How to Use ScoutSuite for AWS Security Baselining

ScoutSuite Introduction

ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. We use it heavily here at Renegade Labs, so I wanted to write a quick guide on getting it configured and running it in your own environment.

The data and reports it generates are extremely useful from both offensive and defensive perspectives, and I trust that you’ll feel the same way after using it on your own platform.

Installation of ScoutSuite

Installation is quite simple. Start by creating a new python virtual environment:

virtualenv -p python3 .

## Activate venv
source bin/activate

 

Next, use pip to install ScoutSuite:

pip install scoutsuite

AWS

For AWS, you will need to configure your AWS access keys in the ~/.aws/credentials file.

[default]
aws_access_key_id = [REDACTED]
aws_secret_access_key = [REDACTED]

Azure

For Azure, a series of authentication options exist.

GCP

Google Cloud Platform has two ways to authenticate with ScoutSuite:

  1. User Account
  2. Service Account

While we’ve had success with the second option, we recommend referring to the documentation for more info.

Reporting in ScoutSuite

Once executed, the tool will generate a list of findings broken out by service:

One can drill down further into these as well, revealing more information on each finding and reference information:

And that’s it! It’s that simple to run. In five minutes, you can get a broad overview of your cloud environment and its security configurations. I would recommend running the toolset against all cloud platforms you have. It’s free, so what do you have to lose?

Share to

Share

Share to

Like our content? Subscribe and stay informed.