GCP Adversary Emulator is an adversary emulation tool designed for performing security tests on Google Cloud Platform (GCP) environments. It allows the simulation of various adversary tactics, techniques, and procedures (TTPs), providing a robust approach to testing your systems' resilience.
- GCP Authentication
- Tactics and Techniques Selection
- Custom Command Execution
- HTML Report Generation
- Environment Cleanup after Tests
- Support for multiple tactics such as Reconnaissance, Initial Access, Execution, Privilege Escalation, Persistence, Exfiltration, Defense Evasion, Credential Access, Lateral Movement, and Collection
- Python 3.x
gcloudCLI installed and configured- Appropriate permissions in GCP to execute commands
- Clone the repository:
git clone https://github.com/CyberSecurityUP/GCP-Adversary-Emulator
cd GCP-Adversary-Emulator- Install dependencies:
pip install -r requirements.txt- Run the tool:
python main.py- Follow the terminal instructions to authenticate with GCP, select tactics and techniques, and view the report.
- GCP Authentication: Activate authentication using a service account.
- Select Tactics and Techniques: Choose from a variety of tactics and techniques.
- Generate Report: Enable report generation with the
--report-enableflag.
python main.py --report-enablemain.py: Main script that initializes the tool.modules/: Contains specific function modules.authenticate.py: GCP authentication function.cleanup.py: Environment cleanup function.display_ttp.py: Display tactics and techniques.execute_technique.py: Execute techniques.load_ttps.py: Load TTPs JSON.report.py: Report generation.
scripts/: Additional scripts used for emulation.
To complement your security testing on GCP, consider using the following tools:
- GCP IAM Privilege Escalation: Tools and techniques for privilege escalation on GCP.
- k8senumeration: Tool for enumerating Kubernetes clusters.
- gcp_enum: Enumeration scripts for GCP.
- GCPBucketBrute: Brute force tool for GCP buckets.
In our next release, we plan to expand the capabilities of GCPAdversary to focus on Google Kubernetes Engine (GKE) and other Kubernetes environments within GCP. This update will include:
- Enhanced TTPs specific to Kubernetes clusters.
- Integration with common Kubernetes tools and frameworks.
- Advanced techniques for testing Kubernetes security.
- Automated scanning and exploitation of Kubernetes vulnerabilities.
Stay tuned for more updates and features as we continue to enhance GCPA dversary Emulator to meet the evolving needs of cloud security testing.
Contributions are welcome! Feel free to open issues or submit pull requests.
Sure! Here's an updated README with a section on how to add TTPs to the JSON and execute_technique.py, along with step-by-step instructions:
- Open the
ttps/ttps.jsonfile. - Locate the appropriate section for the tactic you want to add a technique to.
- Add a new JSON object with the
id,details, andcommandfields. For example:
{
"GCP": {
"Reconnaissance": [
{
"id": "T1590-1",
"details": "Gathering GCP resources",
"command": "gcloud compute instances list"
},
{
"id": "T1590-2",
"details": "Analyzing gcloud configuration",
"command": "gcloud info --quiet; gcloud config list --quiet; gcloud auth list --quiet"
}
// Add your new TTP here
]
// Other tactics...
}
}- Open the
modules/execute_technique.pyfile. - Ensure that the command placeholders in the new TTP are supported by the input prompts. If necessary, add new input prompts for any placeholders not currently handled.
- For example, if your new command includes a placeholder
<new_placeholder>, add:
if "<new_placeholder>" in command:
new_value = input("Enter the new value for <new_placeholder>: ")
command = command.replace("<new_placeholder>", new_value)This project is licensed under the MIT License - see the LICENSE file for details.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent