Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Google Cloud Default Config - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#google#cloud#devops#exposure
Description

What is the "Google Cloud Default Config - Detect" module?

The "Google Cloud Default Config - Detect" module is designed to detect misconfigurations in the default configuration of Google Cloud. It targets Google Cloud users and aims to identify any potential security vulnerabilities or exposures. This module is categorized as informative, meaning it provides valuable information about the configuration but does not directly indicate a vulnerability or exploit.

Impact

This module helps users identify any misconfigurations in their Google Cloud default configuration. By detecting these misconfigurations, users can take appropriate actions to secure their Google Cloud environment and prevent potential security breaches or unauthorized access.

How the module works?

The "Google Cloud Default Config - Detect" module works by sending HTTP requests to specific endpoints related to the default configuration of Google Cloud. It then applies matching conditions to determine if any misconfigurations are present.

For example, one of the HTTP requests sent by this module is:

GET /configurations/config_default

This request is used to retrieve the default configuration of Google Cloud. The module applies matching conditions to check if the retrieved configuration contains specific keywords, such as "[core]" and "account". If these keywords are found, it indicates a potential misconfiguration.

The matching conditions used by this module include:

- Word Matcher: This matcher checks if specific words or phrases are present in the retrieved configuration. In this case, it looks for the keywords "[core]" and "account". - Status Matcher: This matcher checks the HTTP response status code. In this case, it checks if the status code is 200, indicating a successful retrieval of the configuration.

By applying these matching conditions, the module can identify misconfigurations in the default configuration of Google Cloud.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/configurations/conf.../.config/gcloud/conf...
Matching conditions
word: [core], accountand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability