ScoutSuite Introduction
ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. We use it heavily here at Renegade Labs, so I wanted to write a quick guide on getting it configured and running it in your own environment.
The data and reports it generates are extremely useful from both offensive and defensive perspectives, and I trust that you’ll feel the same way after using it on your own platform.
Installation of ScoutSuite
Installation is quite simple. Start by creating a new python virtual environment:
virtualenv -p python3 .
## Activate venv
source bin/activate
Next, use pip to install ScoutSuite:
AWS
For AWS, you will need to configure your AWS access keys in the ~/.aws/credentials file.
aws_access_key_id = [REDACTED]
aws_secret_access_key = [REDACTED]
Azure
For Azure, a series of authentication options exist.
GCP
Google Cloud Platform has two ways to authenticate with ScoutSuite:
- User Account
- Service Account
While we’ve had success with the second option, we recommend referring to the documentation for more info.
Reporting in ScoutSuite
Once executed, the tool will generate a list of findings broken out by service:
One can drill down further into these as well, revealing more information on each finding and reference information:
And that’s it! It’s that simple to run. In five minutes, you can get a broad overview of your cloud environment and its security configurations. I would recommend running the toolset against all cloud platforms you have. It’s free, so what do you have to lose?
Leave A Comment