GithubHelp home page GithubHelp logo

qpc-github / scoutsuite Goto Github PK

View Code? Open in Web Editor NEW

This project forked from nccgroup/scoutsuite

1.0 2.0 0.0 19.45 MB

Multi-Cloud Security Auditing Tool

License: GNU General Public License v2.0

Shell 0.40% JavaScript 5.31% Python 62.24% CSS 0.86% HTML 31.09% Dockerfile 0.10%

scoutsuite's Introduction

Workflow CodeCov

PyPI version PyPI downloads Docker Hub Docker Pulls

Description

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.

Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.

The project team can be contacted at [email protected].

Cloud Provider Support

The following cloud providers are currently supported:

  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Alibaba Cloud (alpha)
  • Oracle Cloud Infrastructure (alpha)

Installation

Refer to the wiki.

Usage

Scout Suite is run through the CLI:

Running Scout Suite

Once this has completed, it will generate an HTML report including findings and Cloud account configuration:

Scout Suite Report

The above report was generated by running Scout Suite against https://github.com/nccgroup/sadcloud.

Additional information can be found in the wiki. There are also a number of handy tools for automation of common tasks.

NCC Scout

Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.

It features:

  • Persistent monitoring - so you know about changes or issues as they arise
  • One tool - all configuration checks in one place for speed and simplicity
  • Multi-vendor support - AWS, Azure and GCP public cloud accounts
  • Agnostic platform - a trusted third-party tool

Additional details can be found in the wiki.

NCC Scout now has a free tier under our "Freemium" offering. This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring.

scoutsuite's People

Contributors

4ndygu avatar aboisier avatar agrant-isec avatar alessandrogonzalez avatar alessandrogonzalez3 avatar bastienfaure avatar bhollemb avatar franco-bb avatar gebailey avatar jjmako avatar klauern avatar l01cd3v avatar lowsoa avatar misg avatar mitsuo0114 avatar prisas avatar ramimac avatar remi05 avatar rossja avatar rtomlinson-latacora avatar rwinkelmaier-ncc avatar sophiedorval avatar technion avatar thommor avatar tkeech1 avatar vifor2 avatar wwsolutionstreet avatar x4v13r64 avatar xnkevinnguyen avatar zer0x64 avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.