a

Author: carlospolop

src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-api-keys-unauthenticated-enum.md

@@ -22,7 +22,7 @@ Search it for example in Github following: [https://github.com/search?q=%2FAIza%
 
 This is extremely useful to check to **which GCP project an API key that you have found belongs to**. We have different options:
 
-- Contact `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key`
+- Contact `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key>`
 
 For the sake of brevity the output was truncated, but in the complete output the project ID appears more than 5 times
 
@@ -36,7 +36,7 @@ curl -s "https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectCo
     [...]
 ```
 
-- Contact `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key`
+- Contact `https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key>`
 
 For the sake of brevity the output was truncated, but in the complete output the project ID appears more than 5 times