DEV Community

Cover image for ScoutSuite
Stefan Alfbo
Stefan Alfbo

Posted on

1

ScoutSuite

ScoutSuite is a really nice security tool to audit your cloud solutions.

I have used it on the AWS cloud and it instantly gave me some things to inspect further and it was easy to get started with. However the tool also support other cloud providers as Azure, GCP and more.

The project is based on Python and can be installed like this.

virtualenv -p python3 venv
source venv/bin/activate

pip install scoutsuite
Enter fullscreen mode Exit fullscreen mode

I recommend to use the custom policy provided by their wiki page when running against AWS. With that you will give the tool minimal privileges.

Set up a new profile in the aws credential file that is using the policy above when authenticating against AWS, call the profile, scoutprofile.

[default]
aws_access_key_id = AKIA...
aws_secret_access_key = thesecretkey

[scoutprofile]
aws_access_key_id = AKIA...
aws_secret_access_key = anothersecretkey
Enter fullscreen mode Exit fullscreen mode

Now we can use the command below to start the application.

$ python scout.py aws --profile scoutprofile
Enter fullscreen mode Exit fullscreen mode

This will start to query the AWS API to find out as much as possible about your AWS environment. When done, it will create a nice web page with a report on all the findings.

I really recommend you to try it out, I had valuable feedback on my first try and the investment to get it running was quite low.

There are of course many tools out there to try out, if you want to explore more, then this curated list is a great resource.

Happy auditing!

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more