# ScoutSuite for AWS and Google Cloud ## Introduction Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline. ## What are we going to cover? This chapter wil cover the ScouteSuite tool and the step by step guide on how we can run our own assessments on the AWS and Google Cloud ## Requirements IAM user: The following AWS Managed Policies can be attached to the principal used to run Scout in order to grant the necessary permissions: * ReadOnlyAccess - Provides read-only access to AWS services and resources. * SecurityAudit - The security audit template grants access to read security configuration metadata. It is useful for software that audits the configuration of an AWS account. Using AWS CLI we will create a user in our AWS environment ``` aws iam create-user --user-name security-audit-user aws iam attach-user-policy --user-name security-audit-user --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess aws iam attach-user-policy --user-name security-audit-user --policy-arn arn:aws:iam::aws:policy/SecurityAudit aws iam create-access-key --user-name security-audit-user ``` The above commands will create a user named `security-audit-user` and will attach `ReadOnlyAccess` and `SecurityAudit` policy to the user. The credentials generated should be added to aws cli. ## Steps to audit We will use our student machine to run the tool. And the target environment wil be our lab setup 1. We will install the scoutsuite using git, follow the below commands ``` git clone https://github.com/nccgroup/ScoutSuite cd ScoutSuite python3 -m venv env source venv/bin/activate pip install -r requirements.txt python scout.py --help ``` 2. Now you can run the ScoutSuite on the AWS in using the below command `python scout.py aws --profile security-audit` 3. Once the audit is completed, the results will be stored in the scoutsuite-report folder as an html file. ## Additional reference [ScoutSuite](https://github.com/nccgroup/ScoutSuite/wiki) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xcriminal.gitbook.io/about-me/cloudsec/security-tools/scoutsuite-for-aws-google-cloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.