BishopFox · jbarciabf · Dec 17, 2025 · Dec 17, 2025 · Dec 28, 2025 · Dec 30, 2025
@@ -62,8 +62,11 @@ terraform.rc
 .DS_Store
 
 untracked/*
+*tmp*
+tmp/*
 output/*
 *cloudfox-output*
+cloudfox-*
 cloudfox
 *.log
 *.bak
@@ -75,4 +78,4 @@ dist/
 
 # graphvis files
 *.gv
-*.svg
+*.svg
@@ -52,9 +52,9 @@ For the full documentation please refer to our [wiki](https://github.com/BishopF
 
 | Provider| CloudFox Commands |
 | - | - |
-| AWS | 34 | 
-| Azure | 4 | 
-| GCP | 8 |
+| AWS | 34 |
+| Azure | 4 |
+| GCP | 57 |
 | Kubernetes | Support Planned | 
 
 
@@ -159,22 +159,109 @@ Additional policy notes (as of 09/2022):
 
 
 # GCP Commands
-| Provider | Command Name | Description 
+
+## Identity & Access Management
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | whoami | Display identity context for the authenticated GCP user/service account |
+| GCP | iam | Enumerate GCP IAM principals across organizations, folders, and projects |
+| GCP | permissions | Enumerate ALL permissions for each IAM entity with full inheritance explosion |
+| GCP | serviceaccounts | Enumerate GCP service accounts with security analysis |
+| GCP | service-agents | Enumerate Google-managed service agents |
+| GCP | keys | Enumerate all GCP keys (SA keys, HMAC keys, API keys) |
+| GCP | resource-iam | Enumerate IAM policies on GCP resources (buckets, datasets, secrets, etc.) |
+| GCP | domain-wide-delegation | Find service accounts with Domain-Wide Delegation to Google Workspace |
+| GCP | privesc | Identify privilege escalation paths in GCP projects |
+
+## Compute & Containers
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | instances | Enumerate GCP Compute Engine instances with security configuration |
+| GCP | gke | Enumerate GKE clusters with security analysis |
+| GCP | cloudrun | Enumerate Cloud Run services and jobs with security analysis |
+| GCP | functions | Enumerate GCP Cloud Functions with security analysis |
+| GCP | app-engine | Enumerate App Engine applications and security configurations |
+| GCP | composer | Enumerate Cloud Composer environments |
+| GCP | dataproc | Enumerate Dataproc clusters |
+| GCP | dataflow | Enumerate Dataflow jobs and pipelines |
+| GCP | notebooks | Enumerate Vertex AI Workbench notebooks |
+| GCP | workload-identity | Enumerate GKE Workload Identity and Workload Identity Federation |
+
+## Storage & Databases
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | buckets | Enumerate GCP Cloud Storage buckets with security configuration |
+| GCP | bucket-enum | Enumerate GCS buckets for sensitive files (credentials, secrets, configs) |
+| GCP | bigquery | Enumerate GCP BigQuery datasets and tables with security analysis |
+| GCP | cloudsql | Enumerate Cloud SQL instances with security analysis |
+| GCP | spanner | Enumerate Cloud Spanner instances and databases |
+| GCP | bigtable | Enumerate Cloud Bigtable instances and tables |
+| GCP | filestore | Enumerate Filestore NFS instances |
+| GCP | memorystore | Enumerate Memorystore (Redis) instances |
+
+## Networking
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | vpc-networks | Enumerate VPC Networks |
+| GCP | firewall | Enumerate VPC networks and firewall rules with security analysis |
+| GCP | loadbalancers | Enumerate Load Balancers |
+| GCP | dns | Enumerate Cloud DNS zones and records with security analysis |
+| GCP | endpoints | Enumerate all network endpoints (external and internal) with IPs, ports, and hostnames |
+| GCP | private-service-connect | Enumerate Private Service Connect endpoints and service attachments |
+| GCP | network-topology | Visualize VPC network topology, peering relationships, and trust boundaries |
+
+## Security & Compliance
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | vpc-sc | Enumerate VPC Service Controls |
+| GCP | access-levels | Enumerate Access Context Manager access levels |
+| GCP | cloud-armor | Enumerate Cloud Armor security policies and find weaknesses |
+| GCP | iap | Enumerate Identity-Aware Proxy configurations |
+| GCP | beyondcorp | Enumerate BeyondCorp Enterprise configurations |
+| GCP | kms | Enumerate Cloud KMS key rings and crypto keys with security analysis |
+| GCP | secrets | Enumerate GCP Secret Manager secrets with security configuration |
+| GCP | cert-manager | Enumerate SSL/TLS certificates and find expiring or misconfigured certs |
+| GCP | org-policies | Enumerate organization policies and identify security weaknesses |
+
+## CI/CD & Source Control
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | artifact-registry | Enumerate GCP Artifact Registry and Container Registry with security configuration |
+| GCP | cloudbuild | Enumerate Cloud Build triggers and builds |
+| GCP | source-repos | Enumerate Cloud Source Repositories |
+| GCP | scheduler | Enumerate Cloud Scheduler jobs with security analysis |
+
+## Messaging & Events
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | pubsub | Enumerate Pub/Sub topics and subscriptions with security analysis |
+
+## Logging & Monitoring
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | logging | Enumerate Cloud Logging sinks and metrics with security analysis |
+| GCP | logging-gaps | Find resources with missing or incomplete logging |
+
+## Organization & Projects
+| Provider | Command Name | Description |
+| - | - | - |
+| GCP | organizations | Enumerate GCP organization hierarchy |
+| GCP | asset-inventory | Enumerate Cloud Asset Inventory with optional dependency analysis |
+| GCP | backup-inventory | Enumerate backup policies, protected resources, and identify backup gaps |
+| GCP | cross-project | Analyze cross-project access patterns for lateral movement |
+
+## Attack Path Analysis
+| Provider | Command Name | Description |
 | - | - | - |
-| GCP | [whoami](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#whoami) | Display the email address of the GCP authenticated user | 
-| GCP | [all-checks](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#all-checks) | Runs all available GCP commands | 
-| GCP | [artifact-registry](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#artifact-registry) | Display GCP artifact registry information | 
-| GCP | [bigquery](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#bigquery) | Display Bigquery datasets and tables information | 
-| GCP | [buckets](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#buckets) | Display GCP buckets information | 
-| GCP | [iam](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#iam) | Display GCP IAM information | 
-| GCP | [instances](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#instances) | Display GCP Compute Engine instances information |
-| GCP | [secrets](https://github.com/BishopFox/cloudfox/wiki/GCP-Commands#secrets) | Display GCP secrets information |
+| GCP | lateral-movement | Map lateral movement paths, credential theft vectors, and pivot opportunities |
+| GCP | data-exfiltration | Identify data exfiltration paths and high-risk data exposure |
 
 
 
 # Authors
 * [Carlos Vendramini](https://github.com/carlosvendramini-bf)
 * [Seth Art (@sethsec](https://twitter.com/sethsec))
+* Joseph Barcia
 
 # Contributing
 [Wiki - How to Contribute](https://github.com/BishopFox/cloudfox/wiki#how-to-contribute)

@@ -6,6 +6,7 @@ import (
 
 	"github.com/BishopFox/cloudfox/gcp/commands"
 	oauthservice "github.com/BishopFox/cloudfox/gcp/services/oauthService"
+	orgsservice "github.com/BishopFox/cloudfox/gcp/services/organizationsService"
 	"github.com/BishopFox/cloudfox/internal"
 	"github.com/spf13/cobra"
 )
@@ -16,6 +17,10 @@ var (
 	GCPProjectID          string
 	GCPProjectIDsFilePath string
 	GCPProjectIDs         []string
+	GCPAllProjects        bool
+
+	// Project name mapping (ProjectID -> DisplayName)
+	GCPProjectNames map[string]string
 
 	// Output formatting options
 	GCPOutputFormat    string
@@ -36,18 +41,45 @@ var (
 		Long:    `See "Available Commands" for GCP Modules below`,
 		Short:   "See \"Available Commands\" for GCP Modules below",
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
-			if GCPProjectID != "" {
+			// Initialize project names map
+			GCPProjectNames = make(map[string]string)
+
+			// Handle project discovery based on flags
+			if GCPAllProjects {
+				// Discover all accessible projects
+				GCPLogger.InfoM("Discovering all accessible projects...", "gcp")
+				orgsSvc := orgsservice.New()
+				projects, err := orgsSvc.SearchProjects("")
+				if err != nil {
+					GCPLogger.FatalM(fmt.Sprintf("Failed to discover projects: %v. Try using -p or -l flags instead.", err), "gcp")
+				}
+				for _, proj := range projects {
+					if proj.State == "ACTIVE" {
+						GCPProjectIDs = append(GCPProjectIDs, proj.ProjectID)
+						GCPProjectNames[proj.ProjectID] = proj.DisplayName
+					}
+				}
+				if len(GCPProjectIDs) == 0 {
+					GCPLogger.FatalM("No accessible projects found. Check your permissions.", "gcp")
+				}
+				GCPLogger.InfoM(fmt.Sprintf("Discovered %d project(s)", len(GCPProjectIDs)), "gcp")
+			} else if GCPProjectID != "" {
 				GCPProjectIDs = append(GCPProjectIDs, GCPProjectID)
+				// Resolve project name for single project
+				resolveProjectNames(GCPProjectIDs)
 			} else if GCPProjectIDsFilePath != "" {
 				GCPProjectIDs = internal.LoadFileLinesIntoArray(GCPProjectIDsFilePath)
+				// Resolve project names for all projects in list
+				resolveProjectNames(GCPProjectIDs)
 			} else {
-				GCPLogger.InfoM("project or project-list flags not given, commands requiring a project ID will fail", "gcp")
+				GCPLogger.InfoM("project, project-list, or all-projects flag not given, commands requiring a project ID will fail", "gcp")
 			}
-			// Create a context with this value to share it with subcommands at runtime
+
+			// Create a context with project IDs and names
 			ctx := context.WithValue(context.Background(), "projectIDs", GCPProjectIDs)
+			ctx = context.WithValue(ctx, "projectNames", GCPProjectNames)
 
-			// Set the context for this command which all subcommands can access via [SUBCMD].Parent().Context()
-			// cmd.SetContext(ctx)
+			// Authenticate and get account info
 			os := oauthservice.NewOAuthService()
 			principal, err := os.WhoAmI()
 			if err != nil {
@@ -59,6 +91,40 @@ var (
 	}
 )
 
+// resolveProjectNames fetches display names for given project IDs
+func resolveProjectNames(projectIDs []string) {
+	if len(projectIDs) == 0 {
+		return
+	}
+
+	orgsSvc := orgsservice.New()
+	// Fetch all accessible projects and build lookup map
+	projects, err := orgsSvc.SearchProjects("")
+	if err != nil {
+		// Non-fatal: we can continue without display names
+		GCPLogger.InfoM("Could not resolve project names, using project IDs only", "gcp")
+		for _, id := range projectIDs {
+			GCPProjectNames[id] = id // fallback to using ID as name
+		}
+		return
+	}
+
+	// Build lookup from fetched projects
+	projectLookup := make(map[string]string)
+	for _, proj := range projects {
+		projectLookup[proj.ProjectID] = proj.DisplayName
+	}
+
+	// Map our project IDs to names
+	for _, id := range projectIDs {
+		if name, ok := projectLookup[id]; ok {
+			GCPProjectNames[id] = name
+		} else {
+			GCPProjectNames[id] = id // fallback to using ID as name
+		}
+	}
+}
+
 // New RunAllGCPCommands function to execute all child commands
 var GCPAllChecksCommand = &cobra.Command{
 	Use:   "all-checks",
@@ -69,6 +135,9 @@ var GCPAllChecksCommand = &cobra.Command{
 			if childCmd == cmd { // Skip the run-all command itself to avoid infinite recursion
 				continue
 			}
+			if childCmd.Hidden { // Skip hidden commands
+				continue
+			}
 
