Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nccgroup/Scout2

Security auditing tool for AWS environments
https://github.com/nccgroup/Scout2

aws security

Last synced: about 2 months ago
JSON representation

Security auditing tool for AWS environments

Host: GitHub
URL: https://github.com/nccgroup/Scout2
Owner: nccgroup
License: gpl-2.0
Archived: true
Created: 2013-12-06T19:11:19.000Z (almost 11 years ago)
Default Branch: master
Last Pushed: 2018-11-28T02:34:01.000Z (almost 6 years ago)
Last Synced: 2024-05-21T01:06:52.833Z (4 months ago)
Topics: aws, security
Language: Python
Homepage: http://nccgroup.github.io/Scout2/
Size: 3.04 MB
Stars: 1,727
Watchers: 106
Forks: 302
Open Issues: 0
Metadata Files:
- Readme: README.rst
- License: LICENSE

Awesome Lists containing this project

README

##########
AWS Scout2
##########

.. image:: https://travis-ci.org/nccgroup/Scout2.svg?branch=master
:target: https://travis-ci.org/nccgroup/Scout2

.. image:: https://coveralls.io/repos/github/nccgroup/Scout2/badge.svg?branch=master
:target: https://coveralls.io/github/nccgroup/Scout2

.. image:: https://badge.fury.io/py/AWSScout2.svg
:target: https://badge.fury.io/py/AWSScout2
:align: right

**AWS Scout2 is no longer under development. The latest (and final) version of Scout2 can be found
in https://github.com/nccgroup/Scout2/releases and https://pypi.org/project/AWSScout2.**

**The project has migrated to https://github.com/nccgroup/ScoutSuite.**

***********
Description
***********

Scout2 is a security tool that lets AWS administrators assess their
environment's security posture. Using the AWS API, Scout2 gathers configuration
data for manual inspection and highlights high-risk areas automatically. Rather
than pouring through dozens of pages on the web, Scout2 supplies a clear view of
the attack surface automatically.

**Note:** Scout2 is stable and actively maintained, but a number of features and
internals may change. As such, please bear with us as we find time to work on,
and improve, the tool. Feel free to report a bug with details (*e.g.* console
output using the "--debug" argument), request a new feature, or send a pull
request.

************
Installation
************

Install via `pip`_:

$ pip install awsscout2

Install from source:

$ git clone https://github.com/nccgroup/Scout2
$ cd Scout2
$ pip install -r requirements.txt
$ python setup.py install

************
Requirements
************

Computing resources
-------------------

Scout2 is a multi-threaded tool that fetches and stores your AWS account's configuration settings in memory during
runtime. It is expected that the tool will run with no issues on any modern laptop or equivalent VM.
**Running Scout2 in a VM with limited computing resources such as a t2.micro instance is not intended and will likely
result in the process being killed.**

Python
------

Scout2 is written in Python and supports the following versions:

* 2.7
* 3.3
* 3.4
* 3.5
* 3.6

AWS Credentials
---------------

To run Scout2, you will need valid AWS credentials (*e.g* Access Key ID and Secret Access Key).
The role, or user account, associated with these credentials requires read-only access for all resources in a number of
services, including but not limited to CloudTrail, EC2, IAM, RDS, Redshift, and S3.

The following AWS Managed Policies can be attached to the principal in order to grant necessary permissions:

* ReadOnlyAccess
* SecurityAudit

Compliance with AWS' Acceptable Use Policy
------------------------------------------

Use of Scout2 does not require AWS users to complete and submit the AWS
Vulnerability / Penetration Testing Request Form. Scout2 only performs AWS API
calls to fetch configuration data and identify security gaps, which is not
considered security scanning as it does not impact AWS' network and
applications.

Usage
-----

After performing a number of AWS API calls, Scout2 will create a local HTML report and open it in the default browser.

Using a computer already configured to use the AWS CLI, boto3, or another AWS SDK, you may use Scout2 using the
following command:

$ Scout2

**Note:** EC2 instances with an IAM role fit in this category.

If multiple profiles are configured in your .aws/credentials and .aws/config files, you may specify which credentials
to use with the following command:

$ Scout2 --profile

If you have a CSV file containing the API access key ID and secret, you may run Scout2 with the following command:

$ Scout2 --csv-credentials

**********************
Advanced documentation
**********************

The following command will provide the list of available command line options:

$ Scout2 --help

For further details, checkout our Wiki pages at https://github.com/nccgroup/Scout2/wiki.

*******
License
*******

GPLv2: See LICENSE.

.. _pip: https://pip.pypa.io/en/stable/index.html