ScoutSuite is a Python-based tool published and maintained by NCC Group, for use in cloud security assessments.
Install and Running Scout Suite
Depending on your own environment, you may decide to use virtualenv or in my example Docker to help avoid any type of package issues.
Docker installation via Homebrew
$ brew install docker
$ docker --version
Launch Docker
$ open -a Docker
Running The Container
$ docker run -it rossja/ncc-scoutsuite bash.
Running Scout Suite
Once the CLI for the environment has been configured and the appropriate credentials set up, you can run Scout Suite in the container.
You can verify that the installation is working by using the command scout --help, which should provide help for the tool.
Using an AWS IAM role.
If you or your team plans to use Scoutsuite against a specific AWS IAM role you’ll have to switch to that role.
scout aws --profile my-aws-cli-profile
Using the default AWS CLI profile.
Check the current identity you’re on using the AWS CLI.
aws sts get-caller-identity
If you need to manually restart the virtual environment, you can do this using the activate script.
root@9564f9:~# source scoutsuite/bin/activate
Running a Test
scout aws --profile user01 --no-browser --report-dir /root/scout-report
Running a Test — with some optional parameters
scout aws --profile user01 --no-browser --report-dir /root/scout-report
Reading the HTML Report
Scout Suite does take some time to run, but while it gathers data from APIs, and pulls info on the various resources and cloud services, you will see live status logs of the activity. In this example, I am running an audit on my AWS environment, but keep in mind we could also audit Azure, GCP, or an Oracle Cloud environment.
Now once Scout Suite has finished auditing the environment, an HTML report will be available in the current working directory or perhaps another directory if you specified in the additional parameters.
If there are findings that need attention, it's pretty simple to understand where the potential issue is and why it was flagged for review and remediation.
If you click on a service, you’ll see that Scout Suite has grouped the findings into three simple levels: Good, Warning, and Danger.
As an example My Development AWS account that was audited, the ACM service had 4 total resources which were checked, but two of the four were flagged since the Transparency Logging Preference was set to DISABLED.
This makes it simple enough to go in and address the findings, then run the audit again to ensure the findings in question are closed.
You may even consider Amazon EventBridge, where you can automate your AWS services to respond automatically to various events. Rules can also be leveraged, specific to some events, where you may decide some automated actions should be taken.
Top comments (0)