Thursday, 11 February 2016
0 comments

AWS Scout-2: A Security Tool For Accessing AWS Environment (Security Posture)

AWS Scout-2: A Security Tool For Accessing AWS Environment (Security Posture)
Image Source: n0where.net

AWS Scout-2: A Security Tool For Accessing AWS (Security Posture) 


AWS Scout2 is an open-source security tool by which assessing of AWS environments security posture becomes very easy. 


AWS Scout2 gathers EC2, CloudTrail, RDS, S3 and IAM, configuration data by using the AWS API. Once after the gathering of configuration data, it is being analyzed and stored and it also automatically highlights the high-risk area. A clear view of the attack surface has applied by the Scout2 automatically. AWS Scout2 software is still under maintenance, it's not fully developed. It can make so many changes to their existing features.

How to Install:

For the installation purpose:

# Clone this repository.
$ git clone [email protected]:iSECPartners/Scout2.git

# install required packages:
$ pip install -r requirements.txt

What are the Requirements?

Valid credentials should be there to run the AWS Scout2. For read-only access to all resources we need the credentials like user account, the role and the Access Key in the following services written below:

  • Cloudtrail
  • Elastic Compute Cloud (EC2)
  • Identity and Access Management (IAM)
  • Relational Database Service (RDS)
  • Redshift
  • Simple Storage Service (S3)

By default, all the permissions which are necessary for running Scout2 have been listed by the Scout2-Default IAM policy.

Usage:

To run Scout2 from an EC2 instance with an appropriate role or from a computer already configured to use the AWS CLI, boto, or another AWS SDK (via environment variables or configuration files), run the following command:

$ python Scout2.py

For running the configured multiple profiles, we have to run the following command:
$ python Scout2.py --profile <PROFILE_NAME>

For running the Scout2 using an access key downloaded from AWS, run the following command:
$ python Scout2.py --csv-credentials <CREDENTIALS.CSV>

For running the Scout2 when MFA-Protected API Access has configured, add the following parameters to your command:
--mfa_serial <ARN_MFA_SERIAL_NUMBER> --mfa_code <MFA CODE>

If we want to view the report, just open report.html in your browser.

Format of the CSV file that contains credentials:

Users get access to download access keys in CSV file from AWS. And the format of the CSV file that includes credentials is as follow:

User Name,Access Key Id,Secret Access Key (,MFA Serial)
f00b4r,YOUR_ACCESS_KEY_ID,YOUR_ACCESS_KEY_SECRET (,arn:aws:iam::YOUR_AWS_ACCOUNT:mfa/f00b4r)


Advanced documentation:

If you want command line options then run the command:

$ python Scout2.py --help

You can also go through the GitHub pages

License:
The license is under GPLv2. 

DOWNLOAD: Click Here

0 comments:

Post a Comment

 
Toggle Footer
Top