ScoutSuite is a great tool that can be used by internal and external security analysts to assess cloud environments. Whether performing an AWS Penetration Test, or reviewing your own cloud configuration, this can help you spot dangerous misconfigurations.
There are three steps to get started:
- Generate a read-only administrative access token.
- Create a named profile for the AWS CLI.
- Install and run ScoutSuite
Create a local AWS named profile
~/.aws/credentials create an entry as follows:
[default] aws_access_key_id = AKIAJ5PXFQOC1VVEXAMPLE aws_secret_access_key = VGdiERGP6Y7KFsjpH437qKjflBJpH+jh/JEXAMPLE [myprofile] aws_access_key_id=AKIAJ6ONFYOL1JEXAMPLE aws_secret_access_key=JHysHu8F96EjqssWVIBuf43grsvDpjqaQhJRxOJrEXAMPLE
~/.aws/config add the default region for the profile:
[default] region = us-east-1 [profile myprofile] region = us-east-1
Download and Install ScoutSuite
Clone ScoutSuite from the official repo.
$ git clone https://github.com/nccgroup/ScoutSuite.git
Navigate to the directory and install into a python virtual environment.
$ cd ScoutSuite $ virtualenv -p python3 venv $ source venv/bin/activate $ pip install scoutsuite $ scout aws --profile myprofile
ScoutSuite should then run:
Then a browser window should open with the generated report: