DEV Community

loading...

ScoutSuite: A Security Audit Tool for Azure

cheahengsoon profile image Eng Soon Cheah ・1 min read

Introduction

Scout Suite is an open source security audit tool for cloud cluster environment, mainly for the security status of cloud environment. By using the API exposed by the cloud service provider, Scout Suite can collect configuration data from high security risk areas for manual audit by researchers. It is worth mentioning that Scout Suite can automatically present a clear and detailed attack surface overview to researchers after completing a security audit, without the need for researchers to browse the complicated Web console information.

Steps

  1. Install Python
  2. Install Azure CLI
  3. Clone the ScoutSuite github repository
$ git clone https://github.com/nccgroup/ScoutSuite
$ cd ScoutSuite
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python scout.py --help
Enter fullscreen mode Exit fullscreen mode

4.Running

pip install azure-cli

command in Power Shell
5.Running

az login

command and the system prompt to authenticate your Azure Subscription
6.Navigate to the ScoutSuite folder

cd .\ScoutSuite

7.Running

python scout.py azure --cli

command
8.The Report will generated in the web page.
Alt Text
Alt Text

Reference:

https://github.com/nccgroup/ScoutSuite

Discussion (0)

pic
Editor guide