Skip to main content

Scout2, TODO

Project description

https://travis-ci.org/nccgroup/Scout2.svg?branch=master https://coveralls.io/repos/github/nccgroup/Scout2/badge.svg?branch=master https://badge.fury.io/py/AWSScout2.svg

Description

Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.

Note: Scout2 is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve, the tool. Feel free to report a bug with details (e.g. console output using the “–debug” argument), request a new feature, or send a pull request.

Installation

Install via pip:

$ pip install awsscout2

Install from source:

$ git clone https://github.com/nccgroup/Scout2
$ cd Scout2
$ pip install -r requirements.txt
$ python setup.py install

Requirements

Computing resources

Scout2 is a multi-threaded tool that fetches and stores your AWS account’s configuration settings in memory during runtime. It is expected that the tool will run with no issues on any modern laptop or equivalent VM. Running Scout2 in a VM with limited computing resources such as a t2.micro instance is not intended and will likely result in the process being killed.

Python

Scout2 is written in Python and supports the following versions:

  • 2.7

  • 3.3

  • 3.4

  • 3.5

  • 3.6

AWS Credentials

To run Scout2, you will need valid AWS credentials (e.g Access Key ID and Secret Access Key). The role, or user account, associated with these credentials requires read-only access for all resources in a number of services, including but not limited to CloudTrail, EC2, IAM, RDS, Redshift, and S3.

The following AWS Managed Policies can be attached to the principal in order to grant necessary permissions:

  • ReadOnlyAccess

  • SecurityAudit

Compliance with AWS’ Acceptable Use Policy

Use of Scout2 does not require AWS users to complete and submit the AWS Vulnerability / Penetration Testing Request Form. Scout2 only performs AWS API calls to fetch configuration data and identify security gaps, which is not considered security scanning as it does not impact AWS’ network and applications.

Usage

After performing a number of AWS API calls, Scout2 will create a local HTML report and open it in the default browser.

Using a computer already configured to use the AWS CLI, boto3, or another AWS SDK, you may use Scout2 using the following command:

$ Scout2

Note: EC2 instances with an IAM role fit in this category.

If multiple profiles are configured in your .aws/credentials and .aws/config files, you may specify which credentials to use with the following command:

$ Scout2 --profile <PROFILE_NAME>

If you have a CSV file containing the API access key ID and secret, you may run Scout2 with the following command:

$ Scout2 --csv-credentials <CREDENTIALS.CSV>

Advanced documentation

The following command will provide the list of available command line options:

$ Scout2 --help

For further details, checkout our Wiki pages at https://github.com/nccgroup/Scout2/wiki.

License

GPLv2: See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

AWSScout2-3.2.1.tar.gz (289.1 kB view details)

Uploaded Source

Built Distribution

AWSScout2-3.2.1-py3-none-any.whl (396.1 kB view details)

Uploaded Python 3

File details

Details for the file AWSScout2-3.2.1.tar.gz.

File metadata

  • Download URL: AWSScout2-3.2.1.tar.gz
  • Upload date:
  • Size: 289.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.3

File hashes

Hashes for AWSScout2-3.2.1.tar.gz
Algorithm Hash digest
SHA256 26379cf29098944a0f337f6e44e01a2b24df52c36a0dc2886cb0ad417a02b90c
MD5 a444acf55878de746015b34264c2652e
BLAKE2b-256 1ce4779bf3eb840883e4b069237bc025cdf0bcb5331f002282e339aa4f14ffe4

See more details on using hashes here.

File details

Details for the file AWSScout2-3.2.1-py3-none-any.whl.

File metadata

  • Download URL: AWSScout2-3.2.1-py3-none-any.whl
  • Upload date:
  • Size: 396.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.3

File hashes

Hashes for AWSScout2-3.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 656bc48ff3713728cb7be467525051ecf5b2a8baa84a417e93d0bf908f78ea64
MD5 0d52dcfb32893916dfae741087fd2f90
BLAKE2b-256 705528eedcb7e2699acd60127b4f8dd7b53e3392a29fdd63312b461c2cbaa7f6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page