Menu

Tree [4300fc] master 5.11.0 /
 History

HTTPS git://
HTTPS access

File Date Author Commit
 .github 2021-09-08 Viatcheslav Zhilin Viatcheslav Zhilin [523da0] Added milestone comment to PR template
 ScoutSuite 2022-03-10 Alessandro.Gonzalez Alessandro.Gonzalez [8605c6] Update some data before the release
 docker 2021-05-03 Rogerio Bastos Rogerio Bastos [110880] Downloda awscli from AWS official URL
 tests 2021-09-02 Viatcheslav Zhilin Viatcheslav Zhilin [3c6f17] Added test for new rule condition
 tools 2020-10-09 xga xga [b2feba] Fix URL
 .coveragerc 2020-07-22 xga xga [153aa7] Update directories
 .flake8 2020-03-16 Juan Jose Juan Jose [77c33f] Added all findings
 .gitignore 2021-07-29 x4v13r64 x4v13r64 [6c8dd6] Ignore iml files
 CODE_OF_CONDUCT.md 2020-03-16 Juan Jose Juan Jose [77c33f] Added all findings
 CONTRIBUTING.md 2020-03-16 Juan Jose Juan Jose [77c33f] Added all findings
 LICENSE 2020-03-16 Juan Jose Juan Jose [77c33f] Added all findings
 MANIFEST.in 2020-03-16 Juan Jose Juan Jose [77c33f] Added all findings
 README.md 2021-02-17 xga xga [db827e] Update README
 dev-requirements.txt 2020-07-28 xga xga [9d5bf5] Add CI files
 pytest.ini 2020-07-28 xga xga [9d5bf5] Add CI files
 requirements.txt 2021-09-28 Alessandro.Gonzalez Alessandro.Gonzalez [23bed9] Update botocore version
 scout.py 2020-02-07 Xavier Garceau-Aranda Xavier Garceau-Aranda [008d45] Set python version
 setup.py 2020-07-22 xga xga [5d4f85] Remove 3.9

Read Me

Workflow
CodeCov

PyPI version
PyPI downloads
Docker Hub
Docker Pulls

Description

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.

Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.

The project team can be contacted at scoutsuite@nccgroup.com.

Cloud Provider Support

The following cloud providers are currently supported:

  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Alibaba Cloud (alpha)
  • Oracle Cloud Infrastructure (alpha)

Installation

Refer to the wiki.

Usage

Scout Suite is run through the CLI:

Running Scout Suite

Once this has completed, it will generate an HTML report including findings and Cloud account configuration:

Scout Suite Report

The above report was generated by running Scout Suite against https://github.com/nccgroup/sadcloud.

Additional information can be found in the wiki.
There are also a number of handy tools for automation of common tasks.

NCC Scout

Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.

It features:

  • Persistent monitoring - so you know about changes or issues as they arise
  • One tool - all configuration checks in one place for speed and simplicity
  • Multi-vendor support - AWS, Azure and GCP public cloud accounts
  • Agnostic platform - a trusted third-party tool

Additional details can be found in the wiki.

NCC Scout now has a free tier under our "Freemium" offering.
This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring.