Scout Suite v5.3.2 releases: Multi-Cloud Security Auditing Tool

Scout Suite is a multi-cloud security auditing tool, which enables assessing the security posture of cloud environments. Using the APIs exposed by cloud providers, Scout gathers configuration data for manual inspection and highlights risk areas. Rather than pouring through dozens of pages on the web consoles, Scout provides a clear view of the attack surface automatically.

Scout Suite is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve the tool. Feel free to report a bug with details (please provide console output using the –debug argument), request a new feature, or send a pull request.

Note:

The latest (and final) version of Scout2 can be found in https://github.com/nccgroup/Scout2/releases andhttps://pypi.org/project/AWSScout2. Further work is not planned for Scout2. Fixes will be implemented in Scout Suite.

Support

The following cloud providers are currently supported/planned:

  • Amazon Web Services
  • Google Cloud Platform (beta)
  • Azure (early alpha)

Changelog

v5.3.2

  • Front-end fix

v5.3.0

Changes:

  • Added alpha support for Alibaba Cloud (Aliyun) and Oracle Cloud Infrastructure (OCI)
  • Improved AWS & Azure support, including new services and findings
  • Added the –exclude-regions parameter for AWS
    • This can be used to exclude optional regions, e.g. bypassing –exclude-regions ap-east-1 me-south-1.
  • Added support for AWS authentication with access keys (https://github.com/nccgroup/ScoutSuite/wiki/Amazon-Web-Services#cli-parameters)
  • Added support to handle AWS rate-limiting (through exponential backoff) as well as a configurable rate limiting parameter –max-rate)
  • Improved finding rationales’
  • Improved error handling
  • Bug fixes

Installation

Install via pip:

$ pip install scoutsuite
$ git clone https://github.com/nccgroup/ScoutSuite
$ cd ScoutSuite
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python Scout.py --help

Use

Copyright (C) 2018 nccgroup

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services