Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Google Cloud Access Token

By kannthu

Medium
Vidoc logoVidoc Module
#google#cloud#devops#exposure#files
Description

Google Cloud Access Token

What is the "Google Cloud Access Token?"

The "Google Cloud Access Token" module is designed to detect misconfigurations related to the exposure of Google Cloud access tokens. It targets Google Cloud environments and checks for the presence of SQLite access tokens. This module has a medium severity level.

Impact

If a misconfiguration is detected, it could potentially expose sensitive access tokens used in Google Cloud environments. This could lead to unauthorized access and potential data breaches.

How the module works?

The module works by sending HTTP requests to specific paths in the target environment, namely "/access_tokens.db" and "/.config/gcloud/access_tokens.db". It then applies matching conditions to determine if a misconfiguration is present.

The matching conditions for this module are as follows:

- The response body must contain the words "SQLite" and "access_token". - The response header must contain the word "application/octet-stream". - The response status code must be 200.

If all of these conditions are met, the module will report a potential misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/access_tokens.db/.config/gcloud/acce...
Matching conditions
word: SQLite, access_tokenand
word: application/octet-streamand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability