ScoutSuite

---

ScoutSuite is an open-source security auditing tool and used to assess cloud infrastructure security.

• is a cloud vulnerability scanner
• python-based with an HTML report output
• allows organizations to evaluate the security of their cloud environments across multiple providers and services
• supports
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)

How it Works

• collects data from a cloud platform using API calls
• Then it compiles a report of all the discovered objects
  •  including:
    • VM instances
    • storage containers
    • IAM accounts
    • data
    • firewall ACLs
    • and many others
• scanner ruleset can categorize discovered items with severity levels based on predetermined policies

Resources

• https://github.com/nccgroup/ScoutSuite

Output Analysis

1. To use a cloud assessment tool, the first step is to create a user with an API access key
   • so that the account settings can be accessed by the scanning software programmatically
2. The user account used for scanning should be configured with a least privilege access policy
3. With ScoutSuite and the AWS CLI installed (and configured to use the scanning account), the default command usage will scan the AWS account for issues
4. tool produces output in the form of an HTML report
   • main page of the report shows an overview of findings against different service types:
   • can pivot from each service to review detailed findings: