2021-03-03 16:59:14 +08:00
|
|
|
---
|
|
|
|
title: "Scoutsuite"
|
|
|
|
date: 2021-03-02T16:23:06+02:00
|
|
|
|
draft: false
|
2021-03-03 21:23:24 +08:00
|
|
|
description: "Scout Suite is an open-source cloud security-auditing tool."
|
2021-03-03 20:37:31 +08:00
|
|
|
weight: 10
|
2021-03-03 16:59:14 +08:00
|
|
|
---
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### About ScoutSuite
|
2021-03-03 16:59:14 +08:00
|
|
|
|
|
|
|
<a href="https://github.com/nccgroup/ScoutSuite" target="_blank" >Scout Suite</a> is an open-source cloud security-auditing tool.
|
2021-03-03 21:23:24 +08:00
|
|
|
It queries the cloud API to gather configuration data. Based on configuration
|
|
|
|
data gathered, ScoutSuite shows security issues and risks present in your infrastructure.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Supported cloud providers
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 23:03:52 +08:00
|
|
|
Currently, ScoutSuite integration only supports AWS environments.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Enabling ScoutSuite
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
First, Infection Monkey needs access to your cloud API. You can provide access
|
2021-03-03 16:59:14 +08:00
|
|
|
in the following ways:
|
|
|
|
|
|
|
|
- Provide access keys:
|
|
|
|
- Create a new user with ReadOnlyAccess and SecurityAudit policies and generate keys
|
|
|
|
- Generate keys for your current user (faster but less secure)
|
|
|
|
- Configure AWS CLI:
|
|
|
|
- If the command-line interface is available on the Island, it will be used to access
|
|
|
|
the cloud API
|
|
|
|
|
|
|
|
More details about configuring ScoutSuite can be found in the tool itself, by choosing
|
|
|
|
"Cloud Security Scan" in the "Run Monkey" options.
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
![Cloud scan option in run page](/images/usage/integrations/scoutsuite_run_page.png
|
|
|
|
"Successful setup indicator")
|
|
|
|
|
|
|
|
After you're done with the setup, make sure that a checkmark appears next to the AWS option. This
|
|
|
|
verifies that ScoutSuite can access the API.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 20:37:31 +08:00
|
|
|
![Successfull setup indicator](/images/usage/integrations/scoutsuite_aws_configured.png
|
2021-03-03 16:59:14 +08:00
|
|
|
"Successful setup indicator")
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Running a cloud security scan
|
|
|
|
|
|
|
|
If you have successfully configured the cloud scan, Infection Monkey will scan
|
|
|
|
your cloud infrastructure when the Monkey Agent is run **on the Island**. You
|
|
|
|
can simply click on "From Island" in the run options to start the scan. The
|
|
|
|
scope of the network scan and other activities you may have configured the Agent
|
|
|
|
to perform are ignored by the ScoutSuite integration, except **Monkey
|
|
|
|
Configuration -> System info collectors -> AWS collector**, which needs to
|
|
|
|
remain **enabled**.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
|
|
|
|
2021-03-03 21:23:24 +08:00
|
|
|
### Assessing scan results
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-04 00:50:50 +08:00
|
|
|
After the scan is done, ScoutSuite results will be categorized according to the
|
|
|
|
ZeroTrust Extended framework and displayed as a part of the ZeroTrust report.
|
|
|
|
The main difference between Infection Monkey findings and ScoutSuite findings
|
|
|
|
is that ScoutSuite findings contain security rules. To see which rules were
|
|
|
|
checked, click on the "Rules" button next to the relevant test. You'll see a
|
|
|
|
list of rule dropdowns that are color coded according to their status. Expand a
|
|
|
|
rule to see its description, remediation and more details about resources
|
|
|
|
flagged. Each flagged resource has a path so you can easily locate it in the
|
|
|
|
cloud and remediate the issue.
|
2021-03-03 16:59:14 +08:00
|
|
|
|
2021-03-03 20:37:31 +08:00
|
|
|
![Open ScoutSuite rule](/images/usage/integrations/scoutsuite_report_rule.png
|
2021-03-03 16:59:14 +08:00
|
|
|
"Successful setup indicator")
|