Scoutsuite
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Lynis | 10,858 | 6 days ago | 1 | February 27, 2018 | 153 | gpl-3.0 | Shell | |||
| Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. | ||||||||||
| My Arsenal Of Aws Security Tools | 8,148 | a month ago | 2 | apache-2.0 | Shell | |||||
| List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. | ||||||||||
| Cloudmapper | 5,520 | 16 days ago | 200 | bsd-3-clause | JavaScript | |||||
| CloudMapper helps you analyze your Amazon Web Services (AWS) environments. | ||||||||||
| Scoutsuite | 5,398 | 2 days ago | 44 | April 06, 2022 | 168 | gpl-2.0 | Python | |||
| Multi-Cloud Security Auditing Tool | ||||||||||
| Gscan | 2,159 | 10 months ago | 11 | Python | ||||||
| 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。 | ||||||||||
| Awesome Cloud Security | 1,549 | 3 months ago | 4 | |||||||
| 🛡️ Awesome Cloud Security Resources ⚔️ | ||||||||||
| Graudit | 1,182 | 6 months ago | gpl-3.0 | Shell | ||||||
| grep rough audit - source code auditing tool | ||||||||||
| Mongoaudit | 1,154 | 3 years ago | 4 | January 21, 2021 | 9 | mit | Python | |||
| 🔥 A powerful MongoDB auditing and pentesting tool 🔥 | ||||||||||
| Elasticsearch Readonlyrest Plugin | 943 | 4 days ago | 34 | June 25, 2022 | 8 | gpl-3.0 | Scala | |||
| Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing | ||||||||||
| Boopsuite | 787 | 4 years ago | 1 | mit | Python | |||||
| A Suite of Tools written in Python for wireless auditing and security testing. | ||||||||||
Description
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.
The project team can be contacted at [email protected].
Cloud Provider Support
The following cloud providers are currently supported:
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Alibaba Cloud (alpha)
- Oracle Cloud Infrastructure (alpha)
Installation
Refer to the wiki.
Usage
Scout Suite is run through the CLI:
Once this has completed, it will generate an HTML report including findings and Cloud account configuration:
The above report was generated by running Scout Suite against nccgroup/sadcloud.
Additional information can be found in the wiki. There are also a number of handy tools for automation of common tasks.
NCC Scout
Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.
It features:
- Persistent monitoring - so you know about changes or issues as they arise
- One tool - all configuration checks in one place for speed and simplicity
- Multi-vendor support - AWS, Azure and GCP public cloud accounts
- Agnostic platform - a trusted third-party tool
Additional details can be found in the wiki.
NCC Scout now has a free tier under our "Freemium" offering. This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring.
