ScoutSuite: A Security Audit Tool for Azure

#azure #audit #cloudsecurity #opensource

Introduction

Scout Suite is an open source security audit tool for cloud cluster environment, mainly for the security status of cloud environment. By using the API exposed by the cloud service provider, Scout Suite can collect configuration data from high security risk areas for manual audit by researchers. It is worth mentioning that Scout Suite can automatically present a clear and detailed attack surface overview to researchers after completing a security audit, without the need for researchers to browse the complicated Web console information.

Steps

Install Python
Install Azure CLI
Clone the ScoutSuite github repository ```

$ git clone https://github.com/nccgroup/ScoutSuite
$ cd ScoutSuite
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python scout.py --help

4.Running ```pip

 install azure-cli

``` command in Power Shell
5.Running ```az

 login

``` command and the system prompt to authenticate your Azure Subscription
6.Navigate to the ScoutSuite folder ```cd

 .\ScoutSuite

7.Running ```python

scout.py azure --cli

8.The Report will generated in the web page.
![Alt Text](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2m28clsfsfu6rjg2rf6w.png)
![Alt Text](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/chjphxk1essvletbhisx.png)

# Reference:
https://github.com/nccgroup/ScoutSuite