Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.
Note: Scout2 is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve, the tool. Feel free to report a bug with details, request a new feature, or send a pull request
Changelog Scout2 v2.0.0rc7:
* use opinel v1.0.2 which fixes reading role credentials on EC2 instance.
* A few new rules, tweak older rules, and more filters-related code.
* Make sure non zero is returned upon failure of opinel import.
* bug fixes
+ Python version: 2.7, 3.3, 3.4, 3.5
+ AWS Credentials
To run Scout2, you will need valid AWS credentials (Access Key). The role, or user account, associated with this Access Key requires read-only access for all resources in a number of services, including but not limited to CloudTrail, EC2, IAM, RDS, Redshift, and S3.
+ Compliant with AWS’ Acceptable Use Policy
Use of Scout2 does not require AWS users to complete and submit the AWS Vulnerability / Penetration Testing Request Form. Scout2 only performs AWS API calls to fetch configuration data and identify security gaps, which is not considered security scanning as it does not impact AWS’ network and applications.
+ All Operating System Support.
Use and Download:
git clone https://github.com/nccgroup/Scout2 && cd Scout2
pip install -r requirements.txt
python setup.py install
python Scout2.py --help
python Scout2.py --update