gcpHound v2.0 : Django Web UI To Analyze IAM Permissions
In this article, we will talk about recent functionalities added to the gcpHound as well as how to use them.
This is third article in the gcpHound series.
You can read about how to use other gcpHound functions here : gcpHoundv 1.1-beta and gcpHound v1.2
Setup
Setup is as simple as followed. You can use alternate means to authenticate such as service accounts.
$ docker pull desijarvis/gcphound:v2.0$ docker run --name gcpHound -p 127.0.0.1:443:443 -it desijarvis/gcphound:v2.0 /bin/bashroot@<containerID># cd /root/gcpHound/root@<containerID># gcloud auth login --no-launch-browserroot@<containerID># gcloud config set project <project-id>root@<containerID># service mysql startroot@<containerID># service apache2 start
gcpHoundWebUI
Before Logging In
Make sure you run following command before you start using the UI. The data you would see is dependent on the data collected via CLI function.
This function collects and analyzes ALL organization permissions.
However, for projects, while it COLLECTS ALL permissions, it will ONLY analyze the ones mentioned in rolesOfInterest.txt
Make sure you modify that file if you wish to analyzer additional permissions.
./gcpHound --runGCPHound
Logging In
Once you have followed these steps , go to https://localhost to access Hound UI.
Credentialsusername : admin
password : gcphoundadminUserPassword1!
Troubleshooting
If you can’t use this credential, follow this steps to change password for the admin account.
root@<containerID># cd /var/www/gcpHoundWebUIroot@<containerID># python3 manage.py changepassword admin
Changing Password
First thing you may want to do is change the password for the admin account from the left panel. Alternatively, you can use the method mentioned above to do the same.
Analyzing IAM
Once you log in, you will see the IAM permissions for the account you used to collect GCP IAM data.
The search bar allows you to query for different accounts you wish to see IAM permissions for.
The screenshots below show hypothetical organization called redteam.com, its hierarchy and IAM permissions.
Caveats
It is recommended when you use docker container, only allow Web UI to be connected locally.
In The End
This update allows for seamless querying of different accounts and its permissions via Web UI.
You can alternatively use “enumPrivileges” function via CLI. However, future development for analyzing IAM permissions will be focused on Web UI.
CREDITS
This tool has been developed alongside Brad Richardson.