Scout Suite is a multi-cloud security auditing tool, which enables assessing the security posture of cloud environments. Using the APIs exposed by cloud providers, Scout gathers configuration data for manual inspection and highlights risk areas. Rather than pouring through dozens of pages on the web consoles, Scout provides a clear view of the attack surface automatically.
Scout Suite is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve the tool. Feel free to report a bug with details (please provide console output using the –debug argument), request a new feature, or send a pull request.
The latest (and final) version of Scout2 can be found in https://github.com/nccgroup/Scout2/releases andhttps://pypi.org/project/AWSScout2. Further work is not planned for Scout2. Fixes will be implemented in Scout Suite.
The following cloud providers are currently supported/planned:
- Amazon Web Services
- Google Cloud Platform (beta)
- Azure (early alpha)
- Front-end fix
- Added alpha support for Alibaba Cloud (Aliyun) and Oracle Cloud Infrastructure (OCI)
- Improved AWS & Azure support, including new services and findings
- Added the –exclude-regions parameter for AWS
- This can be used to exclude optional regions, e.g. bypassing –exclude-regions ap-east-1 me-south-1.
- Added support for AWS authentication with access keys (https://github.com/nccgroup/ScoutSuite/wiki/Amazon-Web-Services#cli-parameters)
- Added support to handle AWS rate-limiting (through exponential backoff) as well as a configurable rate limiting parameter –max-rate)
- Improved finding rationales’
- Improved error handling
- Bug fixes
Install via pip:
$ pip install scoutsuite
$ git clone https://github.com/nccgroup/ScoutSuite $ cd ScoutSuite $ virtualenv -p python3 venv $ source venv/bin/activate $ pip install -r requirements.txt $ python Scout.py --help
Copyright (C) 2018 nccgroup