Skip to main content

GCP (Google Cloud Platform) integration

Connect Intruder to Google Cloud Platform to synchronise your targets

Updated over a month ago

Our GCP integration supports Cloud VMs with External IP addresses and hostnames from Cloud DNS.
Any other will need to be added manually.

There are two places you can add your GCP account from in the portal, from the Targets page by clicking the yellow + Add Targets button then clicking Cloud Account Sync:

Or, from the Integrations page by clicking on the green + Add button under Google Cloud:

There are two methods for integrating with GCP, you can either:

  1. Connect using OAuth

  2. Connect using a service account (this will syncindividual projects)

but first, you'll need to enable some APIs using the GCP console.

  1. Select your project, then under 'APIs & Services' click Enable APIs and Services:

  2. Use the search to to find the following APIs and enable them:

    • Compute Engine API (required to sync external and ephemeral IP addresses)

    • Cloud Resource Manager API (required to sync external and ephemeral IP addresses

    • Google Cloud DNS API (required to sync Google Cloud DNS records)

Connect using OAuth

  1. Head to the Targets page > Cloud Accounts > Google Cloud (final option):

  2. Select Connect using OAuth:

  3. Sign into a Google account that has access to Google Cloud Platform:

  4. Grant Intruder access to your Google Cloud Platform account, making sure to allow us access to the following scopes:

    • View your DNS records hosted by Google Cloud DNS
      Provides read-only access to Google Cloud DNS records, which is required to list your DNS hostnames.

    • View your Google Compute Engine resources
      Provides read-only access to Compute Engine resources, which is required to list your external IP addresses.

    • View your Cloud Platform projects
      Allows us to iterate over the projects associated with your Google account and check each project for external IP addresses.

    Select Allow.

Connect using a service account

  1. Go to the IAM & Admin menu in your GCP console:

  2. Click on Service Accounts and then click Create Service Account:

  3. Give your new service account name and a description, then click create: 

  4. Grant the service account Compute Network Viewer and DNS Reader permissions to your project (these are required to list your external IP addresses and DNS hostnames):

  5. Click the Create Key button to download the key file for your new service account: 

  6. Create the key in JSON format and download the key file and keep it in a safe place (this key grants read access to your project):

  7. Finally, upload the key file for the service account to the Intruder portal and hit Add Account:


The next thing you'll see is this modal 👇, for automated management of your cloud targets.


If that's not of interest and you'd like to manage them manually, skip the boxes and simply press Confirm setup.

Note: Google Cloud Platform integration is only available for customers on our Cloud, Pro, Enterprise, and Vanguard plans.


Intruder is a Google Cloud Technology Partner.

Related Articles
GCP: Do I need permission before I start the scan?
AWS 'account' integration
GCP: Common integration issues/errors
🎥 Video: How to add your GCP account to Intruder
Cloud integrations
Did this answer your question?