You are here
Home > IT > セキュリティ監査ツールScout Suiteを利用してクラウド環境をチェックしてみる。(AWS編)

セキュリティ監査ツールScout Suiteを利用してクラウド環境をチェックしてみる。(AWS編)

公式ページ

https://github.com/nccgroup/ScoutSuite

https://github.com/nccgroup/ScoutSuite

なにはともあれwiki

Home · nccgroup/ScoutSuite Wiki · GitHub

https://github.com/nccgroup/ScoutSuite/wiki

対応はAWS, Azure, GCP。コマンド引数でプラットフォームを指定。

Amazon Web Services  
$ python scout.py aws  
$ python scout.py aws --profile PROFILE (通常のawsコマンドと同じくprofile指定もできる模様)

Azure  
$ python scout.py azure --cli  

Google Cloud Platform  
$ python scout.py gcp --user-account

pythonで動く。対応バージョンは3.6~3.8

python -V
Python 3.8.7

pipも確かめる。そういえばpyenvで設定したんだった。

pip -V
pip 20.2.3 from /Users/xxxx/.pyenv/versions/3.8.7/lib/python3.8/site-packages/pip (python 3.8)

MacOSなのでオープンファイル数をあげておく(とりあえず現在セッションだけ)。.bash_profileなどに追加しておいたほうが楽。

ulimit -Sn 1000

インストール実行!

pip install scoutsuite

エラー! pipが古い。アップデートしろと。

      =============================DEBUG ASSISTANCE=============================
      If you are seeing a compilation error please try the following steps to
      successfully install cryptography:
      1) Upgrade to the latest pip and try again. This will fix errors for most
         users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
      2) Read https://cryptography.io/en/latest/installation.html for specific
         instructions for your platform.
      3) Check our frequently asked questions for more information:
         https://cryptography.io/en/latest/faq.html
      4) Ensure you have a recent Rust toolchain installed:
         https://cryptography.io/en/latest/installation.html#rust
      5) If you are experiencing issues with Rust for *this release only* you may
         set the environment variable `CRYPTOGRAPHY_DONT_BUILD_RUST=1`.
      =============================DEBUG ASSISTANCE=============================

  error: can't find Rust compiler

  If you are using an outdated pip version, it is possible a prebuilt wheel is available for this package but pip is not able to install from it. Installing from the wheel would avoid the need for a Rust compiler.

  To update pip, run:

      pip install --upgrade pip

  and then retry package installation.

  If you did intend to build this package from source, try installing a Rust compiler from your system package manager and ensure it is on the PATH during installation. Alternatively, rustup (available at https://rustup.rs) is the recommended way to download and update the Rust compiler toolchain.

  This package requires Rust >=1.41.0.
  ----------------------------------------
  ERROR: Failed building wheel for cryptography

アップデートしてから再度インストール。

pip install --upgrade pip
pip install scoutsuite

成功

scout --help
usage: scout [-h] [-v] {aws,gcp,azure,aliyun,oci} ...

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit

The provider you want to run scout against:
  {aws,gcp,azure,aliyun,oci}
    aws                 Run Scout against an Amazon Web Services account
    gcp                 Run Scout against a Google Cloud Platform account
    azure               Run Scout against a Microsoft Azure account
    aliyun              Run Scout against an Alibaba Cloud account
    oci                 Run Scout against an Oracle Cloud Infrastructure account

実行(pipでインストールしたから直接scout)

 scout aws --profile=audit
2021-04-02 17:39:28 mac.local scout[73986] INFO Launching Scout
2021-04-02 17:39:28 mac.local scout[73986] INFO Authenticating to cloud provider
2021-04-02 17:39:32 mac.local scout[73986] INFO Gathering data from APIs
2021-04-02 17:39:32 mac.local scout[73986] INFO Fetching resources for the ACM service
2021-04-02 17:39:33 mac.local scout[73986] INFO Fetching resources for the Lambda service
2021-04-02 17:39:34 mac.local scout[73986] INFO Fetching resources for the CloudFormation service
2021-04-02 17:39:34 mac.local scout[73986] INFO Fetching resources for the CloudTrail service
2021-04-02 17:39:35 mac.local scout[73986] INFO Fetching resources for the CloudWatch service
2021-04-02 17:39:36 mac.local scout[73986] INFO Fetching resources for the Config service
2021-04-02 17:39:37 mac.local scout[73986] INFO Fetching resources for the Direct Connect service
2021-04-02 17:39:37 mac.local scout[73986] INFO Fetching resources for the DynamoDB service
2021-04-02 17:39:38 mac.local scout[73986] INFO Fetching resources for the EC2 service
2021-04-02 17:39:39 mac.local scout[73986] INFO Fetching resources for the EFS service
2021-04-02 17:39:40 mac.local scout[73986] INFO Fetching resources for the ElastiCache service
2021-04-02 17:39:41 mac.local scout[73986] INFO Fetching resources for the ELB service
2021-04-02 17:39:41 mac.local scout[73986] INFO Fetching resources for the ELBv2 service
2021-04-02 17:39:42 mac.local scout[73986] INFO Fetching resources for the EMR service
2021-04-02 17:39:43 mac.local scout[73986] INFO Fetching resources for the IAM service
2021-04-02 17:39:43 mac.local scout[73986] INFO Fetching resources for the KMS service
2021-04-02 17:39:44 mac.local scout[73986] INFO Fetching resources for the RDS service
2021-04-02 17:39:45 mac.local scout[73986] INFO Fetching resources for the RedShift service
2021-04-02 17:39:45 mac.local scout[73986] INFO Fetching resources for the Route53 service
2021-04-02 17:39:46 mac.local scout[73986] INFO Fetching resources for the S3 service
2021-04-02 17:39:48 mac.local scout[73986] INFO Fetching resources for the SES service
2021-04-02 17:39:49 mac.local scout[73986] INFO Fetching resources for the SNS service
2021-04-02 17:39:49 mac.local scout[73986] INFO Fetching resources for the SQS service
2021-04-02 17:39:50 mac.local scout[73986] INFO Fetching resources for the VPC service
2021-04-02 17:39:51 mac.local scout[73986] INFO Fetching resources for the Secrets Manager service
2021-04-02 17:41:25 mac.local scout[73986] INFO Running pre-processing engine
2021-04-02 17:41:25 mac.local scout[73986] INFO Running rule engine
2021-04-02 17:41:28 mac.local scout[73986] INFO Applying display filters
2021-04-02 17:41:28 mac.local scout[73986] INFO Running post-processing engine
2021-04-02 17:41:28 mac.local scout[73986] INFO Saving data to scoutsuite-report/scoutsuite-results/scoutsuite_results_aws-audit.js
2021-04-02 17:41:28 mac.local scout[73986] INFO Saving data to scoutsuite-report/scoutsuite-results/scoutsuite_exceptions_aws-audit.js
2021-04-02 17:41:29 mac.local scout[73986] INFO Creating scoutsuite-report/aws-audit.html
2021-04-02 17:41:29 mac.local scout[73986] INFO Opening the HTML report

結果。詳細を見るとちゃんと理由が書かれていてすばらしい。

Top