 			GCPLogger.InfoM(fmt.Sprintf("Running command: %s", childCmd.Use), "all-checks")
 			childCmd.Run(cmd, args)
@@ -86,7 +155,7 @@ func init() {
 	// GCPCommands.PersistentFlags().StringVarP(&GCPOrganization, "organization", "o", "", "Organization name or number, repetable")
 	GCPCommands.PersistentFlags().StringVarP(&GCPProjectID, "project", "p", "", "GCP project ID")
 	GCPCommands.PersistentFlags().StringVarP(&GCPProjectIDsFilePath, "project-list", "l", "", "Path to a file containing a list of project IDs separated by newlines")
-	// GCPCommands.PersistentFlags().BoolVarP(&GCPAllProjects, "all-projects", "a", false, "Use all project IDs available to activated gloud account or given gcloud account")
+	GCPCommands.PersistentFlags().BoolVarP(&GCPAllProjects, "all-projects", "a", false, "Automatically discover and use all accessible projects")
 	// GCPCommands.PersistentFlags().BoolVarP(&GCPConfirm, "yes", "y", false, "Non-interactive mode (like apt/yum)")
 	// GCPCommands.PersistentFlags().StringVarP(&GCPOutputFormat, "output", "", "brief", "[\"brief\" | \"wide\" ]")
 	GCPCommands.PersistentFlags().IntVarP(&Verbosity, "verbosity", "v", 2, "1 = Print control messages only\n2 = Print control messages, module output\n3 = Print control messages, module output, and loot file output\n")
@@ -97,13 +166,85 @@ func init() {
 
 	// Available commands
 	GCPCommands.AddCommand(
+		// Core/existing commands
 		commands.GCPBucketsCommand,
 		commands.GCPArtifactRegistryCommand,
 		commands.GCPBigQueryCommand,
 		commands.GCPSecretsCommand,
 		commands.GCPIAMCommand,
+		commands.GCPPermissionsCommand,
+		commands.GCPResourceIAMCommand,
 		commands.GCPInstancesCommand,
 		commands.GCPWhoAmICommand,
+
+		// Compute/serverless commands
+		commands.GCPFunctionsCommand,
+		commands.GCPCloudRunCommand,
+		commands.GCPAppEngineCommand,
+		commands.GCPGKECommand,
+		commands.GCPCloudSQLCommand,
+
+		// New infrastructure commands
+		commands.GCPPubSubCommand,
+		commands.GCPKMSCommand,
+		commands.GCPLoggingCommand,
+		commands.GCPSchedulerCommand,
+		commands.GCPDNSCommand,
+		commands.GCPFirewallCommand,
+		commands.GCPServiceAccountsCommand,
+		commands.GCPKeysCommand,
+		commands.GCPEndpointsCommand,
+		commands.GCPWorkloadIdentityCommand,
+		commands.GCPOrganizationsCommand,
+		commands.GCPCloudBuildCommand,
+		commands.GCPMemorystoreCommand,
+		commands.GCPFilestoreCommand,
+		commands.GCPSpannerCommand,
+		commands.GCPBigtableCommand,
+
+		// Data processing commands
+		commands.GCPDataflowCommand,
+		commands.GCPComposerCommand,
+
+		// Security/Compliance commands
+		commands.GCPVPCSCCommand,
+		commands.GCPAssetInventoryCommand,
+		commands.GCPSecurityCenterCommand,
+		commands.GCPComplianceDashboardCommand,
+		commands.GCPBackupInventoryCommand,
+		commands.GCPCostSecurityCommand,
+		commands.GCPMonitoringAlertsCommand,
+
+		// Network/Infrastructure commands
+		commands.GCPLoadBalancersCommand,
+		commands.GCPVPCNetworksCommand,
+		commands.GCPNetworkTopologyCommand,
+
+		// ML/Data Science commands
+		commands.GCPNotebooksCommand,
+		commands.GCPDataprocCommand,
+
+		// Zero Trust/Access commands
+		commands.GCPIAPCommand,
+		commands.GCPBeyondCorpCommand,
+		commands.GCPAccessLevelsCommand,
+
+		// Pentest/Exploitation commands
+		commands.GCPPrivescCommand,
+		commands.GCPOrgPoliciesCommand,
+		commands.GCPBucketEnumCommand,
+		commands.GCPCrossProjectCommand,
+		commands.GCPLoggingGapsCommand,
+		commands.GCPSourceReposCommand,
+		commands.GCPServiceAgentsCommand,
+		commands.GCPDomainWideDelegationCommand,
+		commands.GCPPrivateServiceConnectCommand,
+		commands.GCPCloudArmorCommand,
+		commands.GCPCertManagerCommand,
+		commands.GCPLateralMovementCommand,
+		commands.GCPDataExfiltrationCommand,
+
+		// All checks (last)
 		GCPAllChecksCommand,
 	)
 }