2021-03-03 16:59:14 +08:00
|
|
|
---
|
|
|
|
|
title: "Scoutsuite"
|
|
|
|
|
date: 2021-03-02T16:23:06+02:00
|
|
|
|
|
draft: false
|
2021-03-03 21:23:24 +08:00
|
|
|
description: "Scout Suite is an open-source cloud security-auditing tool."
|
2021-03-03 20:37:31 +08:00
|
|
|
weight: 10
|
2021-03-03 16:59:14 +08:00
|
|
|
---
|
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### About ScoutSuite
|
2021-03-03 16:59:14 +08:00
|
|
|
|
|
|
|
|
<a href="https://github.com/nccgroup/ScoutSuite" target="_blank" >Scout Suite</a> is an open-source cloud security-auditing tool.
|
2021-03-03 21:23:24 +08:00
|
|
|
It queries the cloud API to gather configuration data. Based on configuration
|
|
|
|
|
data gathered, ScoutSuite shows security issues and risks present in your infrastructure.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Supported cloud providers
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
Currently, the Infection Monkey only supports AWS.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Enabling ScoutSuite
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
First, Infection Monkey needs access to your cloud API. You can provide access
|
2021-03-03 16:59:14 +08:00
|
|
|
in the following ways:
|
|
|
|
|
|
|
|
|
|
- Provide access keys:
|
|
|
|
|
- Create a new user with ReadOnlyAccess and SecurityAudit policies and generate keys
|
|
|
|
|
- Generate keys for your current user (faster but less secure)
|
|
|
|
|
- Configure AWS CLI:
|
|
|
|
|
- If the command-line interface is available on the Island, it will be used to access
|
|
|
|
|
the cloud API
|
|
|
|
|
|
|
|
|
|
More details about configuring ScoutSuite can be found in the tool itself, by choosing
|
|
|
|
|
"Cloud Security Scan" in the "Run Monkey" options.
|
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
After you're done with the setup, make sure that a checkmark appears next to the AWS option. This
|
|
|
|
|
verifies that ScoutSuite can access the API.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 20:37:31 +08:00
|
|
|
|
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Running a cloud security scan
|
|
|
|
|
|
|
|
|
|
If you have successfully configured the cloud scan, Infection Monkey will scan
|
|
|
|
|
your cloud infrastructure when the Monkey Agent is run **on the Island**. You
|
|
|
|
|
can simply click on "From Island" in the run options to start the scan. The
|
|
|
|
|
scope of the network scan and other activities you may have configured the Agent
|
|
|
|
|
to perform are ignored by the ScoutSuite integration, except **Monkey
|
|
|
|
|
Configuration -> System info collectors -> AWS collector**, which needs to
|
|
|
|
|
remain **enabled**.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Assessing scan results
|
2021-03-03 16:59:14 +08:00
|
|
|
|
|
|
|
|
After the scan is done, ScoutSuite results will be sorted and applied to the ZeroTrust Extended framework
|
|
|
|
|
and displayed as a part of the ZeroTrust report. The main difference between Infection Monkey findings and
|
|
|
|
|
ScoutSuite findings is that ScoutSuite findings contain security rules. To see which rules were
|
|
|
|
|
checked click on the "Rules" button next to the relevant test. You'll see a brief overview of the rules
|
|
|
|
|
related to the test and a list of those rules. Expand a rule to see its description, remediation and
|
|
|
|
|
more details about resources flagged. Each flagged resource has a path so you can easily locate
|
|
|
|
|
them in the cloud and change the value that is deemed insecure.
|
|
|
|
|
|
2021-03-03 20:37:31 +08:00
|
|
|
|
