://github.com/jordanpotti/CloudScraper) itachambua wavuti na kutafuta **viungo vya rasilimali za umma za wingu** (katika kesi hii zana hii inatafuta `['amazonaws.com', 'digitaloceanspaces.com', 'windows.net', 'storage.googleapis.com', 'aliyuncs.com']`)

Kumbuka kwamba rasilimali nyingine za wingu zinaweza kutafutwa na kwamba wakati mwingine rasilimali hizi zimefichwa nyuma ya **subdomains ambazo zinaelekeza kwao kupitia CNAME registry**.

## Public Resources Brute-Force

### Buckets, Firebase, Apps & Cloud Functions

- [https://github.com/initstring/cloud_enum](https://github.com/initstring/cloud_enum): Zana hii katika GCP inafanya brute-force kwa Buckets, Firebase Realtime Databases, tovuti za Google App Engine, na Cloud Functions
- [https://github.com/0xsha/CloudBrute](https://github.com/0xsha/CloudBrute): Zana hii katika GCP inafanya brute-force kwa Buckets na Apps.

{{#include ../../../banners/hacktricks-training.md}}