Home
Scout Suite is a security tool that lets cloud services administrators assess their environment's security posture. Using the cloud environment's API, Scout Suite gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout Suite supplies a clear view of the attack surface automatically.
Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.
Assuming access to the desired APIs has already been configured on a machine (e.g. the provider's CLI has been set up), then installing and using Scout Suite should be trivial:
- Install Scout Suite
$ pip install scoutsuite- Run the tool
$ python scout.py <provider> <logging method>- Browse the HTML report that opens automatically in the default web browser
- Generate a list of trusted IP ranges
- Generate a custom ruleset
- Provide Scout Suite with the custom ruleset and trusted IP ranges