Initial commit

Author: mark-adams

.dockerignore

@@ -0,0 +1 @@
+Dockerfile

.github/workflows/lint.yml

@@ -0,0 +1,22 @@
+name: Lint
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-go@v5
+      with:
+        go-version: '1.24'
+
+    - name: Lint
+      uses: golangci/golangci-lint-action@v7
+      with:
+        version: v2.0.2

.github/workflows/release.yml

@@ -0,0 +1,37 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      -
+        name: Set up Go
+        uses: actions/setup-go@v5
+
+      -
+        name: Set up cosign
+        uses: sigstore/cosign-installer@v3.8.1
+  
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/terraform.yml

@@ -0,0 +1,29 @@
+name: Terraform Lint
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: opentofu/setup-opentofu@v1
+      with:
+        tofu_version: 1.9
+
+    - name: Format
+      run: tofu fmt -check
+      working-directory: ./terraform
+      
+    - name: Init
+      run: tofu init
+      working-directory: ./terraform
+
+    - name: Validate
+      run: tofu validate
+      working-directory: ./terraform

.github/workflows/tests.yml

@@ -0,0 +1,23 @@
+name: Tests
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-go@v5
+      with:
+        go-version: '1.24'
+
+    - name: Build
+      run: go build -v github.com/mark-adams/gcp-ip-list/cmd/gcp-ip-list
+
+    - name: Test
+      run: go test -v ./...

.gitignore

@@ -0,0 +1,4 @@
+terraform/.terraform*
+terraform/*.tfstate*
+.vscode# Added by goreleaser init:
+dist/

.goreleaser.yaml

@@ -0,0 +1,55 @@
+version: 2
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+
+builds:
+  - main: ./cmd/gcp-ip-list
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      # - windows
+      # - darwin
+
+archives:
+  - formats: [tar.gz]
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        formats: [zip]
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+
+release:
+  draft: true
+  footer: >-
+
+    ---
+
+    Released by [GoReleaser](https://github.com/goreleaser/goreleaser).
+
+binary_signs:
+  - cmd: cosign
+    args:
+      - "sign-blob"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+      - "--yes" # needed on cosign 2.0.0+

Dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.24 as builder
+
+WORKDIR $GOPATH/src/github.com/mark-adams/gcp-ip-list
+COPY . .
+
+RUN go get -v ./...
+RUN GOOS=linux CGO_ENABLED=0 go build -o /go/bin/gcp-ip-list github.com/mark-adams/gcp-ip-list/cmd/gcp-ip-list
+
+FROM cgr.dev/chainguard/static
+
+COPY --from=builder /go/bin/gcp-ip-list /bin/gcp-ip-list
+
+ENTRYPOINT ["/bin/gcp-ip-list"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Mark Adams
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,68 @@
+# GCP IP List
+
+[![godoc](http://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://godoc.org/github.com/mark-adams/gcp-ip-list) [![license](http://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://raw.githubusercontent.com/mark-adams/gcp-ip-list/main/LICENSE) [![Build Status](https://github.com/mark-adams/gcp-ip-list/actions/workflows/tests.yml/badge.svg)](https://github.com/mark-adams/gcp-ip-list/actions/workflows/tests.yml) 
+
+
+`gcp-ip-list` is a simple CLI tool (and library) written in Go to simplify the process of retrieving IP addresses from infrastructure hosted on Google Cloud Platform (GCP).
+
+Most enumeration tooling today uses the normal CRUD REST APIs provided by Google to retrieve GCP assets and their IP address information. This is less than ideal because it typically involves interacting with several different Google APIs and puts additional load on the very same APIs that are used as the control plane for GCP customers.
+
+This tool takes a different approach and queries information about assets from Google's [Cloud Asset Inventory API](https://cloud.google.com/asset-inventory/docs/overview) instead. This allows us to use a single API to pull down all the data about assets that could potentially have public IP addresses assigned to them which allows us to download data for organizations of any size much more efficiently.
+
+# Getting Started
+
+## Installing the tool
+The easiest way to install the latest version of the tool is to use the `go install` command:
+```
+go install github.com/mark-adams/gcp-ip-list@latest
+```
+
+## Running the tool
+
+Since this tool uses the [Google Cloud Client Libraries for Go](https://github.com/googleapis/google-cloud-go), the application will authenticate with Google using [Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-credentials).
+
+### Quick and easy
+```
+$ gcp-ip-list --scope=projects/sample-project -public
++----------------+--------------+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------+
+|    ADDRESS     | ADDRESS TYPE |             RESOURCE TYPE             |                                                      RESOURCE NAME                                                      |
++----------------+--------------+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------+
+| 35.244.150.176 | public       | compute.googleapis.com/ForwardingRule | //compute.googleapis.com/projects/sample-project/global/forwardingRules/ip-list-test-forwarding-rule-external        |
+| 34.54.75.78    | public       | compute.googleapis.com/ForwardingRule | //compute.googleapis.com/projects/sample-project/global/forwardingRules/ip-list-test-forwarding-rule-external-static |
+| 34.83.163.216  | public       | compute.googleapis.com/Instance       | //compute.googleapis.com/projects/sample-project/zones/us-west1-a/instances/ip-list-test-vm                          |
+| 34.105.8.244   | public       | compute.googleapis.com/Router         | //compute.googleapis.com/projects/sample-project/regions/us-west1/routers/ip-list-test-router                        |
+| 34.19.43.198   | public       | container.googleapis.com/Cluster      | //container.googleapis.com/projects/sample-project/locations/us-west1/clusters/ip-list-test-cluster                  |
+| 34.127.47.18   | public       | sqladmin.googleapis.com/Instance      | //cloudsql.googleapis.com/projects/sample-project/instances/ip-list-test-db                                          |
++----------------+--------------+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------+
+```
+
+```
+$ gcp-ip-list --scope=projects/sample-project -public -format=list
+35.244.150.176
+34.54.75.78
+34.83.163.216
+34.105.8.244
+34.19.43.198
+34.127.47.18
+```
+
+### Usage
+```
+$ gcp-ip-list -h
+Usage of gcp-ip-list:
+  -format string
+        The output format (csv, json, table) (default "table")
+  -private
+        Include private IPs only
+  -public
+        Include public IPs only
+  -scope string
+        The scope (organization, folder, or project) to search
+```
+
+# Contributing
+Contributions are welcome via pull requests! Often it can be helpful if you submit an issue and discuss your potential contribution before creating a pull request to help it get reviewed and merged more quickly.
+
+## Terraform resources
+The `terraform` directory contains sample resources that are handy when doing local development on `gcp-ip-list`.
+If you add support for a new resource type, please add the appropriate Terraform resources in the same PR.

cmd/gcp-ip-list/main.go

@@ -0,0 +1,73 @@
+package main
+
+import (
+	"cmp"
+	"context"
+	"flag"
+	"log"
+	"os"
+	"regexp"
+	"slices"
+
+	"github.com/mark-adams/gcp-ip-list/pkg/gcp"
+	"github.com/mark-adams/gcp-ip-list/pkg/output"
+)
+
+var (
+	scope        = flag.String("scope", "", "The scope (organization, folder, or project) to search")
+	scopePattern = regexp.MustCompile(`^organizations/\d+$|^folders/\d+$|^projects/\S+$`)
+
+	format = flag.String("format", "table", "The output format (csv, json, table, list)")
+
+	public  = flag.Bool("public", false, "Include public IPs only")
+	private = flag.Bool("private", false, "Include private IPs only")
+)
+
+func main() {
+	flag.Parse()
+
+	if *scope == "" {
+		log.Fatal("scope is required")
+	}
+	if !scopePattern.MatchString(*scope) {
+		log.Fatalf("invalid scope: %s, scope must be organizations/1234, folders/1234, projects/1234", *scope)
+	}
+
+	if *public && *private {
+		log.Fatalf("cannot specify both public and private flags")
+	}
+
+	formatters := output.GetFormatters()
+
+	formatter := formatters[*format]
+	if formatter == nil {
+		log.Fatalf("invalid formatter: %s", *format)
+	}
+
+	ctx := context.Background()
+
+	addresses, err := gcp.GetAllAddressesFromAssetInventory(ctx, *scope)
+	if err != nil {
+		log.Fatalf("error getting public addresses: %s", err)
+	}
+
+	if *public {
+		addresses = gcp.FilterPublicAddresses(addresses)
+	} else if *private {
+		addresses = gcp.FilterPrivateAddresses(addresses)
+	}
+
+	// Sort the output by the address type (descending), then by resource type, then by resource name
+	// (chosen somewhat arbitrarily)
+	slices.SortFunc(addresses, func(a, b *gcp.Address) int {
+		return cmp.Or(
+			cmp.Compare(a.AddressType, b.AddressType)*-1,
+			cmp.Compare(a.ResourceType, b.ResourceType),
+			cmp.Compare(a.ResourceName, b.ResourceName),
+		)
+	})
+
+	if err := formatter(os.Stdout, addresses); err != nil {
+		log.Fatalf("error writing output: %s", err)
+	}
+}