
Jump to

Stay tuned for
more insights

ScoutSuite is a great tool that can be used by internal and external security analysts to assess cloud environments. Whether performing an AWS Penetration Test, or reviewing your own cloud configuration, this can help you spot dangerous misconfigurations.

There are three steps to get started:

  1. Generate a read-only administrative access token.
  2. Create a named profile for the AWS CLI.
  3. Install and run ScoutSuite

Create a local AWS named profile

In ~/.aws/credentials create an entry as follows:

aws_access_key_id = AKIAJ5PXFQOC1VVEXAMPLE
aws_secret_access_key = VGdiERGP6Y7KFsjpH437qKjflBJpH+jh/JEXAMPLE


In ~/.aws/config add the default region for the profile:

region = us-east-1

[profile myprofile]
region = us-east-1


Download and Install ScoutSuite

Clone ScoutSuite from the official repo.

$ git clone https://github.com/nccgroup/ScoutSuite.git

Navigate to the directory and install into a python virtual environment.

$ cd ScoutSuite
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install scoutsuite
$ scout aws --profile myprofile

ScoutSuite should then run:

ScoutSuite Install

Then a browser window should open with the generated report:

ScoutSuite Dashboard

References: https://github.com/nccgroup/ScoutSuite/wiki