ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. We use it heavily here at Renegade Labs, so I wanted to write a quick guide on getting it configured and running it in your own environment.
The data and reports it generates are extremely useful from both offensive and defensive perspectives, and I trust that you’ll feel the same way after using it on your own platform.
Installation is quite simple. Start by creating a new python virtual environment:
pip to install ScoutSuite:
For AWS, you will need to configure your AWS access keys in the
For Azure, a series of authentication options exist.
Google Cloud Platform has two ways to authenticate with ScoutSuite:
- User Account
- Service Account
While we’ve had success with the second option, we recommend referring to the documentation for more info.
Once executed, the tool will generate a list of findings broken out by service:
One can drill down further into these as well, revealing more information on each finding and reference information:
And that’s it! It’s that simple to run. In five minutes, you can get a broad overview of your cloud environment and its security configurations. I would recommend running the toolset against all cloud platforms you have. It’s free, so what do you have to lose?