Using ScoutSuite

Note: ScoutSuite does not appear to be actively maintained, and has a dependency pinned to azure-identity v1.5.0, which contains a known privilege escalation vulnerability (CVE-2024-35255). A fix has been open as a PR since June 2024 but has not yet been merged. Be aware of this when running against Azure environments. Consider using Prowler or Powerpipe as alternatives.

ScoutSuite is a multi-cloud security auditing tool that assesses the security posture of cloud environments by collecting configuration data via provider APIs and presenting findings in a static HTML report. It supports AWS, Azure, and GCP.

• Supports AWS, Azure, and GCP
• Produces a self-contained HTML report
• Collects configuration data without making any changes to the environment

Prepare the Environment

ScoutSuite runs in a Python virtual environment.

cd /opt/ScoutSuite/
. scoutsuite.sh          # activates the venv environment

ScoutSuite is updated at container image start-up.

Gather Data

ScoutSuite does not handle cloud authentication. Authenticate to your provider before running. See Cloud Authentication via CLI.

AWS - Using a Named Profile

./scout.py aws --profile <aws-profile-name>

AWS - Using Access Keys as Arguments

./scout.py aws \
    --access-key-id <AWS_ACCESS_KEY_ID> \
    --secret-access-key <AWS_SECRET_ACCESS_KEY> \
    --session-token <AWS_SESSION_TOKEN>

Azure - Using Existing CLI Authentication (all subscriptions)

This approach works well when admin approval is required for interactive auth. It will complete the report with errors where access is denied.

./scout.py azure -c --all-subscriptions

Azure - Authenticate at Runtime

./scout.py azure --user-account-browser --tenant <azure-tenant-id>

GCP

./scout.py gcp -u

Known Issues

• ScoutSuite is no longer actively maintained and may fail against current cloud provider API versions.
• Some Azure API calls fail depending on the permissions assigned to the audit account.

Additional Information

• GitHub Repo
• ScoutSuite Wiki