Ultimate ScoutSuite Cheat Sheet
Ultimate ScoutSuite Cheat Sheet
Multi-Cloud security auditing for AWS, Azure, GCP, and more.
1. Installation & Basics
ScoutSuite is written in Python. It's best to run it in a virtual environment.
Standard Install
Help Menu
View list of supported providers (AWS, Azure, GCP, AliCloud, Oracle).
2. AWS Auditing
ScoutSuite uses your local AWS CLI credentials (~/.aws/credentials).
Basic Scan
Uses the default profile configured in AWS CLI.
Specific Profile
Audit a specific environment (e.g., 'dev' or 'prod').
Authenticate via Access Keys
If not using a profile, pass keys directly (Not recommended for logs, but useful for CI/CD).
3. Azure Auditing
Requires the Azure CLI (az) to be installed and logged in.
1. Login to Azure
2. Run ScoutSuite
Uses the cached Azure CLI credentials.
Service Principal Auth
For automated scanning without user interaction.
4. GCP Auditing
Requires Google Cloud SDK (gcloud).
1. Login to GCP
2. Run ScoutSuite (User Account)
Service Account Key
Use a JSON key file for authentication.
5. Filtering & Reporting
Cloud environments are huge. Use filters to speed up scans and reduce noise.
Scan Specific Services
Only check S3 buckets and EC2 instances.
Skip Services
Skip IAM if you don't have permissions.
Regions
Only scan specific regions.
Reporting Options
Control where the HTML report is saved.
6. Custom Rulesets
ScoutSuite runs based on a set of JSON rules. You can modify them.
Rule Location
Rules are stored in the library folder (e.g., ScoutSuite/providers/aws/rules/).
Disable Rules
Use the --ruleset flag to pass a custom config file that excludes certain findings.
Using a Custom Ruleset
scoutsuite-results/ folder containing an interactive HTML dashboard. This is the primary output you will analyze.
Post a Comment