All Collections
Cloud targets
How to integrate with your cloud accounts
GCP (Google Cloud Platform) integration
GCP (Google Cloud Platform) integration

Connect Intruder to Google Cloud Platform to synchronise your targets

Patrick Craston avatar
Written by Patrick Craston
Updated over a week ago

We know that keeping the targets you want to monitor for security weaknesses up to date can be a bit of a pain...

New instances are constantly being spun up in Google Cloud Platform, others are being closed down, keeping track of it all can easily become a full time job! 

That's why we've created a Google Cloud Platform integration - add your External IP addresses and hostnames from Cloud DNS as Intruder targets directly from our portal! 🎉

Enable Google Cloud APIs 

In order for the Google Cloud integration to work, you'll need to enable some APIs using the GCP console.

  • Select your project, then under 'APIs & Services' click 'Enable APIs and Services':

  • Use the search to to find the following APIs and enable them:

    • Compute Engine API (required to sync external and ephemeral IP addresses)

    • Cloud Resource Manager API (required to sync external and ephemeral IP addresses

    • Google Cloud DNS API (required to sync Google Cloud DNS records)

Connect Google Cloud Platform to your Intruder account

You can connect your Intruder account in two ways, depending on your intended configuration:

  1. Sync all projects by using OAuth

  2. Sync individual projects by adding a key for a service account

1) Connect Google Cloud Platform using OAuth

  • Head to the Targets page > Add Targets > Cloud Accounts Sync > Google Cloud (third one)

  • Sign into a Google account that has access to Google Cloud Platform:

  • Grant Intruder access to your Google Cloud Platform account:

  • We require access to the following scopes: 

    • View your DNS records hosted by Google Cloud DNS
      Provides read-only access to Google Cloud DNS records, which is required to list your DNS hostnames.

    • View your Google Compute Engine resources
      Provides read-only access to Compute Engine resources, which is required to list your external IP addresses.

    • View your Cloud Platform projects
      Allows us to iterate over the projects associated with your Google account and check each project for external IP addresses. 

2) Connect Google Cloud Platform by adding a key for a service account

  • Go to the IAM & Admin menu in your GCP console:

  • Click on Service Accounts and then click Create Service Account:

  • Give your new service account name and a description, then click create: 

  • Grant the service account Compute Network Viewer and DNS Reader permissions to your project (these are required to list your external IP addresses and DNS hostnames):

  • Click the Create Key button to download the key file for your new service account: 

  • Select to create the key in JSON format and download the key file and keep it in a safe place (this key grants read access to your project).

  • Finally, upload the key file for the service account to the Intruder portal:

And you're done! 🥳


The next thing you'll see is this modal 👇, for automated management of your cloud targets.

If that's not of interest and you'd like to manage them manually, skip the boxes and simply press Confirm setup.

Note: Google Cloud Platform integration is only available for customers on our Pro, Premium and Vanguard plans.


Intruder is a Google Cloud Technology Partner.

Related Articles
GCP: Do I need permission before I start the scan?
Getting Started
AWS (Amazon Web Services) Integration
Microsoft Azure integration
GCP: My cloud assets are missing
Did this answer your question?