ScoutSuite is a multi-cloud security auditing tool written by the wonderful folks over at NCC group. I use it heavily, so I wanted to do a quick guide on getting it configured and running it in your own environment.
The data and reports it generates is extremely useful from both an offensive and defensive perspective, and I trust that you’ll feel the same way after using it in your own platform.
Installation is quite simple, start by creating a new python virtual environment:
virtualenv -p python3 . ## Activate venv source bin/activate
pip to install ScoutSuite:
pip install scoutsuite
For AWS, you will need to configure your AWS access keys in the
[default] aws_access_key_id = [REDACTED] aws_secret_access_key = [REDACTED]
For Azure, a series of authentication options exist.
Google Cloud Platform has two ways to authenticate with ScoutSuite:
- User Account
- Service Account
While we’ve had success with the second option, we recommend referring to the documentation for more info.
Once executed, the tool will generate a list of findings broken out by service:
One can drill down further into these as well, revealing more information on each finding and reference information:
And that’s it! It’s that simple to run. In 5 minutes you can get a broad overview of your cloud environment and its security configurations.
I would recommend running the toolset against any and all cloud platforms you have. It’s free, what do you have to lose?